6

Is there any way to configure postfix to skip spam/antivirus checks for those smtp connections that are SMTP-AUTH'ed? I would like to keep all the standard checks for external smtp traffic, but for my local users sending emails I would like to skip the antispam/antivirus checks.

My configuration has Postfix + Amavisd + SpamAssassin + clamav in pretty much standard configuration.

Thanks in advance. MR

3 Answers3

1

In the main.cf, set

smtpd_data_restrictions = reject_unauth_pipelining,permit_sasl_authenticated,check_sender_access pcre:/etc/postfix/content_filter.pcre

Do not set content_filter= in main.cf!

/etc/postfix/content_filter.pcre should be something like:

/^/ FILTER smtp-amavis:[127.0.0.1]:10024

Do not forget to run

postmap /etc/postfix/content_filter.pcre

master.cf should be something like:

127.0.0.1:10025 inet n  -   n -   -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_data_restrictions=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
smtp-amavis unix -      -       n       -       16       lmtp
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_vforward_command=yes
    -o disable_dns_lookups=yes

Hope this helps. See http://www.postfix.org/postconf.5.html for further info.

Balázs Pozsár
  • 2,085
  • 1
  • 14
  • 16
0

In your main.cf file, assuming you have your spam filters in a smtpd_recipient_restrictions (or smtpd_data_restrictions/smtpd_something_restrictions), add permit_sasl_authenticated before anything else. This will accept authenticated users as early as possible in the process, without running any further checks. There is probably a way to have your spam/virus scanning to be included in the smtpd_*_restrictions lines using something like a check_policy_service entry, which will check against services defined in master.cf. I currently use this to run an external spf test against all mail, but I expect it will work for other checks.

Mark
  • 2,846
  • 19
  • 13
0

pcre files should not be postmap'ed.

Using content_filter in smtp port 25 only will disable it for smtp auth users, if port 25 is not used with sasl auth.

It's not very hard to configure.

Diamond
  • 8,791
  • 3
  • 22
  • 37
Benny Pedersen
  • 1
  • 1