[Maia-users] How to disable outgoing scans? ... pleaseiappreciatereally much help
Robert LeBlanc
rjl at renaissoft.com
Thu Sep 21 00:32:56 PDT 2006
Gary V wrote:
> There is an issue with bypassing amavisd-new (using any method in the
> document I'm working on) which is most notable in a system like Maia where
> every user has their own settings.
>
> http://www200.pair.com/mecham/spam/bypassing.html
>
> Bypassing violates the recipients settings. You have the ability to send
> malware to recipients that do not desire it.
Well yes, if you bypass amavisd-maia entirely (by applying some sort of
bypass logic at the upstream Postfix level), then certainly you're
ignoring the individual users' preferences, since those are only
consulted at the amavisd-maia stage. An upstream bypass is /not/ the
recommended way to disable scanning of outbound mail.
> You should be able to bypass outgoing check by selecting "yes" to:
> Should the System Default user (@.) only catch mail for local recipients?
>
> But this is in fact broken. If mail is addressed to a non-local domain, the
> default @. domain's setting are used.
The "Should the System Default user (@.) only catch mail for local
recipients?" is a poorly-named setting, I admit. It's hard to describe
what it does in a handful of words, so it tends to confuse people.
You're correct about the fact that outbound mail is assigned to the "@."
account regardless of the state of this setting. What the setting
determines, mainly, is whether the "@." account should be treated as
"local", i.e. able to quarantine/cache outbound mail--things that are
ordinarily only done for "local" recipients. Normally Maia won't
quarantine/cache mail for non-local recipients, but with this setting
you can tell Maia to do so.
To make this work properly, though, you first need to tell Maia about
all of the domains you want it to process mail for (by going to the
Admin->Domains page and adding them there). Once this is done, the only
mail that should ever fall through to the "@." domain should be your
outbound mail. You can then configure the settings for the "@." account
to do whatever you like with outbound mail (e.g. disable filtering, etc.).
> The workaround would be to set up the @. domain to pass all mail.
I wouldn't call this a "workaround"; it's the intended solution :)
Outbound mail gets assigned to the "@." account, so if you don't want
outbound mail to be filtered, you need to turn off filtering for the
"@." account.
--
Robert LeBlanc <rjl at renaissoft.com>
Renaissoft, Inc.
Maia Mailguard <http://www.maiamailguard.com/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://www.renaissoft.com/pipermail/maia-users/attachments/20060921/a81205bd/attachment.bin
More information about the Maia-users
mailing list