Discussion:
How to specify different policies for different unix sockets?
(too old to reply)
Mark.Martinec+ (Mark Martinec)
2016-04-25 16:06:19 UTC
Permalink
Hamy,
Hi, i would like to use unix socket instead of inet in amavisd for
postfix to
communicate with it and then secure it by setting appropriate
permissions.
However, i dot not want to disable the default AM.PDP-SOCK policy which
is
required for amavisd-release and maybe other scripts(and
amavisd-milter) to work.
also i might need to have multiple smtp unix sockets in future with
different
set of policy banks applied to them. How can one do so? it's easily
possibly
to do that with inet ports, but what about unix sockets?
[...]
amavisd-new-2.7.0 release notes, July 1, 2011 :

- a policy bank may now be loaded based on a path name of a Unix socket
receiving a connection.

Example use:

@listen_sockets = (
"$helpers_home/amavisd.sock1",
"$helpers_home/amavisd.sock2",
"$helpers_home/amavisd.sock3",
);

$interface_policy{"$helpers_home/amavisd.sock1"} = 'UX-S1';
$interface_policy{"$helpers_home/amavisd.sock2"} = 'UX-S2';
$interface_policy{"$helpers_home/amavisd.sock3"} = 'UX-S3';

$policy_bank{'UX-S1'} = { ... };
$policy_bank{'UX-S2'} = { ... };
$policy_bank{'UX-S3'} = { ... };


amavisd-new-2.8.0 release notes:

- load all (both) applicable policy banks when %interface_policy contain
both a "SOCK" entry and a Unix socket path name; and similarly when it
contains both the "IPaddress:port" and a "port" entries. Previously
the "SOCK" policy bank was not loaded when a socket path name entry
existed in %interface_policy, and similarly a port-only -based policy
bank was not loaded when a more specific "IPaddress:port" entry
existed;



Mark
Hamy
2016-04-26 04:23:36 UTC
Permalink
Oh, i have missed that some how. time to to upgrade :)
Thank you for the help.
Best Regards,


On Monday, 25 April 2016, 20:36, Mark Martinec <Mark.Martinec+***@ijs.si> wrote:


Hamy,
Hi, i would like to use unix socket instead of inet in amavisd for
postfix to
communicate with it and then secure it by setting appropriate
permissions.
However, i dot not want to disable the default AM.PDP-SOCK policy which
is
required for amavisd-release and maybe other scripts(and
amavisd-milter) to work.
also i might need to have multiple smtp unix sockets in future with
different
set of policy banks applied to them. How can one do so? it's easily
possibly
to do that with inet ports, but what about unix sockets?
[...]
amavisd-new-2.7.0 release notes, July 1, 2011 :

- a policy bank may now be loaded based on a path name of a Unix socket
  receiving a connection.

  Example use:

    @listen_sockets = (
      "$helpers_home/amavisd.sock1",
      "$helpers_home/amavisd.sock2",
      "$helpers_home/amavisd.sock3",
    );

    $interface_policy{"$helpers_home/amavisd.sock1"} = 'UX-S1';
    $interface_policy{"$helpers_home/amavisd.sock2"} = 'UX-S2';
    $interface_policy{"$helpers_home/amavisd.sock3"} = 'UX-S3';

    $policy_bank{'UX-S1'} = { ... };
    $policy_bank{'UX-S2'} = { ... };
    $policy_bank{'UX-S3'} = { ... };


amavisd-new-2.8.0 release notes:

- load all (both) applicable policy banks when %interface_policy contain
  both a "SOCK" entry and a Unix socket path name; and similarly when it
  contains both the "IPaddress:port" and a "port" entries. Previously
  the "SOCK" policy bank was not loaded when a socket path name entry
  existed in %interface_policy, and similarly a port-only -based policy
  bank was not loaded when a more specific "IPaddress:port" entry
existed;



Mark

Loading...