It's better to list all hosted mail domains in local_domains_maps, so that Amavisd will insert mail headers for them if necessary.

Sorry, iRedAdmin-Pro won't modify files on file system. That's why new domain name was not inserted.

Yes.

Yes.

Yes. But unfortunately, i forget how to achieve this. sorry.
It's mentioned in this forum, you can try searching with Google. Or search Amavisd-new mailing list.

Oops, then it's my mistake. Sorry about my misunderstood.

"hit 8.292" means Amavisd invokes SpamAssassin for content-based spam scanning. Just not insert mail headers.

Looks like we have to:

- Create a cron job to dump all hosted mail domain names in a plain text file. e.g. /etc/postfix/all_hosted_mail_domains. Correct format is one mail domain name per line. For example:

domain1.com
domain2.com
...

- Modify amavisd.conf to read all local domains from /etc/postfix/all_hosted_mail_domains:

@local_domains_maps=read_hash("/etc/postfix/all_hosted_mail_domains");

It should be fine.

Using . at @local_domains_maps does not work if you filter all spam sent from local domains. This is because Amavisd will not be able to distinguish local and remote domains from each other, and will consider everything to be local.

Edit: The following seems to help:

#@local_domains_maps = ( [".$mydomain","mail.mydomain.de"] );  # list of all local domains
$sql_select_policy = 'SELECT "Y" AS local FROM domain WHERE CONCAT("@", domain) IN (%k)';

@lookup_sql_dsn = ( ['DBI:mysql:database=vmail;host=127.0.0.1;port=3306', 'vmail', 'your password comes here'] );

Source: http://spamassassin13.rssing.com/chan-1 … ll_p1.html

The new default setting for iRedMail amavisd is

@local_domains_maps = 1

This seems to be a short circuit in Amavisd.   Everything is forced local.

This generates a huge amount of administrative mail when inbound spam is detected for domains where transport is set to smtp:[xx.xx.xx.xx]:25

Mail logs are showing disinformation with all traffic identified as {RelayedInternal}, MYUSERS LOCAL

Jun  2 07:15:56 mail1 amavis[26701]: (26701-12) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL [209.85.192.180]:48958 [121.206.104.147] <hisaddress@iredmail.org> -> <myaddress@mydomain.net>, Queue-ID: ABE40C7, Message-ID: <AB1E39B2-082F-4CA7-BF64-6355C44F677D@iredmail.org>, mail_id: wx_oAhNaCChH, Hits: -5.23, size: 3721, queued_as: 985612E4F, dkim_sd=dkim:iredmail.org, 10714 ms

I wonder if this is why iRedAdminPro shows remote users in the dashboard top senders list.  I'm more interested in knowing who the actual top users are that are generating outbound mail than to see how much inbound traffic we get from Facebook or Twitter. 

At any rate, a more elegant solution for local_domains_maps is needed.

I was able to accomplish what I need by setting

@local_domains_maps = ();

   Since I don't have any domains that I process outbound mail for without corresponding users in LDAP, I don't need to explicitly list any domains.   Since I don't have any users listed in LDAP that aren't considered local users (at least in that branch of my LDAP directory) I don't have to worry about exceptions and setting amavisLocal on users.

I had just assumed that all domains had to be listed for this to work.   I was wrong and suspect others have made the same assumption.

LDAP implicitly prepends the lookup for a user to local_domains_maps.  Hence my list is empty and I just deal with each user case by case as they send mail.   LDAP does this lookup anyway so there is no additional overhead associated with this approach.

So far as the outcome of this change?

Inbound mail is no longer flagged MYUSERS.  Outbound mail is properly marked.

This handles a constantly changing list of 50+ domains without having to mess with stable config files.  I'm also able to use the MYUSERS policy bank as intended - just on locally generated outbound mail.

So far as the logs go, I like them to reflect reality.   I often exchange log information with other sysadmins when having to troubleshoot mail pathing issues.  If my logs are wonky the finger is automatically pointed my direction and I waste time having to explain anomalies.

I'm still checking total server behavior, but it seems this fix does what I need.   I do want to scan outbound mail for spam so need to confirm that is enabled and working.   Locally originating messages are now flagged correctly outbound. 

Passed CLEAN {RelayedOutbound}, MYUSERS

Spam filtering on relayed mail no longer shows as MYUSERS.  Currently appearing in logs as

Bocked SPAM {DiscardedOutbound}

Normal inbound mail is being scanned and logged as

Passed CLEAN {RelayedInternal}