While testing out mail2, I noticed that all the mails generated locally by NS were being scanned twice. It appears they are scanned as part of the SMTP inbound process and then again, by p3scan when I pull them from my server to my local Thunderbird client.
Looking at the manual, it says (my highlighting):
The POP3 proxy intercepts connection to external servers
So I started looking at what was necessary to make p3scan work as documented, because I can’t think of a reason when pulling mails from NS that a second rspamd pass is necessary.
It turns out it was a simple as updating one option in the relevant ShoreWall rules file (90p3scan):
$OUT .="REDIRECT loc 8110 tcp 110 - -\n";
$OUT.="REDIRECT loc 8110 tcp 995 - -\n";
$OUT .="REDIRECT loc 8110 tcp 110 - !192.168.0.254\n";
$OUT.="REDIRECT loc 8110 tcp 995 - !192.168.0.254\n";
This really needs a dynamic way to specify NS’s IP. I tried “!$FW”, but ShoreWall didn’t like that. So suggestions welcomed about how to make it dynamic.