Antw: Re: amavis-dkim: How to discard mail with no or invalid signature

Matthias Weigel matthias.weigel at maweos.de
Thu Jan 14 17:16:36 CET 2016 

Hello Gerhard,

try this in user_prefs (or your local.cf):

internal_networks = ... (your internal Mailsystems IPs here)
trusted_networks = ... (your internal Mailsystems IPs here)

then you can use ALL_TRUSTED in the rules. E.g. like this:

meta     MY_FROM_WITHOUT_DKIM   MY_FROM && !DKIM_VALID && !ALL_TRUSTED



For quarantine management there are multiple possible solutions:
- mark only and forward to the user. User creates his own quarantine
rule in his mailer.
- send everything to a different quarantine mail system.
- create your own cron scripts to send summary quarantine reports to users.
- amavisd-release
- Frontends like Maia Mailguard or others.



To discard the original mail use this in amavisd.conf :
    $final_virus_destiny      = D_DISCARD;
    $final_banned_destiny     = D_DISCARD;
    $final_spam_destiny       = D_DISCARD;
    $final_bad_header_destiny = D_DISCARD;


Best Regards

Matthias


Am 14.01.2016 um 16:25 schrieb Gerhard Rappenecker:
> Hello Matthias,
> 
> that works! Thanks a lot!
> 
> In my  SuSE Linux I put the rules MY_FROM and  MY_FROM_WITHOUT_DKIM in /etc/mail/spamassassin/local.cf:
> 
> To avoid to check the originating mails which don't have a DKIM Signature at this point I bypass spam check in amavisd.conf with:
> $policy_bank{'MYNETS'} = {
>   ...
>   bypass_spam_checks_maps => [1]
> };
> $policy_bank{'ORIGINATING'} = {
>   ...
>   bypass_spam_checks_maps => [1]
> };
> I think this could be done better.
> Is it possible to bypass DKIM-checking for originating mails in spamassassin instead of bypassing the spam check at all for such mails?
> 
> Now amavis-new quaratine positive mails to /var/spool/amavis/virusmails and also delivers them.
> How can I manage to discard them instead or to do somthing else? (I'm a beginner with amavis ;)
> 
> Is there any notification-/cleaning-tool in amavis to manage the quaratine files?
> 
> Best regards
> Gerhard
> 
> 
>>>> Matthias Weigel <matthias.weigel at maweos.de> schrieb am Mittwoch, 13. Januar
> 2016 um 18:47 in Nachricht <56968DA6.2050203 at maweos.de>:
>> Hello Gerhard,
>>
>> you could try a custom spamassassin rule.
>>
>> These rules go into ~amavis/.spamassassin/user_prefs
>>
>> There are already some SPF/DKIM rules in spamassassin. See file
>> 25_spf.cf or 25_dkim.cf of spamassassin.
>>
>> # Then you create a rule to identify your domain:
>> header      MY_FROM          From =~ /example.com/i
>> describe    MY_FROM   Sender is from example.com
>>
>> # Now you create a rule to combine them:
>> meta     MY_FROM_WITHOUT_SPF    MY_FROM && (SPF_NONE || SPF_FAIL)
>> describe MY_FROM_WITHOUT_SPF  Sender is from my domain, but has no SPF
>> score    MY_FROM_WITHOUT_SPF  9
>>
>> # or:
>> meta     MY_FROM_WITHOUT_DKIM   MY_FROM && !DKIM_VALID
>> describe MY_FROM_WITHOUT_DKIM  Sender is from my domain, but has no DKIM
>> score    MY_FROM_WITHOUT_DKIM  9
>>
>> The high score tells amavis to quarantine such mails.
>>
>> Please check, if the above criteria are really useful for you. Have a
>> look in /usr/share/spamassassin/ . Maybe some other criteria is more
>> apropriate?
>>
>> Test before using this in production. See "debug-sa" parameter to amavis.
>>
>> Best Regards
>>
>> Matthias
>>
>>
>>
>> Am 13.01.2016 um 17:19 schrieb Gerhard Rappenecker:
>>> Hello all,
>>>
>>> thanks a lot for all answers.
>>>
>>> It seems I have to use SPF or DMARC to get what I want. Unfortunately these 
>> components are not integrated in the SuSE Linux software distribution. I'd 
>> like to use only the onboard resources postfix, amavis-new with DCIM, 
>> spamassassin because of automatic updating.
>>>
>>> Is there actually no way in amavis (or spamassassin) to reject/quaratine 
>> mails from a specific sender with no or an invalid DKIM signatur?
>>> Is there any way to reject those mails in postfix after amavis DKIM 
>> verifying?
>>>
>>> I've allready tried to check the headers in postfix for DKIMs 
>> "Authentication-Results", but "header_checks" take place before the DKIM 
>> verification and "smtp_header_checks" do not allow to cutoff the mail 
>> delivery.
>>>
>>> Hope anyone can help me
>>>
>>> best regards
>>> Gerhard
>>>
>>>
>>>>>> Maurizio Marini <maumar at datalogica.com> schrieb am Mittwoch, 13. Januar 2016 
>> um
>>> 12:27 in Nachricht <20160113122726.221e5099.maumar at datalogica.com>:
>>>> On Wed, 13 Jan 2016 12:01:52 +0100
>>>> "Gerhard Rappenecker" <G.Rappenecker at hs-offenburg.de> wrote:
>>>>
>>>>> My intention is, to reject mail from outside with a faked sender adress
>>>>> of our own domain. In the past we were attacked by such mails to our
>>>>> mailinglists.
>>>> Hello Gerhard
>>>> I use spf with -all instead of ~all to do exactly what you want.
>>>> I do not received anymore spam with my domain in from address
>>>> I mean: @datalogica.com
>>>> -m
>>>
>>>
>>>
> 
> 
>

More information about the amavis-users mailing list