R: R: R: R: R: Message quarantined as SPAM
Scappatura Rocco
Rocco.Scappatura at infracom.it
Thu Jun 29 15:31:58 CEST 2017
Hello.
Is it correct what I stated in my email? Could someone take a look below and give me an answer to each of my question?
Regards,
RS
> -----Messaggio originale-----
> Da: amavis-users [mailto:amavis-users-
> bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di Scappatura
> Rocco
> Inviato: mercoledì 28 giugno 2017 09:34
> A: 'amavis-users at amavis.org' <amavis-users at amavis.org>
> Oggetto: R: R: R: R: R: Message quarantined as SPAM
>
> Hello.
>
> I easily constructed files:
>
> /etc/postfix/relay_domains
> /etc/postfix/mynetworks.cidr
>
> Then I set:
>
> @local_domains_acl = (
> ".$mydomain" ,
> read_hash('/etc/postfix/relay_domains')
> );
>
> @local_domains_maps = @local_domains_acl;
>
> In amavis log now I see a different tag ({RelayedInbound}):
>
> Jun 28 09:24:05 av8 amavis[21699]: (21699-15) Passed CLEAN
> {RelayedInbound}, [xxx.yyy.zzz.uuu]:40882 [xxx.yyy.zzz.uuu]
> <aaa at example.com> -> <bbb at example.org>, Queue-ID: 0C98ED61C4,
> Message-ID: <8386362.10890651498634643768.JavaMail.www-data at v080>,
> mail_id: 0g9XxEmqcNPj, Hits: 2.2, size: 9179, queued_as: 7DAA4D61CA, 453
> ms
>
> Even in case neither example.com nor example.org are local domain.
>
> What change made really implied?
>
> For @mynetworks instead, I did not still set:
>
> @mynetworks = @{ read_cidr('/etc/postfix/mynetworks.cidr') };
>
> Because at the moment I have:
>
> @mynetworks = qw( 127.0.0.0/8);
>
> and:
>
> $policy_bank{'MYNETS'} = { # clients in @mynetworks
> bypass_spam_checks_maps => [1], # don't spam-check internal mail
> bypass_banned_checks_maps => [1], # don't banned-check internal mail
> bypass_header_checks_maps => [1], # don't header-check internal mail };
>
> So I fear that the change that you suggested me, avoid the SPAM scan for
> ALL mail departing from my real networks..
>
> Is my fear justified?
>
> Regards,
>
> RS
>
>
> > -----Messaggio originale-----
> > Da: amavis-users [mailto:amavis-users-
> > bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di Patrick
> > bounces+Ben
> > Koetter
> > Inviato: martedì 27 giugno 2017 15:37
> > A: amavis-users at amavis.org
> > Oggetto: Re: R: R: R: R: Message quarantined as SPAM
> >
> > * Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> > > Hello.
> > >
> > > Maybe is the line:
> > >
> > > 50-user:$spam_quarantine_to = 'spam-quarantine';
> > >
> > > that has enabled quarantine..
> >
> > Quite likely this line enables quarantine. In case you want to disable it:
> >
> > $spam_quarantine_to = undef;
> >
> >
> > > Moreover, I have the list of 'mynetworks' defined in a mysql DB used
> > > by
> > postfix, through the following query:
> > >
> > > select action from access where inet_aton(ip) & inet_aton(mask) =
> > > inet_aton('%s') & inet_aton(mask) order by mask DESC limit 0,1;
> > >
> > > Similarly, I have the list of local domain defined in a mysql DB
> > > used by
> > postfix, through the following query:
> > >
> > > select domain from domain where domain='%s' and active='1';
> > >
> > > How can I safely import these lists into amavis?
> >
> > If they change frequently, add a trigger to MySQL that dumps the
> > results to tables. If they change only once in a while, create a script that
> does the same.
> >
> > Then import the lists into amavis, using the read_* methods. For example:
> >
> > @local_domains_maps = (
> > ".$mydomain",
> > read_hash('/etc/postfix/relay_domains')
> > );
> >
> > Or for networks:
> >
> > @mynetworks = @{ read_cidr('/etc/postfix/mynetworks.cidr') };
> >
> > See the RELEASE-NOTES for more information.
> >
> > p at rick
> >
> >
> >
> >
> >
> > >
> > > Regards,
> > >
> > > RS
> > >
> > >
> > >
> > > > -----Messaggio originale-----
> > > > Da: amavis-users [mailto:amavis-users-
> > > > bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di
> > > > bounces+Patrick Ben
> > > > Koetter
> > > > Inviato: martedì 27 giugno 2017 15:16
> > > > A: amavis-users at amavis.org
> > > > Oggetto: Re: R: R: R: Message quarantined as SPAM
> > > >
> > > > * Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> > > > > Hello.
> > > > >
> > > > > Here, all what you ask for:
> > > > >
> > > > > 1) @bypass_spam_checks_maps:
> > > > >
> > > > > 15-content_filter_mode:@bypass_spam_checks_maps = (
> > > > > \%bypass_spam_checks, \@bypass_spam_checks_acl,
> > > > > \$bypass_spam_checks_re);
> > > > >
> > > > > @spam_tag_level_maps =
> > > > > ({
> > > > > # 'yyy at example.org' => 1.5,
> > > > > '.' => 5.0,
> > > > > });
> > > > >
> > > > > @spam_tag2_level_maps =
> > > > > ({
> > > > > # ' yyy at example.org ' => 2.0,
> > > > > '.' => 6.31,
> > > > > });
> > > > >
> > > > > @spam_kill_level_maps =
> > > > > ({
> > > > > # ' yyy at example.org ' => 2.0,
> > > > > '.' => 6.31,
> > > > > });
> > > > >
> > > > > 2) $final_spam_destiny:
> > > > >
> > > > > 20-debian_defaults:$final_spam_destiny = D_DISCARD;
> > > > > 50-user:$final_spam_destiny = D_DISCARD;
> > > > >
> > > > > 3) $spam_quarantine_method:
> > > > >
> > > > > 50-user:#$spam_quarantine_method = 'sql:';
> > > >
> > > >
> > > > You have disabled quarantine in 50-user, but it is enabled
> > > > somethere else. It delivers messages to a file based quarantine,
> > > > as your original LOG
> > shows:
> > > >
> > > > Jun 22 11:45:48 av8 amavis[22610]: (22610-11) Blocked SPAM
> > > > {DiscardedOpenRelay,Quarantined}, [xxx.yyy.zzz.uuu]:50412
> > > > [xxx.yyy.zzz.uuu] <aaa at example.com> -> <bbb at mydomain>,
> > quarantine:
> > > > z/spam-zRJd9Wo5250M.gz, Queue-ID: 8647AD5DBA, Message-ID:
> > > > <776AB7C587CC457C95FF35582FC9F0E1 at AutoRPZ.local>, mail_id:
> > > > zRJd9Wo5250M, Hits: 6.793, size: 77514, 364 ms
> > > >
> > > > The message has been save to $QUARANTINE/z/spam-
> > zRJd9Wo5250M.gz.
> > > >
> > > >
> > > > In order to find out why the message has a different score you
> > > > need to set @local_domains_maps correctly, or amavis will not add
> > > > the header to the message.
> > > >
> > > > Add these to 50-user, once you have setup @local_domains_maps, and
> > > > amavis will document the rules SA used and how they scored:
> > > >
> > > > $allowed_added_header_fields{lc('X-Spam-Status')} = 1;
> > > > $allowed_added_header_fields{lc('X-Spam-Report')} = 1;
> > > >
> > > > p at rick
> > > >
> > > >
> > > >
> > > >
> > > > >
> > > > > 4) $sa_local_tests_only:
> > > > >
> > > > > 20-debian_defaults:$sa_local_tests_only = 0; # only tests which do
> > not
> > > > require internet access?
> > > > > 50-user:$sa_local_tests_only = 1; # only tests which do not require
> > > > internet access?
> > > > >
> > > > > 5) $sa_tag_level_deflt:
> > > > > 20-debian_defaults:$sa_tag_level_deflt = 2.0; # add spam info
> > > > > headers if at, or above that level
> > > > >
> > > > > 6) $sa_tag2_level_deflt:
> > > > > 20-debian_defaults:$sa_tag2_level_deflt = 6.31;
> > > > >
> > > > > @spam_tag2_level_maps = ({
> > > > > },
> > > > > \$sa_tag2_level_deflt,
> > > > > );
> > > > >
> > > > > 7) $sa_dsn_cutoff_level:
> > > > > 20-debian_defaults:$sa_dsn_cutoff_level = 10; # spam level beyond
> > > > which a DSN is not sent
> > > > >
> > > > > 8) $sa_crediblefrom_dsn_cutoff_level:
> > > > >
> > > > > NOT DEFINED
> > > > >
> > > > > Moreover I have set:
> > > > >
> > > > > @spam_lovers_maps = ({
> > > > > '.example.net' => 1, # this domain and it's subdomains
> > > > > });
> > > > >
> > > > > @spam_kill_level_maps = ({
> > > > > '.example.net' => 9999,
> > > > > },
> > > > > \$sa_kill_level_deflt,
> > > > > );
> > > > >
> > > > > Regards,
> > > > >
> > > > > RS
> > > > >
> > > > > > -----Messaggio originale-----
> > > > > > Da: amavis-users [mailto:amavis-users-
> > > > > > bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di
> > > > > > bounces+Patrick Ben
> > > > > > Koetter
> > > > > > Inviato: martedì 27 giugno 2017 14:01
> > > > > > A: amavis-users at amavis.org
> > > > > > Oggetto: Re: R: R: Message quarantined as SPAM
> > > > > >
> > > > > > * Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> > > > > > > Thank you Patrick.
> > > > > > >
> > > > > > > What configuration you need, in particular?
> > > > > >
> > > > > > Lets start with this and LOG that shows the incident you need
> > > > > > to
> > > > research:
> > > > > >
> > > > > > @bypass_spam_checks_maps
> > > > > > $final_spam_destiny
> > > > > > $spam_quarantine_method
> > > > > > $sa_local_tests_only
> > > > > > $sa_tag_level_deflt
> > > > > > $sa_tag2_level_deflt
> > > > > > $sa_dsn_cutoff_level
> > > > > > $sa_crediblefrom_dsn_cutoff_level
> > > > > >
> > > > > > p at rick
> > > > > >
> > > > > >
> > > > > > --
> > > > > > [*] sys4 AG
> > > > > >
> > > > > > https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße
> > > > > > 26/MG,80333 München
> > > > > >
> > > > > > Sitz der Gesellschaft: München, Amtsgericht München: HRB
> > > > > > 199263
> > > > > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang
> > > > > > Stief
> > > > > > Aufsichtsratsvorsitzender: Florian Kirstein
> > > > > >
> > > >
> > > > --
> > > > [*] sys4 AG
> > > >
> > > > https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße
> > > > 26/MG,80333 München
> > > >
> > > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> > > > Aufsichtsratsvorsitzender: Florian Kirstein
> > > >
> >
> > --
> > [*] sys4 AG
> >
> > https://sys4.de, +49 (89) 30 90 46 64
> > Schleißheimer Straße 26/MG,80333 München
> >
> > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> > Aufsichtsratsvorsitzender: Florian Kirstein
> >
More information about the amavis-users
mailing list