Is it possible to set $clean_quarantine_* in policy_bank?

Mark Martinec Mark.Martinec+amavis at ijs.si
Tue Mar 20 18:23:50 CET 2012 

Zhang Huangbin,

> So sorry about bothering you again. I'm afraid that your suggestion doesn't
> work as expected.
> Amavisd (v2.7.0) setting:
> $policy_bank{'MYUSERS'} = {
>     clean_quarantine_method => 'sql:',
>     clean_quarantine_to => 'spam-quarantine',
>     final_clean_destiny => D_DISCARD,
> };
>
> (!)loading policy bank "MYUSERS": unknown field "clean_quarantine_to"
> loading policy bank "MYUSERS": unknown field "final_clean_destiny" …

Sorry for not testing my suggestion.

The:
  clean_quarantine_method => 'sql:',
is fine.

The $clean_quarantine_to is not a dynamic setting though
(it got incorporated into @clean_quarantine_to_maps), but the
@clean_quarantine_to_maps is, so you can have in a policy bank:

  clean_quarantine_to_maps => [ 'spam-quarantine' ],

Although this is probably unnecessary, as the default for
$clean_quarantine_to is the same as for $spam_quarantine_to:

  $clean_quarantine_to = 'clean-quarantine';
  $spam_quarantine_to = 'spam-quarantine';

  @clean_quarantine_to_maps = (\$clean_quarantine_to);
  @spam_quarantine_to_maps = (\$spam_quarantine_to);

  %quarantine_to_maps_by_ccat = (
    CC_VIRUS,       sub { ca('virus_quarantine_to_maps') },
    CC_BANNED,      sub { ca('banned_quarantine_to_maps') },
    CC_UNCHECKED,   sub { ca('unchecked_quarantine_to_maps') },
    CC_SPAM,        sub { ca('spam_quarantine_to_maps') },
    CC_BADH,        sub { ca('bad_header_quarantine_to_maps') },
    CC_CLEAN,       sub { ca('clean_quarantine_to_maps') },
  );

  %local_delivery_aliases = (
    'virus-quarantine'      => sub { ($QUARANTINEDIR, undef) },
    'banned-quarantine'     => sub { ($QUARANTINEDIR, undef) },
    'unchecked-quarantine'  => sub { ($QUARANTINEDIR, undef) },
    'spam-quarantine'       => sub { ($QUARANTINEDIR, undef) },
    'bad-header-quarantine' => sub { ($QUARANTINEDIR, undef) },
    'clean-quarantine'      => sub { ($QUARANTINEDIR, undef) },
    'other-quarantine'      => sub { ($QUARANTINEDIR, undef) },
    'archive-quarantine'    => sub { ($QUARANTINEDIR, undef) },
  );


> > Another question is, how to discard clean email? Just like
> > 'final_spam_destiny = D_DISCARD'.

The the $final_clean_destiny is similarly not a dynamic variable,
unlike its siblings $final_virus_destiny, $final_banned_destiny, 
$final_unchecked_destiny, $final_spam_destiny, $final_bad_header_destiny.

Luckily their cover setting %final_destiny_by_ccat *is* a dynamic
setting, so you can have in a policy bank:

  final_destiny_by_ccat => {CC_CLEAN, D_DISCARD},

or even discard regardless of a content type:

  final_destiny_by_ccat => { REPLACE => 1,
                             CC_CATCHALL, D_DISCARD },


( in case one is wondering about the funny syntax, the '=>'
  perl operator implicitly quotes its lefthand operand if it
  looks like a string (unlike a comma), so one has to be careful
  with constants like CC_CLEAN on the left side of a '=>'.
  The following two forms are equivalent to the above:

  final_destiny_by_ccat => { 'REPLACE', 1,
                             CC_CATCHALL, D_DISCARD },
or:
  final_destiny_by_ccat => { REPLACE => 1,
                             &CC_CATCHALL => D_DISCARD },
  Choose whichever looks prettier to you eyes.
)




Why a $clean_quarantine_to does not even exist, and why $final_clean_destiny
is not a dynamic setting may sound inconsistent. The general logic behind 
dynamic settings (those which can be changed by a policy bank) is that
all new general purpose settings like @*_maps and %*_by_ccat are dynamic,
but a dedicated variable for each of their default components may not
even exist.

See for example the default setting of %final_destiny_by_ccat :

  %final_destiny_by_ccat = (
    CC_VIRUS,       sub { c('final_virus_destiny') },
    CC_BANNED,      sub { c('final_banned_destiny') },
    CC_UNCHECKED,   sub { c('final_unchecked_destiny') },
    CC_SPAM,        sub { c('final_spam_destiny') },
    CC_BADH,        sub { c('final_bad_header_destiny') },
    CC_MTA.',1',    D_TEMPFAIL,
    CC_MTA.',2',    D_REJECT,
    CC_OVERSIZED,   D_BOUNCE,
    CC_CATCHALL,    D_PASS,
  );

Notice that some old-time and commonly used settings do have
their dedicated directly configurable settings for compatibility
with existing configurations, while newcomers like a final destiny
for CC_CLEAN, CC_OVERSIZED and CC_MTA do not have them, as
there was no need for upward compatibility, previous versions
(before %*_by_ccat was introduced) had no way to set these.

Similarly for %*_maps_by_ccat:

  %quarantine_to_maps_by_ccat = (
    CC_VIRUS,       sub { ca('virus_quarantine_to_maps') },
    CC_BANNED,      sub { ca('banned_quarantine_to_maps') },
    CC_UNCHECKED,   sub { ca('unchecked_quarantine_to_maps') },
    CC_SPAM,        sub { ca('spam_quarantine_to_maps') },
    CC_BADH,        sub { ca('bad_header_quarantine_to_maps') },
    CC_CLEAN,       sub { ca('clean_quarantine_to_maps') },
  );

It refers to @*_quarantine_to_maps settings (which in turn refer
to $*_quarantine_to), but the $*_quarantine_to themselves are
not dynamic, only the more general @_*maps are.


> My original purpose is, Postfix policy server will redirect certain (clean)
> emails to Amavisd through a separate policy_bank (e.g. 127.0.0.1:9997),
> and Amavisd quarantines emails into MySQL database. Any suggestions and/or
> code sample?

This should do:

$policy_bank{'xxxx'} = {
  clean_quarantine_method => 'sql:',
  final_destiny_by_ccat => {CC_CLEAN, D_DISCARD},
};

If you know that only the mail messages which need to have a special
treatment by this policy bank will be forwarded to this port (e.g. only
clean mail and nothing else), it may be cleaner to use archive quarantine:

$policy_bank{'xxxx'} = {
  archive_quarantine_to_maps => [ 'archive-quarantine' ],
  archive_quarantine_method => 'sql:',
  final_destiny_by_ccat => { REPLACE => 1, &CC_CATCHALL => D_DISCARD },
};


Mark

More information about the amavis-users mailing list