Cannot whitelist my own system messages
Nikolaos Milas
nmilas at noa.gr
Fri May 10 12:23:30 CEST 2013
Hello,
I am running (on CentOS 6.4):
amavisd-new-2.8.0-1.el6.x86_64
postfix-2.9.4-1.appletech.el6.x86_64
clamd-0.97.6-1.el6.rf.x86_64
with SaneSecurity (as part of clamd definitions).
I have found that one rule used by SaneSecurity
(Sanesecurity.Jurlbl.8993.UNOFFICIAL) is causing auto messages from the
server itself to the sysadmin to be discarded:
Postfix log:
May 10 12:39:27 mailgw1 postfix/smtpd[29814]: connect from localhost[::1]
May 10 12:39:27 mailgw1 postfix/smtpd[29814]: 3b6RG70K1DzMlYn:
client=localhost[::1]
May 10 12:39:27 mailgw1 postfix/cleanup[29944]: 3b6RG70K1DzMlYn:
message-id=<518cc04f.FgxeJOTmc9m/UzC7%postmaster at mailgw1.noa.gr>
May 10 12:39:27 mailgw1 postfix/qmgr[7174]: 3b6RG70K1DzMlYn:
from=<postmaster at mailgw1.noa.gr>, size=28128, nrcpt=1 (queue active)
May 10 12:39:27 mailgw1 postfix/smtpd[29814]: disconnect from localhost[::1]
May 10 12:39:27 mailgw1 postfix/lmtp[29987]: 3b6RG70K1DzMlYn:
to=<sysadmin at noa.gr>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.32,
delays=0.05/0/0.02/0.25, dsn=2.7.0, status=sent (250 2.7.0 Ok,
discarded, id=30013-01 - INFECTED: Sanesecurity.Jurlbl.8993.UNOFFICIAL)
May 10 12:39:27 mailgw1 postfix/qmgr[7174]: 3b6RG70K1DzMlYn: removed
Amavis.log excerpt:
May 10 12:39:27 mailgw1 amavis[30013]: (30013-01) LMTP::10024
/var/amavis/tmp/amavis-20130510T123927-30013-oZ_ipzJY:
<postmaster at mailgw1.noa.gr> -> <sysadmin at noa.gr> SIZE=28128 Received:
from mailgw1.noa.gr ([127.0.0.1]) by localhost (mailgw1.noa.gr
[127.0.0.1]) (amavisd-new, port 10024) with LMTP for <sysadmin at noa.gr>;
Fri, 10 May 2013 12:39:27 +0300 (EEST)
May 10 12:39:27 mailgw1 amavis[30013]: (30013-01) Checking: f1B8SO4zg3Ao
<postmaster at mailgw1.noa.gr> -> <sysadmin at noa.gr>
May 10 12:39:27 mailgw1 clamd[4938]:
/var/amavis/tmp/amavis-20130510T123927-30013-oZ_ipzJY/parts/p002:
Sanesecurity.Jurlbl.8993.UNOFFICIAL FOUND
May 10 12:39:27 mailgw1 amavis[30013]: (30013-01) local delivery: <> ->
virus-quarantine, mbx=/var/blockedmail/virus/30013-01-f1B8SO4zg3Ao
May 10 12:39:27 mailgw1 amavis[30013]: (30013-01) Blocked INFECTED
(Sanesecurity.Jurlbl.8993.UNOFFICIAL) {DiscardedInbound,Quarantined},
[::1] <postmaster at mailgw1.noa.gr> -> <sysadmin at noa.gr>, quarantine:
virus/30013-01-f1B8SO4zg3Ao, Message-ID:
<518cc04f.FgxeJOTmc9m/UzC7%postmaster at mailgw1.noa.gr>, mail_id:
f1B8SO4zg3Ao, Hits: -, size: 28128, 265 ms
The message has been injected in this way:
env MAILRC=/dev/null from=postmaster at mailgw1.noa.gr smtp=localhost \
mailx -n -s "mailgw1.noa.gr daily mail stats" \
sysadmin at noa.gr < /var/log/mailreports/mailreport-2013-05-09
However, I have set (in /etc/amavisd.conf):
read_hash(\%whitelist_sender, '/etc/amavis/whitelist_domains');
where /etc/amavis/whitelist_domains:
...
mailgw1.noa.gr
...
So, I would expect that messages from (envelope sender
<whatever>@mailgw1.noa.gr) do not get dropped. The policy is:
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS;
The question: Why doesn't this message get through? How can I whitelist
all local (system) messages so that they don't get scanned/discarded?
Please advise.
Thanks,
Nick
More information about the amavis-users
mailing list