final_virus_destiny D_REJECT

Rob McKennon rmckennon at
Wed Apr 27 21:34:36 CEST 2016

On 04/26/2016 02:25 PM, Mark Martinec wrote:
> Rob McKennon wrote:
>>>> Hello,
>>>> We are setting up Amavis and Clamav to detect credit cards coming into
>>>> our email, and it's working.  However, it's returning the original
>>>> email to the sender, which also contains the credit card numbers.
>>>> Receiving the credit card numbers is bad enough, sending them back out
>>>> again violates PCI. Is there a way to reject the email without
>>>> returning the original email content?  Below is a returned email with
>>>> test numbers as an example.
>>>> Thank you,
>>>> Rob McKennon
>>>>                   The mail system
>>>> <xxxxxxxxxx>: host[] said: 554 5.7.0 Reject,
>>>> id=06026-19 - INFECTED: Heuristics.Structured.CreditCardNumber (in
>>>> reply to end of DATA command)
>>>> Final-Recipient: rfc822;xxxxxxxxxxxxx
>>>> Original-Recipient: xxxxxxxxxxxxxx
>>>> Action: failed
>>>> Status: 5.7.0
>>>> Remote-MTA: dns;
>>>> Diagnostic-Code: smtp; 554 5.7.0 Reject, id=06026-19 - INFECTED:
>>>> Heuristics.Structured.CreditCardNumber
> This looks like a bounce message from an MTA (not from amavisd).
> Preferably you should use a setup where amavisd is invoked
> before-queue, so that a D_REJECT will affect the original
> client session and no non-delivery notification will be sent.
> Alternatively, with postfix you can limit the amount of a message
> body that is included in a bounce generated by postfix:
>  bounce_size_limit (default: 50000)
>   The maximal amount of original message text that is sent in a
>   non-delivery notification. Specify a byte count. A message is
>   returned as either message/rfc822 (the complete original) or
>   as text/rfc822-headers (the headers only). With Postfix version
>   2.4 and earlier, a message is always returned as message/rfc822
>   and is truncated when it exceeds the size limit.
> A third option is to use D_BOUNCE as a destiny, so that
> the bounce will be generated by amavisd and not by a MTA.
> Such bounce will only include message header, no body of
> the bounced message.
> Of these three options, the only recommended one is to use
> amavisd in a before-queue setup and reject unwanted messages
> while they are being received.
>   Mark
Thanx Mark,

We decided to go with the bounce_size_limit = 1 .   This way a bounce is 
sent back so the sender knows they messed up, but does not send the 
credit-card numbers back out.

We also found that it has alot of false positives, for which we have 
sent in bug fixes.

Have a great day!


More information about the amavis-users mailing list