Antw: Re: amavis-dkim: How to discard mail with no or invalid signature
Matthias Weigel
matthias.weigel at maweos.de
Thu Jan 14 17:16:36 CET 2016
Hello Gerhard,
try this in user_prefs (or your local.cf):
internal_networks = ... (your internal Mailsystems IPs here)
trusted_networks = ... (your internal Mailsystems IPs here)
then you can use ALL_TRUSTED in the rules. E.g. like this:
meta MY_FROM_WITHOUT_DKIM MY_FROM && !DKIM_VALID && !ALL_TRUSTED
For quarantine management there are multiple possible solutions:
- mark only and forward to the user. User creates his own quarantine
rule in his mailer.
- send everything to a different quarantine mail system.
- create your own cron scripts to send summary quarantine reports to users.
- amavisd-release
- Frontends like Maia Mailguard or others.
To discard the original mail use this in amavisd.conf :
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_DISCARD;
Best Regards
Matthias
Am 14.01.2016 um 16:25 schrieb Gerhard Rappenecker:
> Hello Matthias,
>
> that works! Thanks a lot!
>
> In my SuSE Linux I put the rules MY_FROM and MY_FROM_WITHOUT_DKIM in /etc/mail/spamassassin/local.cf:
>
> To avoid to check the originating mails which don't have a DKIM Signature at this point I bypass spam check in amavisd.conf with:
> $policy_bank{'MYNETS'} = {
> ...
> bypass_spam_checks_maps => [1]
> };
> $policy_bank{'ORIGINATING'} = {
> ...
> bypass_spam_checks_maps => [1]
> };
> I think this could be done better.
> Is it possible to bypass DKIM-checking for originating mails in spamassassin instead of bypassing the spam check at all for such mails?
>
> Now amavis-new quaratine positive mails to /var/spool/amavis/virusmails and also delivers them.
> How can I manage to discard them instead or to do somthing else? (I'm a beginner with amavis ;)
>
> Is there any notification-/cleaning-tool in amavis to manage the quaratine files?
>
> Best regards
> Gerhard
>
>
>>>> Matthias Weigel <matthias.weigel at maweos.de> schrieb am Mittwoch, 13. Januar
> 2016 um 18:47 in Nachricht <56968DA6.2050203 at maweos.de>:
>> Hello Gerhard,
>>
>> you could try a custom spamassassin rule.
>>
>> These rules go into ~amavis/.spamassassin/user_prefs
>>
>> There are already some SPF/DKIM rules in spamassassin. See file
>> 25_spf.cf or 25_dkim.cf of spamassassin.
>>
>> # Then you create a rule to identify your domain:
>> header MY_FROM From =~ /example.com/i
>> describe MY_FROM Sender is from example.com
>>
>> # Now you create a rule to combine them:
>> meta MY_FROM_WITHOUT_SPF MY_FROM && (SPF_NONE || SPF_FAIL)
>> describe MY_FROM_WITHOUT_SPF Sender is from my domain, but has no SPF
>> score MY_FROM_WITHOUT_SPF 9
>>
>> # or:
>> meta MY_FROM_WITHOUT_DKIM MY_FROM && !DKIM_VALID
>> describe MY_FROM_WITHOUT_DKIM Sender is from my domain, but has no DKIM
>> score MY_FROM_WITHOUT_DKIM 9
>>
>> The high score tells amavis to quarantine such mails.
>>
>> Please check, if the above criteria are really useful for you. Have a
>> look in /usr/share/spamassassin/ . Maybe some other criteria is more
>> apropriate?
>>
>> Test before using this in production. See "debug-sa" parameter to amavis.
>>
>> Best Regards
>>
>> Matthias
>>
>>
>>
>> Am 13.01.2016 um 17:19 schrieb Gerhard Rappenecker:
>>> Hello all,
>>>
>>> thanks a lot for all answers.
>>>
>>> It seems I have to use SPF or DMARC to get what I want. Unfortunately these
>> components are not integrated in the SuSE Linux software distribution. I'd
>> like to use only the onboard resources postfix, amavis-new with DCIM,
>> spamassassin because of automatic updating.
>>>
>>> Is there actually no way in amavis (or spamassassin) to reject/quaratine
>> mails from a specific sender with no or an invalid DKIM signatur?
>>> Is there any way to reject those mails in postfix after amavis DKIM
>> verifying?
>>>
>>> I've allready tried to check the headers in postfix for DKIMs
>> "Authentication-Results", but "header_checks" take place before the DKIM
>> verification and "smtp_header_checks" do not allow to cutoff the mail
>> delivery.
>>>
>>> Hope anyone can help me
>>>
>>> best regards
>>> Gerhard
>>>
>>>
>>>>>> Maurizio Marini <maumar at datalogica.com> schrieb am Mittwoch, 13. Januar 2016
>> um
>>> 12:27 in Nachricht <20160113122726.221e5099.maumar at datalogica.com>:
>>>> On Wed, 13 Jan 2016 12:01:52 +0100
>>>> "Gerhard Rappenecker" <G.Rappenecker at hs-offenburg.de> wrote:
>>>>
>>>>> My intention is, to reject mail from outside with a faked sender adress
>>>>> of our own domain. In the past we were attacked by such mails to our
>>>>> mailinglists.
>>>> Hello Gerhard
>>>> I use spf with -all instead of ~all to do exactly what you want.
>>>> I do not received anymore spam with my domain in from address
>>>> I mean: @datalogica.com
>>>> -m
>>>
>>>
>>>
>
>
>
More information about the amavis-users
mailing list