Sender notifications - disable? customize?

MRob mrobti at insiberia.net
Tue Nov 29 00:02:33 CET 2016


Patrick,

Really appreciate your help, especially if Mark's not around here any 
more.

>> - Are there best practices advice about sender notifications?
> 
> Don't notify senders for
> 
> - spam
> - viruses
> - unchecked
> 
> as the envelope sender is usually forged. You'd end up barking up the 
> wrong
> tree and the server might get listed as backscatter server.
> 
> Notify senders for:
> 
> - banned files
> 
>> - Looks like default is to have notifications ("warnings?") enabled 
>> for
>> attachments with banned file extensions. Doesn't this risk backscatter
>> problems when sender address is forged?
> 
> Yes.

Given that you advised sending banned notifications to senders, you 
consider the backscatter potential an acceptable risk for keeping that 
turned on?

>> - Also, is there a place to customize the message body (and possibly
>> headers) for these notifications ("warnings?")?
> 
> They are placed within amavis as templates. Which platform do you run 
> amavis
> on?

I have more than one - I see debian seems to have template files under 
/etc/amavis/en_US/ though I don't see a template for the banned 
extensions notification, but that system is not producing said 
notifications.

On the RedHat side of things (2.10.1 installed from EPEL), I don't find 
those templates and this is where the banned extension notification goes 
out to everyone (local or not) no matter what I do. That package puts 
some things in /usr/share/doc/amavisd-new-2.10.1 but I find no templates 
there. I even did this using the first line of text from the 
notification message:

grep -ri 'Our content checker found' /usr/share/doc/amavisd-new-2.10.1

>> - I'm having a very hard time finding documentation on any of those
>> settings, what exactly they do - where can I find that?
> 
> There isn't any. Amavis is orphaned.

I see. Can you or someone who knows these things explain if I am looking 
at the right settings?

Does disabling $warn_offsite prevent ALL non-local notifications (based 
on $mynetworks?)? Should I set it to undef to disable?
Does $warnbannedsender control the notifications I am seeing?

>> - I cannot find a way to disable them - tried setting these all to 0 
>> but no
>> luck: $warnbadhsender $warnbannedsender $warn_offsite
>> 
>> I tried setting to undef instead of 0, but warning/notices are still 
>> sent
>> out by amavis.  So I appear to have a problem with these settings 
>> being
>> overridden somewhere else(?)(or not understanding the right settings 
>> to use)
>> but I hope someone can still answer my other questions:
> 
> Did you set mynetworks and local_domain_maps? Without these settings 
> amavis
> won't be able to tell which directions - inbound/outbound -  mails are
> flowing. By default it only notifies recipients who belong to 
> hosts/domains in
> local_domain_maps. Without this it won't notify at all.

local_domain_maps is set correctly. mynetworks is not, as I used the 
policy banks associated with the port number which, combined with 
local_domain_maps has been working correctly (amavis logs correctly for 
"RelayedInbound" and "RelayedInternal" etc). Even if you recommend I set 
up mynetworks, I understand you think without it I should not be seeing 
the notifications at all. That's confounding.



>> On 2016-11-26 23:34, Dominic Raferd wrote:
>> > I don't think there is a way to check what the current active settings
>> > are for amavisd-new (nothing like postconf -n) - including all
>> > defaults - unfortunately. We can of course check our own settings with
>> > something like: grep -r "warn" /etc/amavis/conf.d|grep -v "\s*#"
>> >
>> > The defaults that I am aware of are:
>> >
>> > $warnbannedsender = undef;
>> > $warnbadhsender   = undef;
>> > $warn_offsite     = undef;
>> > $warnvirusrecip   = undef;
>> > $warnbannedrecip  = undef;
>> > $warnbadhrecip    = undef;
>> >
>> > I presume this means there are no warnings issued unless these
>> > variables are set explicitly, and this isn't the case with ubuntu (or
>> > I think debian) standard installations? Are you sure that warnings are
>> > being issued by amavisd-new on your system?
>> >
>> > On 26 November 2016 at 22:44, MRob <mrobti at insiberia.net> wrote:
>> >
>> > > Are there best practices advice about sender notifications?
>> > >
>> > > Looks like default is to have notifications ("warnings?") enabled
>> > > for attachments with banned file extensions. Doesn't this risk
>> > > backscatter problems when sender address is forged?
>> > >
>> > > I cannot find a way to disable them - tried setting these all to 0
>> > > but no luck: $warnbadhsender $warnbannedsender $warn_offsite
>> > >
>> > > I'm having a very hard time finding documentation on any of those
>> > > settings, what exactly they do - where can I find that?
>> > >
>> > > Also, is there a place to customize the message body (and possibly
>> > > headers) for these notifications ("warnings?")?
>> > >
>> > > Thank you for your great product.


More information about the amavis-users mailing list