Sender notifications - disable? customize?
Patrick Ben Koetter
p at sys4.de
Tue Nov 29 00:34:21 CET 2016
* MRob <mrobti at insiberia.net>:
> Patrick,
>
> Really appreciate your help, especially if Mark's not around here any more.
>
> > > - Are there best practices advice about sender notifications?
> >
> > Don't notify senders for
> >
> > - spam
> > - viruses
> > - unchecked
> >
> > as the envelope sender is usually forged. You'd end up barking up the
> > wrong
> > tree and the server might get listed as backscatter server.
> >
> > Notify senders for:
> >
> > - banned files
> >
> > > - Looks like default is to have notifications ("warnings?") enabled
> > > for
> > > attachments with banned file extensions. Doesn't this risk backscatter
> > > problems when sender address is forged?
> >
> > Yes.
>
> Given that you advised sending banned notifications to senders, you consider
> the backscatter potential an acceptable risk for keeping that turned on?
It's a calculated risk that tries to balance useful information against
getting on innocent peoples nerves. I am not aware of facts (numbers) that
make this an easy decision. Personally I use notifications for banned files.
> > > - Also, is there a place to customize the message body (and possibly
> > > headers) for these notifications ("warnings?")?
> >
> > They are placed within amavis as templates. Which platform do you run
> > amavis
> > on?
>
> I have more than one - I see debian seems to have template files under
> /etc/amavis/en_US/ though I don't see a template for the banned extensions
> notification, but that system is not producing said notifications.
>
> On the RedHat side of things (2.10.1 installed from EPEL), I don't find
> those templates and this is where the banned extension notification goes out
> to everyone (local or not) no matter what I do. That package puts some
> things in /usr/share/doc/amavisd-new-2.10.1 but I find no templates there. I
> even did this using the first line of text from the notification message:
Take a look at %notify_sender_templ_by_ccat in the amavisd perl file:
%notify_sender_templ_by_ccat = ( # bounce templates
CC_VIRUS, sub { cr('notify_virus_sender_templ') },
CC_BANNED, sub { cr('notify_virus_sender_templ') }, #historical reason
CC_SPAM, sub { cr('notify_spam_sender_templ') },
CC_CATCHALL, sub { cr('notify_sender_templ') },
);
Then follow notify_virus_sender_templ and you will find a function
read_l10n_templates, which refers to list of files (templates) that are read
among whom dir/template-virus-sender.txt seems to be what you are looking for.
> grep -ri 'Our content checker found' /usr/share/doc/amavisd-new-2.10.1
>
> > > - I'm having a very hard time finding documentation on any of those
> > > settings, what exactly they do - where can I find that?
> >
> > There isn't any. Amavis is orphaned.
>
> I see. Can you or someone who knows these things explain if I am looking at
> the right settings?
>
> Does disabling $warn_offsite prevent ALL non-local notifications (based on
> $mynetworks?)? Should I set it to undef to disable?
I wouldn't use warn_offsite, because it opens the door to backscatter. I'd
leave it at its default, effectively disabling offsite warnings.
What I'd do instead is set @mynetworks and @local_domains_maps. The first
defines hosts (IPs/networks in CIDR) you know to be internal (from internal)
and the second defines a list of domains you receive messages for (to internal).
Once these have been set amavis can tell all directions, e.g. "from external"
!= "from internal", *and* it will begin to send notifications.
It will also notify potential senders of banned files if you set
$warnbannedsender.
In case you are able to read and understand German you may read more about
this in my blog: https://sys4.de/en/blog/2013/02/15/e-mail-content-policies-mit-amavis/
> Does $warnbannedsender control the notifications I am seeing?
It does.
> > > - I cannot find a way to disable them - tried setting these all to 0
> > > but no
> > > luck: $warnbadhsender $warnbannedsender $warn_offsite
> > >
> > > I tried setting to undef instead of 0, but warning/notices are still
> > > sent
> > > out by amavis. So I appear to have a problem with these settings
> > > being
> > > overridden somewhere else(?)(or not understanding the right settings
> > > to use)
> > > but I hope someone can still answer my other questions:
> >
> > Did you set mynetworks and local_domain_maps? Without these settings
> > amavis
> > won't be able to tell which directions - inbound/outbound - mails are
> > flowing. By default it only notifies recipients who belong to
> > hosts/domains in
> > local_domain_maps. Without this it won't notify at all.
>
> local_domain_maps is set correctly. mynetworks is not, as I used the policy
> banks associated with the port number which, combined with local_domain_maps
> has been working correctly (amavis logs correctly for "RelayedInbound" and
> "RelayedInternal" etc). Even if you recommend I set up mynetworks, I
> understand you think without it I should not be seeing the notifications at
> all. That's confounding.
Ah, yes. It is. I don't have a clue at the moment. :(
Have you tried to use @debug_sender_maps? I'd use it as a trap to trigger
verbose output. Once we have that we can try to make sense of what we see.
p at rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the amavis-users
mailing list