R: R: R: R: R: Message quarantined as SPAM

Scappatura Rocco Rocco.Scappatura at infracom.it
Wed Jun 28 09:34:20 CEST 2017 

Hello.

I easily constructed files:

/etc/postfix/relay_domains
/etc/postfix/mynetworks.cidr

Then I set:

@local_domains_acl = (
  ".$mydomain" ,
  read_hash('/etc/postfix/relay_domains')
);

@local_domains_maps = @local_domains_acl;

In amavis log now I see a different tag ({RelayedInbound}):

Jun 28 09:24:05 av8 amavis[21699]: (21699-15) Passed CLEAN {RelayedInbound}, [xxx.yyy.zzz.uuu]:40882 [xxx.yyy.zzz.uuu] <aaa at example.com> -> <bbb at example.org>, Queue-ID: 0C98ED61C4, Message-ID: <8386362.10890651498634643768.JavaMail.www-data at v080>, mail_id: 0g9XxEmqcNPj, Hits: 2.2, size: 9179, queued_as: 7DAA4D61CA, 453 ms

Even in case neither example.com nor example.org are local domain.

What change made really implied?

For @mynetworks instead, I did not still set:

@mynetworks = @{ read_cidr('/etc/postfix/mynetworks.cidr') };

Because at the moment I have:

@mynetworks = qw( 127.0.0.0/8);

and:

$policy_bank{'MYNETS'} = {  # clients in @mynetworks
  bypass_spam_checks_maps   => [1],  # don't spam-check internal mail
  bypass_banned_checks_maps => [1],  # don't banned-check internal mail
  bypass_header_checks_maps => [1],  # don't header-check internal mail
};

So I fear that the change that you suggested me, avoid the SPAM scan for ALL mail departing from my real networks..

Is my fear justified?

Regards,

RS


> -----Messaggio originale-----
> Da: amavis-users [mailto:amavis-users-
> bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di Patrick Ben
> Koetter
> Inviato: martedì 27 giugno 2017 15:37
> A: amavis-users at amavis.org
> Oggetto: Re: R: R: R: R: Message quarantined as SPAM
> 
> * Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> > Hello.
> >
> > Maybe is the line:
> >
> > 50-user:$spam_quarantine_to         = 'spam-quarantine';
> >
> > that has enabled quarantine..
> 
> Quite likely this line enables quarantine. In case you want to disable it:
> 
> $spam_quarantine_to = undef;
> 
> 
> > Moreover, I have the list of 'mynetworks' defined in a mysql DB used by
> postfix, through the following query:
> >
> > select action from access where inet_aton(ip) & inet_aton(mask) =
> > inet_aton('%s') & inet_aton(mask) order by mask DESC limit 0,1;
> >
> > Similarly, I have  the list of local domain defined in a mysql DB used by
> postfix, through the following query:
> >
> > select domain from domain where domain='%s' and active='1';
> >
> > How can I safely import these lists into amavis?
> 
> If they change frequently, add a trigger to MySQL that dumps the results to
> tables. If they change only once in a while, create a script that does the same.
> 
> Then import the lists into amavis, using the read_* methods. For example:
> 
> @local_domains_maps = (
>     ".$mydomain",
>     read_hash('/etc/postfix/relay_domains')
> );
> 
> Or for networks:
> 
> @mynetworks = @{ read_cidr('/etc/postfix/mynetworks.cidr') };
> 
> See the RELEASE-NOTES for more information.
> 
> p at rick
> 
> 
> 
> 
> 
> >
> > Regards,
> >
> > RS
> >
> >
> >
> > > -----Messaggio originale-----
> > > Da: amavis-users [mailto:amavis-users-
> > > bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di
> > > bounces+Patrick Ben
> > > Koetter
> > > Inviato: martedì 27 giugno 2017 15:16
> > > A: amavis-users at amavis.org
> > > Oggetto: Re: R: R: R: Message quarantined as SPAM
> > >
> > > * Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> > > > Hello.
> > > >
> > > > Here, all what you ask for:
> > > >
> > > > 1) @bypass_spam_checks_maps:
> > > >
> > > > 15-content_filter_mode:@bypass_spam_checks_maps = (
> > > >    \%bypass_spam_checks, \@bypass_spam_checks_acl,
> > > > \$bypass_spam_checks_re);
> > > >
> > > > @spam_tag_level_maps =
> > > >         ({
> > > > #        'yyy at example.org' => 1.5,
> > > >         '.' => 5.0,
> > > >         });
> > > >
> > > > @spam_tag2_level_maps =
> > > >         ({
> > > > #        ' yyy at example.org ' => 2.0,
> > > >         '.' => 6.31,
> > > >         });
> > > >
> > > > @spam_kill_level_maps =
> > > >         ({
> > > > #        ' yyy at example.org ' => 2.0,
> > > >         '.' => 6.31,
> > > >         });
> > > >
> > > > 2) $final_spam_destiny:
> > > >
> > > > 20-debian_defaults:$final_spam_destiny       = D_DISCARD;
> > > > 50-user:$final_spam_destiny       = D_DISCARD;
> > > >
> > > > 3) $spam_quarantine_method:
> > > >
> > > > 50-user:#$spam_quarantine_method         = 'sql:';
> > >
> > >
> > > You have disabled quarantine in 50-user, but it is enabled somethere
> > > else. It delivers messages to a file based quarantine, as your original LOG
> shows:
> > >
> > > Jun 22 11:45:48 av8 amavis[22610]: (22610-11) Blocked SPAM
> > > {DiscardedOpenRelay,Quarantined}, [xxx.yyy.zzz.uuu]:50412
> > > [xxx.yyy.zzz.uuu] <aaa at example.com> -> <bbb at mydomain>,
> quarantine:
> > > z/spam-zRJd9Wo5250M.gz, Queue-ID: 8647AD5DBA, Message-ID:
> > > <776AB7C587CC457C95FF35582FC9F0E1 at AutoRPZ.local>, mail_id:
> > > zRJd9Wo5250M, Hits: 6.793, size: 77514, 364 ms
> > >
> > > The message has been save to $QUARANTINE/z/spam-
> zRJd9Wo5250M.gz.
> > >
> > >
> > > In order to find out why the message has a different score you need
> > > to set @local_domains_maps correctly, or amavis will not add the
> > > header to the message.
> > >
> > > Add these to 50-user, once you have setup @local_domains_maps, and
> > > amavis will document the rules SA used and how they scored:
> > >
> > > $allowed_added_header_fields{lc('X-Spam-Status')} = 1;
> > > $allowed_added_header_fields{lc('X-Spam-Report')} = 1;
> > >
> > > p at rick
> > >
> > >
> > >
> > >
> > > >
> > > > 4) $sa_local_tests_only:
> > > >
> > > > 20-debian_defaults:$sa_local_tests_only = 0;    # only tests which do
> not
> > > require internet access?
> > > > 50-user:$sa_local_tests_only = 1;    # only tests which do not require
> > > internet access?
> > > >
> > > > 5) $sa_tag_level_deflt:
> > > > 20-debian_defaults:$sa_tag_level_deflt  = 2.0;  # add spam info
> > > > headers if at, or above that level
> > > >
> > > > 6) $sa_tag2_level_deflt:
> > > > 20-debian_defaults:$sa_tag2_level_deflt = 6.31;
> > > >
> > > > @spam_tag2_level_maps = ({
> > > > },
> > > > \$sa_tag2_level_deflt,
> > > > );
> > > >
> > > > 7) $sa_dsn_cutoff_level:
> > > > 20-debian_defaults:$sa_dsn_cutoff_level = 10;   # spam level beyond
> > > which a DSN is not sent
> > > >
> > > > 8) $sa_crediblefrom_dsn_cutoff_level:
> > > >
> > > > NOT DEFINED
> > > >
> > > > Moreover I have set:
> > > >
> > > > @spam_lovers_maps = ({
> > > >   '.example.net'     => 1, # this domain and it's subdomains
> > > > });
> > > >
> > > > @spam_kill_level_maps = ({
> > > >   '.example.net'     => 9999,
> > > > },
> > > > \$sa_kill_level_deflt,
> > > > );
> > > >
> > > > Regards,
> > > >
> > > > RS
> > > >
> > > > > -----Messaggio originale-----
> > > > > Da: amavis-users [mailto:amavis-users-
> > > > > bounces+rocco.scappatura=infracom.it at amavis.org] Per conto di
> > > > > bounces+Patrick Ben
> > > > > Koetter
> > > > > Inviato: martedì 27 giugno 2017 14:01
> > > > > A: amavis-users at amavis.org
> > > > > Oggetto: Re: R: R: Message quarantined as SPAM
> > > > >
> > > > > * Scappatura Rocco <Rocco.Scappatura at infracom.it>:
> > > > > > Thank you Patrick.
> > > > > >
> > > > > > What configuration you need, in particular?
> > > > >
> > > > > Lets start with this and LOG that shows the incident you need to
> > > research:
> > > > >
> > > > > @bypass_spam_checks_maps
> > > > > $final_spam_destiny
> > > > > $spam_quarantine_method
> > > > > $sa_local_tests_only
> > > > > $sa_tag_level_deflt
> > > > > $sa_tag2_level_deflt
> > > > > $sa_dsn_cutoff_level
> > > > > $sa_crediblefrom_dsn_cutoff_level
> > > > >
> > > > > p at rick
> > > > >
> > > > >
> > > > > --
> > > > > [*] sys4 AG
> > > > >
> > > > > https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße
> > > > > 26/MG,80333 München
> > > > >
> > > > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > > > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> > > > > Aufsichtsratsvorsitzender: Florian Kirstein
> > > > >
> > >
> > > --
> > > [*] sys4 AG
> > >
> > > https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße
> > > 26/MG,80333 München
> > >
> > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> > > Aufsichtsratsvorsitzender: Florian Kirstein
> > >
> 
> --
> [*] sys4 AG
> 
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
> 
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
>

More information about the amavis-users mailing list