Header -> amavis quarantine

Markus Clardy markus at clardy.eu
Fri Feb 9 18:56:49 CET 2018

Not that hard actually.

Your create a new port for Amavisd:

$inet_socket_port = [10024, 10030]

Then create a Policy for it:

$interface_policy{'10030'} = 'Quarantine.Postfix';
$policy_bank{'Quarantine.Postfix'} = {
    archive_quarantine_to_maps = > ['archive-quarantine'];
    archive_quarantine_method => 'local:hold-%m',
    final_destiny_maps_by_ccat => { REPLACE = 1, &CC_CATCHALL => D_DISCARD
    forward_method => 'smtp:[]:10024'

After that, in your header checks, you would have the header check cause
"FILTER smtp-amavis:[]:10030" instead of "PREPEND X-Hold: ....".

This will mean that any mail submitted on port 10030 of Amavisd gets
quarantined (and will appear as hold-UniqID in your quarantine (UniqID
being the Amavisd ID), and anything submitted on your normal port (assumed
10024 in this case), will get scanned as normal.

This is just an example, and you could do more with it if you'd like, such
as separating different reasons to be quarantined.

To my knowledge, Amavis doesn't have an automatic quarantine header list.

The other option would be to add a large score in SpamAssassin if this
header is found. That would also cause the mail to get quarantined, but may
not appear necessarily the same way you are looking for it to appear in the
quarantine (it'll get marked as Spam).

On Fri, Feb 9, 2018 at 5:41 PM, Dominic Raferd <dominic at timedicer.co.uk>

> On 9 February 2018 at 16:59, Markus Clardy <markus at clardy.eu> wrote:
> > On Fri, Feb 9, 2018 at 4:23 PM, Dominic Raferd <dominic at timedicer.co.uk>
> > wrote:
> >>
> >> Is there a way to have the presence of a specific header (or, better,
> >> a specific beginning to a header, where the later text might vary)
> >> causing quarantining by amavis. Use case is that postfix header_checks
> >> will identify a suspect mail and add the header before the mail is
> >> passed to amavis.
> >>
> >> Example header which should lead to amavis quarantining the mail:
> >>
> >> X-Hold: mydomain.tld; Withheld by order of check_header.pcre (.world
> >> domain)
> >>
> >> I feel sure amavis is powerful enough to do this but the plethora of
> >> options, and the perl terminology, leave me baffled. Thanks for any
> >> help.
> >>
> > What you can do is have a port/policy in Amavisd for Quarantining
> > everything, then just instead of adding a header in Postfix, have the
> mail
> > redirect to that port.
> >
> > This way, mail that is meant to be held as designated by Postfix, will
> go to
> > the quarantine that way.
> >
> Thanks Marcus but I want amavis to continue doing its own stuff as
> normal as well as quarantining these extra mails. Also it sounds
> complicated to resubmit mails via a different port but it is very easy
> to add a header using the postfix PREPEND option.

 - Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20180209/8dd559db/attachment.html>

More information about the amavis-users mailing list