Send recipient notification of quarantined spam

Patrick Ben Koetter p at sys4.de
Fri Feb 8 09:07:31 CET 2019


Tom,

* Tom Robinson <tom.robinson at motec.com.au>:
> On 7/2/19 6:00 pm, Dominic Raferd wrote:
> >
> >
> > On Thu, 7 Feb 2019 at 04:46, Tom Robinson <tom.robinson at motec.com.au
> > <mailto:tom.robinson at motec.com.au>> wrote:
> >
> >     bump
> >
> >     On 5/2/19 12:08 pm, Tom Robinson wrote:
> >>
> >>     Hi,
> >>
> >>     I'm sure this has been answered before but I just can't seem to find the right settings.
> >>
> >>     I want the recipient of a quarantined SPAM email to receive a notification that it was
> >>     quarantined.
> >>
> >>     Notifications are working for viruses that get quarantined but I can't get it to work for SPAM.
> >>
> >>     I have the following in my amavisd.conf
> >>
> >>     $virus_admin               = "postmaster\@$mydomain";                   # notifications recip.
> >>     $mailfrom_notify_admin     = "virusalert\@$mydomain";                   # notifications sender
> >>     $mailfrom_notify_recip     = "virusalert\@$mydomain";                   # notifications sender
> >>     $mailfrom_notify_spamadmin = "spamalert\@$mydomain";                    # notifications sender
> >>     $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
> >>
> >>     $final_virus_destiny      = D_DISCARD;
> >>     $final_banned_destiny     = D_DISCARD;
> >>     $final_spam_destiny       = D_DISCARD;  #!!!  D_DISCARD / D_REJECT
> >>     $final_bad_header_destiny = D_PASS;
> >>     $virus_quarantine_method        = 'local:virus/%m';
> >>     $spam_quarantine_method         = 'local:spam/%m.gz';
> >>     $banned_files_quarantine_method = 'local:banned/%m';
> >>     $bad_header_quarantine_method   = 'local:badh/%m';
> >>
> >>     $warnvirusrecip = 1;
> >>     $warnbannedrecip = 1;
> >>     $warnbannedsender = 0;
> >>
> > Try: https://lists.amavis.org/pipermail/amavis-users/2012-July/001717.html
> > I'm not clear how amavis decides whether a recipient is 'local'. Might be worth setting
> > $warn_offsite to 1 if only to rule this out.
> >
> > Looking at comments in amavisd-new code 2.11.0 it seems that warnbannedrecip is deprecated in
> > favour of warnbannedrecip_maps (although it should still work).
> >
> > You aren't using any named policy banks are you? If so, it might also need to be set explicitly
> > inside each named policy bank (as do a lot of things, sadly), and with different syntax
> > (warnbannedrecip  => 1,).
> 
> Thanks Dominic.
> 
> Just to be clear, I'm using CentOS 7, amavisd-new 2.11.0.
> 
> I can't find ANY decent documentation about how to configure
> warnbannedrecip_maps. How can I use this configuration option?

The absense of documentation is a well known problem. We're working on it,
since I became maintainer. But my spare cycles are limited and so this will
take more time.

I looked for an option that warns spam recipients and couldn't find any. Given
the fact that notifying people of spam gets close to delivering spam itself I
assume Mark never implemented it or removed it at some time (he did so with a
few other similar options).

> The only policy banks in my amavisd.conf are the default ones that are
> already configured in the CentOS 7 packages:
> 
> $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
> $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
> $policy_bank{'AM.PDP-SOCK'} = {
> 
> The warnbannedrecip_maps is nowhere to be found in my amavisd.conf

Anything with *banned* applies to files that are banned. It would never apply
to spam, which is a different content class than "banned files".


> I've also read that setting $warn_offsite on can create backscatter. Really
> not sure how to handle this.

Don't enable it. It would configure amavis to send notifications to
senders/recipients that are "outside" of amavis' protection.


> Where is the documentation? RTFM comes to mind but it's hard when you can't
> find any!

Yep. I can hear you. Working on it.


> The following is an interesting read but the discussion is about 'sender notification'
> 
> https://lists.amavis.org/pipermail/amavis-users/2016-November/004649.html
> 
> I need 'recipient notification'
> 
> I'm very hesitant to set $warn_offsite until I can be sure what it will do. :-/

It will not give you what you want.

If you are capable of programming, I suggest you do something like this (might
be overblown in your situation, but we did it and it works well):

- Deliver to an SQL quarantine
- Watch the DB for additions
- Trigger a script that selects the information you want from the table and
  let it send the notification

HTH

p at rick


-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 


More information about the amavis-users mailing list