Send recipient notification of quarantined spam
Patrick Ben Koetter
p at sys4.de
Fri Feb 8 09:07:31 CET 2019
Tom,
* Tom Robinson <tom.robinson at motec.com.au>:
> On 7/2/19 6:00 pm, Dominic Raferd wrote:
> >
> >
> > On Thu, 7 Feb 2019 at 04:46, Tom Robinson <tom.robinson at motec.com.au
> > <mailto:tom.robinson at motec.com.au>> wrote:
> >
> > bump
> >
> > On 5/2/19 12:08 pm, Tom Robinson wrote:
> >>
> >> Hi,
> >>
> >> I'm sure this has been answered before but I just can't seem to find the right settings.
> >>
> >> I want the recipient of a quarantined SPAM email to receive a notification that it was
> >> quarantined.
> >>
> >> Notifications are working for viruses that get quarantined but I can't get it to work for SPAM.
> >>
> >> I have the following in my amavisd.conf
> >>
> >> $virus_admin = "postmaster\@$mydomain"; # notifications recip.
> >> $mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender
> >> $mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender
> >> $mailfrom_notify_spamadmin = "spamalert\@$mydomain"; # notifications sender
> >> $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
> >>
> >> $final_virus_destiny = D_DISCARD;
> >> $final_banned_destiny = D_DISCARD;
> >> $final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT
> >> $final_bad_header_destiny = D_PASS;
> >> $virus_quarantine_method = 'local:virus/%m';
> >> $spam_quarantine_method = 'local:spam/%m.gz';
> >> $banned_files_quarantine_method = 'local:banned/%m';
> >> $bad_header_quarantine_method = 'local:badh/%m';
> >>
> >> $warnvirusrecip = 1;
> >> $warnbannedrecip = 1;
> >> $warnbannedsender = 0;
> >>
> > Try: https://lists.amavis.org/pipermail/amavis-users/2012-July/001717.html
> > I'm not clear how amavis decides whether a recipient is 'local'. Might be worth setting
> > $warn_offsite to 1 if only to rule this out.
> >
> > Looking at comments in amavisd-new code 2.11.0 it seems that warnbannedrecip is deprecated in
> > favour of warnbannedrecip_maps (although it should still work).
> >
> > You aren't using any named policy banks are you? If so, it might also need to be set explicitly
> > inside each named policy bank (as do a lot of things, sadly), and with different syntax
> > (warnbannedrecip => 1,).
>
> Thanks Dominic.
>
> Just to be clear, I'm using CentOS 7, amavisd-new 2.11.0.
>
> I can't find ANY decent documentation about how to configure
> warnbannedrecip_maps. How can I use this configuration option?
The absense of documentation is a well known problem. We're working on it,
since I became maintainer. But my spare cycles are limited and so this will
take more time.
I looked for an option that warns spam recipients and couldn't find any. Given
the fact that notifying people of spam gets close to delivering spam itself I
assume Mark never implemented it or removed it at some time (he did so with a
few other similar options).
> The only policy banks in my amavisd.conf are the default ones that are
> already configured in the CentOS 7 packages:
>
> $policy_bank{'MYNETS'} = { # mail originating from @mynetworks
> $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
> $policy_bank{'AM.PDP-SOCK'} = {
>
> The warnbannedrecip_maps is nowhere to be found in my amavisd.conf
Anything with *banned* applies to files that are banned. It would never apply
to spam, which is a different content class than "banned files".
> I've also read that setting $warn_offsite on can create backscatter. Really
> not sure how to handle this.
Don't enable it. It would configure amavis to send notifications to
senders/recipients that are "outside" of amavis' protection.
> Where is the documentation? RTFM comes to mind but it's hard when you can't
> find any!
Yep. I can hear you. Working on it.
> The following is an interesting read but the discussion is about 'sender notification'
>
> https://lists.amavis.org/pipermail/amavis-users/2016-November/004649.html
>
> I need 'recipient notification'
>
> I'm very hesitant to set $warn_offsite until I can be sure what it will do. :-/
It will not give you what you want.
If you are capable of programming, I suggest you do something like this (might
be overblown in your situation, but we did it and it works well):
- Deliver to an SQL quarantine
- Watch the DB for additions
- Trigger a script that selects the information you want from the table and
let it send the notification
HTH
p at rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the amavis-users
mailing list