Send recipient notification of quarantined spam

Tom Robinson tom.robinson at motec.com.au
Mon Feb 11 04:20:32 CET 2019 

Hi Patrick,

Thank you for responding.


On 8/2/19 7:07 pm, Patrick Ben Koetter wrote:
> Tom,
>
> * Tom Robinson <tom.robinson at motec.com.au>:
>> On 7/2/19 6:00 pm, Dominic Raferd wrote:
>>>
>>> On Thu, 7 Feb 2019 at 04:46, Tom Robinson <tom.robinson at motec.com.au
>>> <mailto:tom.robinson at motec.com.au>> wrote:
>>>
>>>     bump
>>>
>>>     On 5/2/19 12:08 pm, Tom Robinson wrote:
>>>>     Hi,
>>>>
>>>>     I'm sure this has been answered before but I just can't seem to find the right settings.
>>>>
>>>>     I want the recipient of a quarantined SPAM email to receive a notification that it was
>>>>     quarantined.
>>>>
>>>>     Notifications are working for viruses that get quarantined but I can't get it to work for SPAM.
>>>>
>>>>     I have the following in my amavisd.conf
>>>>
>>>>     $virus_admin               = "postmaster\@$mydomain";                   # notifications recip.
>>>>     $mailfrom_notify_admin     = "virusalert\@$mydomain";                   # notifications sender
>>>>     $mailfrom_notify_recip     = "virusalert\@$mydomain";                   # notifications sender
>>>>     $mailfrom_notify_spamadmin = "spamalert\@$mydomain";                    # notifications sender
>>>>     $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
>>>>
>>>>     $final_virus_destiny      = D_DISCARD;
>>>>     $final_banned_destiny     = D_DISCARD;
>>>>     $final_spam_destiny       = D_DISCARD;  #!!!  D_DISCARD / D_REJECT
>>>>     $final_bad_header_destiny = D_PASS;
>>>>     $virus_quarantine_method        = 'local:virus/%m';
>>>>     $spam_quarantine_method         = 'local:spam/%m.gz';
>>>>     $banned_files_quarantine_method = 'local:banned/%m';
>>>>     $bad_header_quarantine_method   = 'local:badh/%m';
>>>>
>>>>     $warnvirusrecip = 1;
>>>>     $warnbannedrecip = 1;
>>>>     $warnbannedsender = 0;
>>>>
>>> Try: https://lists.amavis.org/pipermail/amavis-users/2012-July/001717.html
>>> I'm not clear how amavis decides whether a recipient is 'local'. Might be worth setting
>>> $warn_offsite to 1 if only to rule this out.
>>>
>>> Looking at comments in amavisd-new code 2.11.0 it seems that warnbannedrecip is deprecated in
>>> favour of warnbannedrecip_maps (although it should still work).
>>>
>>> You aren't using any named policy banks are you? If so, it might also need to be set explicitly
>>> inside each named policy bank (as do a lot of things, sadly), and with different syntax
>>> (warnbannedrecip  => 1,).
>> Thanks Dominic.
>>
>> Just to be clear, I'm using CentOS 7, amavisd-new 2.11.0.
>>
>> I can't find ANY decent documentation about how to configure
>> warnbannedrecip_maps. How can I use this configuration option?
> The absense of documentation is a well known problem. We're working on it,
> since I became maintainer. But my spare cycles are limited and so this will
> take more time.

As it turns out, I have already read a couple of you blogs on the subject. Most enlightening! So
thank you very much for that.


> I looked for an option that warns spam recipients and couldn't find any. Given
> the fact that notifying people of spam gets close to delivering spam itself I
> assume Mark never implemented it or removed it at some time (he did so with a
> few other similar options).

Yes, I can see the point. When SPAM over a certain threshold is discarded, however, delivery
notification of the remainder is less problematic and gives the user a chance to reclaim email that
is incorrectly identified.


>> The only policy banks in my amavisd.conf are the default ones that are
>> already configured in the CentOS 7 packages:
>>
>> $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
>> $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
>> $policy_bank{'AM.PDP-SOCK'} = {
>>
>> The warnbannedrecip_maps is nowhere to be found in my amavisd.conf
> Anything with *banned* applies to files that are banned. It would never apply
> to spam, which is a different content class than "banned files".

I thought as much. It is good to have this clarity at last.


>> I've also read that setting $warn_offsite on can create backscatter. Really
>> not sure how to handle this.
> Don't enable it. It would configure amavis to send notifications to
> senders/recipients that are "outside" of amavis' protection.

Again, thanks for clearing that up.


>
>> Where is the documentation? RTFM comes to mind but it's hard when you can't
>> find any!
> Yep. I can hear you. Working on it.

;-)


>> The following is an interesting read but the discussion is about 'sender notification'
>>
>> https://lists.amavis.org/pipermail/amavis-users/2016-November/004649.html
>>
>> I need 'recipient notification'
>>
>> I'm very hesitant to set $warn_offsite until I can be sure what it will do. :-/
> It will not give you what you want.
>
> If you are capable of programming, I suggest you do something like this (might
> be overblown in your situation, but we did it and it works well):
>
> - Deliver to an SQL quarantine
> - Watch the DB for additions
> - Trigger a script that selects the information you want from the table and
>   let it send the notification

Yes, I am capable but I was hoping for a canned solution or configuration option with amavisd. I
suppose I'm as time poor with this as you are with the documentation.

I appreciate all your comments as it gives some clarity and I don't have to waste more time on
deciphering and testing various configuration options to get to where I want to be

Kind regards,

Tom

More information about the amavis-users mailing list