get a copy of rejected message

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Mar 13 18:38:06 CET 2019 

On 13.03.19 16:45, Patrick Proniewski wrote:
>> From: Benedict White <Benedict.White at cse-ltd.co.uk>
>>
>> I don't believe that is possible.
>>
>> Postfix has to accept the message (and close the connection to the SMTP client) before the email gets to AmavisD.

This is not true.  In case of smtp proxy or a milter, the message is not
accepted.  Instead, after clients sends the final ".", postfix sends message
to proxy/milter, and if either rejects the message, postfix rejects the
message.

>> As such a rejection message to the client (as opposed to an NDR) isn't possible once it has been passed to AmavisD.

this only applies when amavisd is used as content-filter.

>I do agree.  Nevertheless, some sort of hack or setting in Amavis could
> allow that (creation of an alternate message that it would distribute to
> the inner SMTP while it sends a REJECT to the outer SMTP.

you don't need hacks, see above.

>>> I'm using amavisd as a before-queue-content-filter with postfix, so that I can reject immediately

>> From: Noel Butler <noel.butler at ausics.net>
>> Yes, you need to run amavisd as a milter

>>> -> is it possible to tell amavisd to reject the message AND to send a copy of it to a dedicated address?
>>>
>>> That would be like quarantine to an email address but with reject status to the smtp client.
>>
>> Not sure on this part if you run it via a milter, I'd assume not though unless you modified the milter code

>I don't understand why you recommend to run Amavis as a milter instead of my current setup if you think it would not achieve the goal... Am I missing something?

mostly everything we have explained multiple times to you:

- your current setup makes opendmarc impossible, becase you use smtp_proxy
  and in such case milter doesn't see the body
- milter works as pre-queue, so you can reject spam and viruses at SMTP level
- amavisd can do the DKIM signing, you don't need opendmarc


>> From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
>
>>> -> is it possible to tell amavisd to reject the message AND to send a copy of it to a dedicated address?
>>
>> I think it is possible. Just try it.
>
>Ok, any idea how I should proceed? To my knowledge "quarantine" makes Postfix accept the message, then can't trigger a REJECT on outer SMTP.

amavisd can instruct postfix to reject the message, but amavis can
quarantine it itself. So, amavis should be able send the message the
address, when you configure quarantine, even if milter

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !

More information about the amavis-users mailing list