IRedMail/FAQ/Quarantining.Messages

From iRedMail

(Difference between revisions)
Jump to: navigation, search
(Created page with 'When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce me…')
(References)
 
(46 intermediate revisions not shown)
Line 1: Line 1:
 +
__TOC__
 +
 +
Note: This tutorial is appliable for iRedMail-0.6.1 and earlier versions. If you're using iRedMail-0.7.0 and later versions, please refer to [[IRedMail/FAQ/Quarantining.SPAM |this tutorial]].
 +
 +
= Summary =
When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.
When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.
-
Enable a spam quarantine by setting the following variables:
+
= Integrate MySQL in Amavisd =
-
{{cfg|/etc/amavisd.conf|<pre>
+
 
-
$QUARANTINEDIR = '/var/virusmails';             # Quarantine Directory
+
We have to integrate MySQL in Amavisd first. Please follow steps in this tutorial:
 +
* [[IRedMail/FAQ/Integrate.MySQL.in.Amavisd|Integrate MySQL in Amavisd]]
 +
 
 +
= Configure Amavisd =
 +
Enable spam quarantining in Amavisd. Make sure you have below settings in '''/etc/amavisd.conf''' (RHEL/CentOS/OpenSuSE) or '''/etc/amavis/conf.d/50-user''' (Debian/Ubuntu) or '''/usr/local/etc/amavisd.conf''' (FreeBSD):
 +
{{cfg|amavisd.conf|<pre>
 +
#
 +
# Set default action when found VIRUS and SPAM.
 +
#
 +
$final_virus_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
-
$spam_quarantine_method = 'local:spam-%b-%i-%n'; # Filename in $QUARANTINEDIR
+
 
-
$spam_quarantine_to = 'spam-quarantine';         # Put Spam in Quarantine Directory
+
# Port 9998 used to release quarantined mails via network. e.g. telnet.
-
# $spam_quarantine_to = "postmaster\@$mydomain"; # Send Spam to Adminstrator
+
$inet_socket_port = [10024, 9998];
-
# $spam_quarantine_to = undef;                   # Do nothing with Spam
+
$interface_policy{'9998'} = 'AM.PDP-INET';
-
$spam_admin = "martin.zahn\@$mydomain";         # Where to send Notification
+
$policy_bank{'AM.PDP-INET'} = {
 +
  protocol => 'AM.PDP',  # select Amavis policy delegation protocol
 +
  inet_acl => [qw( 127.0.0.1 [::1] )],  # restrict access to these IP addresses
 +
  auth_required_release => 1,  # don't require secret_id for amavisd-release
 +
};
 +
 
 +
# Store quarantined mails in SQL database.
 +
$spam_quarantine_to = 'spam-quarantine';
 +
$spam_quarantine_method = 'sql:';
 +
 
 +
$virus_quarantine_to = 'virus-quarantine';
 +
$virus_quarantine_method = 'sql:';
</pre>}}
</pre>}}
-
The following symbolic constants can be used in $final_spam_destiny:
+
Note: You must configure @storage_sql_dsn in amavisd.conf, it's described in: [[IRedMail/FAQ/Integrate.MySQL.in.Amavisd|Integrate MySQL in Amavisd]]
-
* '''D_DISCARD''': Mail will not be delivered to its recipients, sender will NOT be notified. Effectively we lose mail (but will be quarantined unless disabled). Losing mail is not decent for a mailer, but might be desired.
+
= Testing =
-
* '''D_BOUNCE''': Mail will not be delivered to its recipients, a non-delivery notification (bounce) will be sent to the sender by amavisd-new; Exception: bounce (DSN) will not be sent if a virus name matches $viruses_that_fake_sender_re, or to messages from mailing lists, or for spam level that exceeds the $sa_dsn_cutoff_level.
+
SpamAssassin ships a sample SPAM mail, you can use Outlook/Thunderbird/Mail.app to open it and send it to your local user, it should be blocked. and you will find similar message in log file (/var/log/maillog or /var/log/mail.log):
-
* '''D_REJECT''': mail will not be delivered to its recipients, sender should preferably get a reject, e.g. SMTP permanent reject response.
+
-
----
+
Aug 27 07:53:49 r6 amavis[3131]: (03131-02) Blocked SPAM, <root@r6.iredmail.org> -> <www@a.cn>,
-
References:
+
quarantine: CynKoUgc0+Oz, Message-ID: <20100826235349.9942AE0B5E@r6.iredmail.org>,
 +
mail_id: CynKoUgc0+Oz, Hits: 1005.814, size: 1081, 153 ms
 +
 
 +
If you set '''$spam_quarantine_method = 'local:spam-%i-%m';''', quarantined emails are stored under /var/virusmails/, and you can release this mail with command '''amavisd-release''', it will resend this email to recipient:
 +
{{cmd|<pre>
 +
# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv
 +
250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58
 +
</pre>}}
 +
 
 +
If you set '''$spam_quarantine_method = 'sql:';''', SPAM mail will be stored in mysql database '''amavisd.quarantine''', you can release it with telnet (port 9998), it's useful to release it via web front-end (You can find detail in MySQL table: '''amavisd.quarantine'''):
 +
{{cmd|<pre>
 +
# telnet localhost 9998
 +
Trying 127.0.0.1...
 +
Connected to localhost.
 +
Escape character is '^]'.
 +
request=release
 +
mail_id=CynKoUgc0+Oz
 +
secret_id=cKj-gQxqqJsN
 +
 
 +
setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025):
 +
%20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E
 +
</pre>}}
 +
 
 +
And there's a mail log in postfix maillog file:
 +
Aug 27 08:29:01 r6 amavis[3132]: (rel-CynKoUgc0+Oz) Quarantined message release (miscategorized):
 +
CynKoUgc0+Oz <root@r6.iredmail.org> -> <www@a.cn>
 +
 
 +
= References =
* [http://www.akadia.com/services/postfix_amavisd.html Fighting Spam/Viruses with Amavisd-New, Maia and Postfix]
* [http://www.akadia.com/services/postfix_amavisd.html Fighting Spam/Viruses with Amavisd-New, Maia and Postfix]
 +
* [[IRedMail/FAQ/Integrate.MySQL.in.Amavisd |Integrate MySQL in Amavisd]]
 +
 +
= ChangeLog =
 +
* 2011-04-12: Add settings used to quarantine VIRUS into MySQL.
[[Category: iRedMail/FAQ]]
[[Category: iRedMail/FAQ]]
[[Category: iRedMail]]
[[Category: iRedMail]]
[[Category: FAQ]]
[[Category: FAQ]]

Current revision as of 14:24, 12 April 2011

Contents


Note: This tutorial is appliable for iRedMail-0.6.1 and earlier versions. If you're using iRedMail-0.7.0 and later versions, please refer to this tutorial.

Summary

When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.

Integrate MySQL in Amavisd

We have to integrate MySQL in Amavisd first. Please follow steps in this tutorial:

Configure Amavisd

Enable spam quarantining in Amavisd. Make sure you have below settings in /etc/amavisd.conf (RHEL/CentOS/OpenSuSE) or /etc/amavis/conf.d/50-user (Debian/Ubuntu) or /usr/local/etc/amavisd.conf (FreeBSD):

File: amavisd.conf 
#
# Set default action when found VIRUS and SPAM.
#
$final_virus_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;

# Port 9998 used to release quarantined mails via network. e.g. telnet.
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
  protocol => 'AM.PDP',  # select Amavis policy delegation protocol
  inet_acl => [qw( 127.0.0.1 [::1] )],  # restrict access to these IP addresses
  auth_required_release => 1,  # don't require secret_id for amavisd-release
};

# Store quarantined mails in SQL database.
$spam_quarantine_to = 'spam-quarantine';
$spam_quarantine_method = 'sql:';

$virus_quarantine_to = 'virus-quarantine';
$virus_quarantine_method = 'sql:';

Note: You must configure @storage_sql_dsn in amavisd.conf, it's described in: Integrate MySQL in Amavisd

Testing

SpamAssassin ships a sample SPAM mail, you can use Outlook/Thunderbird/Mail.app to open it and send it to your local user, it should be blocked. and you will find similar message in log file (/var/log/maillog or /var/log/mail.log): 

Aug 27 07:53:49 r6 amavis[3131]: (03131-02) Blocked SPAM, <root@r6.iredmail.org> -> <www@a.cn>,
quarantine: CynKoUgc0+Oz, Message-ID: <20100826235349.9942AE0B5E@r6.iredmail.org>,
mail_id: CynKoUgc0+Oz, Hits: 1005.814, size: 1081, 153 ms

If you set $spam_quarantine_method = 'local:spam-%i-%m';, quarantined emails are stored under /var/virusmails/, and you can release this mail with command amavisd-release, it will resend this email to recipient:

Terminal: 
# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv
250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58

If you set $spam_quarantine_method = 'sql:';, SPAM mail will be stored in mysql database amavisd.quarantine, you can release it with telnet (port 9998), it's useful to release it via web front-end (You can find detail in MySQL table: amavisd.quarantine):

Terminal: 
# telnet localhost 9998
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
request=release
mail_id=CynKoUgc0+Oz
secret_id=cKj-gQxqqJsN

setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025):
%20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E

And there's a mail log in postfix maillog file: 

Aug 27 08:29:01 r6 amavis[3132]: (rel-CynKoUgc0+Oz) Quarantined message release (miscategorized):
CynKoUgc0+Oz <root@r6.iredmail.org> -> <www@a.cn>

References

ChangeLog

  • 2011-04-12: Add settings used to quarantine VIRUS into MySQL.
Retrieved from "http://iredmail.org/wiki/index.php?title=IRedMail/FAQ/Quarantining.Messages"
Personal tools