IRedMail/FAQ/Quarantining.Messages
From iRedMail
| Line 20: | Line 20: | ||
# Set default action when found SPAM. | # Set default action when found SPAM. | ||
$final_spam_destiny = D_DISCARD; | $final_spam_destiny = D_DISCARD; | ||
| + | |||
| + | # Port 9998 used to release quarantined mails. | ||
| + | $inet_socket_port = [10024, 9998]; | ||
| + | $interface_policy{'9998'} = 'AM.PDP-INET'; | ||
| + | $policy_bank{'AM.PDP-INET'} = { | ||
| + | protocol => 'AM.PDP', # select Amavis policy delegation protocol | ||
| + | inet_acl => [qw( 127.0.0.1 [::1] )], # restrict access to these IP addresses | ||
| + | # auth_required_release => 0, # don't require secret_id for amavisd-release | ||
| + | }; | ||
# Filename of SPAM email in $QUARANTINEDIR. | # Filename of SPAM email in $QUARANTINEDIR. | ||
| Line 29: | Line 38: | ||
# %i => iso8601 timestamp of a message reception time by amavisd | # %i => iso8601 timestamp of a message reception time by amavisd | ||
# %% => % | # %% => % | ||
| - | $spam_quarantine_method = 'local:spam-%i-%m'; | + | #$spam_quarantine_method = 'local:spam-%i-%m'; |
| + | $spam_quarantine_method = 'sql:'; | ||
# What to do with SPAM emails. | # What to do with SPAM emails. | ||
| Line 60: | Line 70: | ||
# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv | # amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv | ||
250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58 | 250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58 | ||
| + | </pre>}} | ||
| + | |||
| + | Also, you can release it with telnet to port 9998, it's useful to release it via web front-end (You can find detail in MySQL table: '''amavisd.quarantine'''): | ||
| + | {{cmd|<pre> | ||
| + | # telnet localhost 9998 | ||
| + | Trying 127.0.0.1... | ||
| + | Connected to localhost. | ||
| + | Escape character is '^]'. | ||
| + | request=release | ||
| + | mail_id=CynKoUgc0+Oz | ||
| + | secret_id=cKj-gQxqqJsN | ||
| + | quar_type=Q | ||
| + | mail_file=CynKoUgc0+Oz | ||
| + | recipient=www@a.cn | ||
| + | |||
| + | setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025):%20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E | ||
</pre>}} | </pre>}} | ||
Revision as of 00:44, 27 August 2010
Contents |
WARNING: TO BE CONTINUED, do NOT apply it on your product server.
Summary
When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.
Configure Amavisd
Enable a spam quarantine by setting the following variables:
| File: /etc/amavisd.conf |
# Set quarantine directory. Default is /var/virusmails.
$QUARANTINEDIR = '/var/virusmails';
# Add level of subdirs to disperse quarantine. Default is 1.
$quarantine_subdir_levels = 1;
# What to do with amavisd-release.
$release_format = 'resend'; # 'attach', 'plain', 'resend'
# Set default action when found SPAM.
$final_spam_destiny = D_DISCARD;
# Port 9998 used to release quarantined mails.
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
protocol => 'AM.PDP', # select Amavis policy delegation protocol
inet_acl => [qw( 127.0.0.1 [::1] )], # restrict access to these IP addresses
# auth_required_release => 0, # don't require secret_id for amavisd-release
};
# Filename of SPAM email in $QUARANTINEDIR.
# Below is a complete list of place-holders currently recognized in filename templates:
# %P => $msginfo->partition_tag
# %b => $msginfo->body_digest
# %m => $msginfo->mail_id
# %n => $msginfo->log_id
# %i => iso8601 timestamp of a message reception time by amavisd
# %% => %
#$spam_quarantine_method = 'local:spam-%i-%m';
$spam_quarantine_method = 'sql:';
# What to do with SPAM emails.
# - spam-quaranteine: Put SPAM in quarantine directory.
# - postmaster@domain.ltd: Send SPAM to "postmaster@domain.ltd".
# - undef: Do nothing with SPAM.
$spam_quarantine_to = 'spam-quarantine';
# Send notification to admin.
#$spam_admin = "martin.zahn\@$mydomain";
|
The following symbolic constants can be used in $final_spam_destiny:
- D_DISCARD: Mail will not be delivered to its recipients, sender will NOT be notified. Effectively we lose mail (but will be quarantined unless disabled). Losing mail is not decent for a mailer, but might be desired.
- D_BOUNCE: Mail will not be delivered to its recipients, a non-delivery notification (bounce) will be sent to the sender by amavisd-new; Exception: bounce (DSN) will not be sent if a virus name matches $viruses_that_fake_sender_re, or to messages from mailing lists, or for spam level that exceeds the $sa_dsn_cutoff_level.
- D_REJECT: mail will not be delivered to its recipients, sender should preferably get a reject, e.g. SMTP permanent reject response.
Testing
SpamAssassin ships a sample SPAM mail, you can use Outlook/Thunderbird/Mail.app to open it and send it to your local user, it should be blocked. and you will find similar message in log file (/var/log/maillog or /var/log/mail.log):
Aug 25 23:49:07 r6 amavis[3834]: (03834-01) Blocked SPAM, MYNETS LOCAL [192.168.187.1]
[192.168.187.1] <www@a.cn> -> <www@a.cn>, quarantine: S/spam-20100825T234859-SX9PrjWLAKOv,
Message-ID: <4C753B6A.4020304@a.cn>, mail_id: SX9PrjWLAKOv, Hits: 996.105, size: 995, 7922 ms
You can find quarantined emails here: /var/virusmails/S/spam-20100825T234859-SX9PrjWLAKOv.
You can release this mail with command amavisd-release, it will resend this email to recipient:
| Terminal: |
# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv 250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58 |
Also, you can release it with telnet to port 9998, it's useful to release it via web front-end (You can find detail in MySQL table: amavisd.quarantine):
| Terminal: |
# telnet localhost 9998 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. request=release mail_id=CynKoUgc0+Oz secret_id=cKj-gQxqqJsN quar_type=Q mail_file=CynKoUgc0+Oz recipient=www@a.cn setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025):%20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E |
And there's a mail log in postfix maillog file:
Aug 25 23:53:12 r6 amavis[3835]: (rel-SX9PrjWLAKOv) Quarantined message release (miscategorized): SX9PrjWLAKOv <www@a.cn> -> <www@a.cn>
Also, if you have MySQL integrated in Amavisd (set in @storage_sql_dsn), there's a record in amavisd.msgs table.
