IRedMail/FAQ/Quarantining.Messages
From iRedMail
Contents |
WARNING: TO BE CONTINUED, do NOT apply it on your product server.
TODO
Add cron jobs to cleanup amavisd.quarantine.
Summary
When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.
Configure Amavisd
Enable a spam quarantine by setting the following variables:
| File: /etc/amavisd.conf |
# Set quarantine directory. Default is /var/virusmails.
$QUARANTINEDIR = '/var/virusmails';
# Set default action when found SPAM.
$final_spam_destiny = D_DISCARD;
# Port 9998 used to release quarantined mails via network. e.g. telnet.
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
protocol => 'AM.PDP', # select Amavis policy delegation protocol
inet_acl => [qw( 127.0.0.1 [::1] )], # restrict access to these IP addresses
#auth_required_release => 0, # don't require secret_id for amavisd-release
};
# Filename of SPAM email in $QUARANTINEDIR.
# Below is a complete list of place-holders currently recognized in filename templates:
# %P => $msginfo->partition_tag
# %b => $msginfo->body_digest
# %m => $msginfo->mail_id
# %n => $msginfo->log_id
# %i => iso8601 timestamp of a message reception time by amavisd
# %% => %
#$spam_quarantine_method = 'local:spam-%i-%m'; # Store quarantined mails on local file system.
$spam_quarantine_method = 'sql:'; # Store quarantined mails in SQL database.
# What to do with SPAM emails.
# - spam-quaranteine: Put SPAM in quarantine directory.
# - postmaster@domain.ltd: Send SPAM to "postmaster@domain.ltd".
# - undef: Do nothing with SPAM.
$spam_quarantine_to = 'spam-quarantine';
# Send notification to admin.
#$spam_admin = 'postmaster@domain.ltd;
# Store quarantied mails in SQL.
@storage_sql_dsn = (['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'user1', 'passwd1']);
# MySQL backend only.
# Query per-user setting stored in MySQL.
#@lookup_sql_dsn = @storage_sql_dsn;
|
Import MySQL template structure:
| Terminal: |
# cd /tmp/ # wget http://iredmail.googlecode.com/hg/iRedMail/samples/amavisd.mysql # mysql -uroot -p mysql> CREATE DATABASE amavisd DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON amavisd.* TO "amavisd"@localhost IDENTIFIED BY 'secret_passwd'; mysql> USE amavisd; mysql> SOURCE /tmp/amavisd.mysql; mysql> FLUSH PRIVILEGES; |
Testing
SpamAssassin ships a sample SPAM mail, you can use Outlook/Thunderbird/Mail.app to open it and send it to your local user, it should be blocked. and you will find similar message in log file (/var/log/maillog or /var/log/mail.log):
Aug 27 07:53:49 r6 amavis[3131]: (03131-02) Blocked SPAM, <root@r6.iredmail.org> -> <www@a.cn>, quarantine: CynKoUgc0+Oz, Message-ID: <20100826235349.9942AE0B5E@r6.iredmail.org>, mail_id: CynKoUgc0+Oz, Hits: 1005.814, size: 1081, 153 ms
If you set $spam_quarantine_method = 'local:spam-%i-%m';, quarantined emails are stored under /var/virusmails/, and you can release this mail with command amavisd-release, it will resend this email to recipient:
| Terminal: |
# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv 250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58 |
If you set $spam_quarantine_method = 'sql:';, SPAM mail will be stored in mysql database amavisd.quarantine, you can release it with telnet (port 9998), it's useful to release it via web front-end (You can find detail in MySQL table: amavisd.quarantine):
| Terminal: |
# telnet localhost 9998 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. request=release mail_id=CynKoUgc0+Oz secret_id=cKj-gQxqqJsN quar_type=Q mail_file=CynKoUgc0+Oz recipient=www@a.cn setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025): %20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E |
And there's a mail log in postfix maillog file:
Aug 27 08:29:01 r6 amavis[3132]: (rel-CynKoUgc0+Oz) Quarantined message release (miscategorized): CynKoUgc0+Oz <root@r6.iredmail.org> -> <www@a.cn>
