1 Topic by vmos (edited by vmos 2014-02-17 23:41:51)

  • vmos
  • Member
  • Offline
  • Registered: 2013-08-30
  • Posts: 25

Topic: getting amavis to notify spam senders ONLY if they are internal users?

==== Required information ====
- iRedMail version: 1.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Linux/BSD distribution name and version: ubuntu precise
- Related log if you're reporting an issue:
====

I'm trying to get amavis to notify people if they're blocked by the spam filters, but only if they're valid internal users. I would have thought that putting

$final_spam_destiny       = D_BOUNCE;

into the myusers group in amavis/conf.d/50-user would do the trick, but this sends a bounceback to external spammers as well.

Is such a thing even possible?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: getting amavis to notify spam senders ONLY if they are internal users?

I guess you need 'warnspamsender => 1,' in policy bank 'MYUSERS'.

3 Reply by vmos (edited by vmos 2014-02-18 18:53:58)

  • vmos
  • Member
  • Offline
  • Registered: 2013-08-30
  • Posts: 25

Re: getting amavis to notify spam senders ONLY if they are internal users?

The best I've acheived so far is by using D_REJECT, which notifies the sending MTA rather than replying direct to the sender. In the tests I've run, this means that an email goes to the originating server, so if you're a spammer spoofing the address bill.gates@hotmail.com, then the spamming server gets notices (and may send an email) but bill.gates doesn't get a bounceback flood. If it's actually bill sending the spam from hotmail then, he should get a bounceback.

The downside is that if the spammer could relay via hotmail while spoofing the address of another hotmail user, then the spoofed user would get bouncebacks. However, I'm not sure if that's even possible.


/edit actually, this isn't entirely the case. If I use one of our old (horribly configured) mail platforms, I can spoof the address of a user on an entirely different mail platform. Now the mail platform of the spoofed user is smart enoughto reject those bouncebacks (although I'm not sure how) but it's still noise.