1

Topic: Block outbound spam with SpamAssassin

==== Required information ====
- iRedMail version: 086
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Linux/BSD distribution name and version: CentOS
- Related log if you're reporting an issue:
====

Greets,

I'm trying to block our users from *sending* spam via the webmail interface which sends via localhost/postfix.

I have changed /etc/amavisd/amavisd.conf:

    # don't perform spam/virus/header check.
    bypass_spam_checks_maps => [0],
    bypass_virus_checks_maps => [0],
    bypass_header_checks_maps => [0],

and I restarted amavisd:

I now see spam is being *detected* in the maillog:

amavis[3260]: (03260-06) Passed SPAM {RelayedOutbound}, MYUSERS [1.1.1.1]...

However, the X-Spam-Flag (along with others) is not being set in the headers (I checked on the receiving end).


1.  How can I ensure those headers are in fact set for outbound email?

2.  How can I actually BLOCK those spam emails from being sent at all by a local user?  eg, if the spam score is higher than 5, then return an SMTP error code, etc.

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Block outbound spam with SpamAssassin

henryzen wrote:

1.  How can I ensure those headers are in fact set for outbound email?

FAQ: http://www.iredmail.org/wiki/index.php? … -*_headers

henryzen wrote:

2.  How can I actually BLOCK those spam emails from being sent at all by a local user?  eg, if the spam score is higher than 5, then return an SMTP error code, etc.

You can either discard detected spam, or quarantine them into SQL database.
wiki tutorial: http://www.iredmail.org/wiki/index.php? … ining.SPAM

3 (edited by henryzen 2014-08-22 19:06:47)

Re: Block outbound spam with SpamAssassin

> Thanks!  That works well.

Update 1:  Nope, I spoke too soon.  Making that change:

$final_spam_destiny       = D_REJECT; #D_PASS;

means all INBOUND spam is also rejected (clients usually decide for themselves how to filter the spam classified email, so we don't to unconditionally reject inbound spam).  I only want to reject OUTBOUND spam (ie, any spam sent via submission on port 587 (permit_sasl_authenticated) and spam sent via our webmail interface.

As I mentioned before, the spam message is being correctly detected, but how do I reject the email if it's a message sent:

- from a sasl authenticated user, or
- a local user who is sending via webmail

Any ideas?  Apologies - my postfix experience is meagre.

Thanks

4

Re: Block outbound spam with SpamAssassin

Detecting spam is done by Amavisd, and you can try to add settings in '$policy_bank{'ORIGINATING'} = {}' block in Amavisd config file.

5

Re: Block outbound spam with SpamAssassin

ZhangHuangbin wrote:

Detecting spam is done by Amavisd, and you can try to add settings in '$policy_bank{'ORIGINATING'} = {}' block in Amavisd config file.

Thanks - this worked, added following:

  final_virus_destiny      => D_DISCARD,
  final_banned_destiny     => D_REJECT,
  final_spam_destiny       => D_REJECT,
  final_bad_header_destiny => D_REJECT,

to $policy_bank{'ORIGINATING'}, $policy_bank{'SASLBYPASS'} and $policy_bank{'MYUSERS'} (all for good measure).

Tests confirm outbound spam is being rejected, which is precisely what we want.

Final question now is how to *always* have X-Spam headers added to outbound mail, but I'll raise a second forum topic for that.

6

Re: Block outbound spam with SpamAssassin

henryzen wrote:

Final question now is how to *always* have X-Spam headers added to outbound mail, but I'll raise a second forum topic for that.

Reference: http://www.iredmail.org/wiki/index.php? … -*_headers