1

Topic: Amavisd signing incoming spam

Hi.

Back to my "spam with own addresses problem". Not only that I'm starting receiving lots of spams with "From: myownaddress@mydomain.tld" (but with different return-path), but I also see Amavis signing them.

How should I configure amavis so it won't sign incoming mails, ever?

I see that in amavisd.conf I have (untouched since the install):

$inet_socket_port = 10024;   # listen on this local TCP port(s)
# $inet_socket_port = [10024,10026];  # listen on multiple TCP ports

$originating = 1;

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 0, # enables disclaimer insertion if available
};

$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 0,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["root\@$mydomain"],
  spam_admin_maps  => ["root\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

So, in other words, amavisd is not listening to port 10026 . Also, this is disabled in master.cf:

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#  -o content_filter=smtp-amavis:[127.0.0.1]:10026

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o content_filter=smtp-amavis:[127.0.0.1]:10026


So, the only policy bank that is activated is MYNETS. Doesn't this mean that amavis has no way of differencing authenticated users' messages from remote incoming ones? So it automatically signs everything which contains a local domain? (Because mynets => originating, and I think it should be 0 here). Or is there any other way of making amavisd not signing incoming messages?

2

Re: Amavisd signing incoming spam

Try to remove '#' in postfix master.cf on transport "submission" and "smtps", and append '10026' in amavisd.conf "$inet_socket_port = ".

3

Re: Amavisd signing incoming spam

ZhangHuangbin wrote:

Try to remove '#' in postfix master.cf on transport "submission" and "smtps", and append '10026' in amavisd.conf "$inet_socket_port = ".

Unfortunately it's not as easy as that, because authenticated users can also send messages using port 25, not only 587 and 465. Still looking for a solution to properly separate authenticated users' mail from external incoming one, must test some things first.