IRedMail/FAQ/Quarantining.Messages

From iRedMail

(Difference between revisions)
Jump to: navigation, search
(Configure Amavisd)
Line 8: Line 8:
= Summary =
= Summary =
When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.
When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.
 +
 +
= Create MySQL database =
 +
Create database for Amavisd, so that it can quarantine SPAM mails into SQL database.
 +
 +
Import MySQL template structure:
 +
{{cmd|<pre>
 +
# cd /tmp/
 +
# wget http://iredmail.googlecode.com/hg/iRedMail/samples/amavisd.mysql
 +
# mysql -uroot -p
 +
mysql> CREATE DATABASE amavisd DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 +
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON amavisd.* TO "amavisd"@localhost IDENTIFIED BY 'secret_passwd';
 +
mysql> USE amavisd;
 +
mysql> SOURCE /tmp/amavisd.mysql;
 +
mysql> FLUSH PRIVILEGES;
 +
</pre>}}
= Configure Amavisd =
= Configure Amavisd =
Enable a spam quarantine by setting the following variables:
Enable a spam quarantine by setting the following variables:
{{cfg|/etc/amavisd.conf|<pre>
{{cfg|/etc/amavisd.conf|<pre>
-
#
 
# Set default action when found SPAM.
# Set default action when found SPAM.
-
#
 
$final_spam_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
-
#
 
# Port 9998 used to release quarantined mails via network. e.g. telnet.
# Port 9998 used to release quarantined mails via network. e.g. telnet.
-
#
 
$inet_socket_port = [10024, 9998];
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP-INET';
$interface_policy{'9998'} = 'AM.PDP-INET';
Line 28: Line 39:
};
};
-
#
+
# Store quarantined mails in SQL database.
-
# Filename of SPAM email in $QUARANTINEDIR.
+
-
# Below is a complete list of place-holders currently recognized in filename templates:
+
-
#  %P  =>  $msginfo->partition_tag
+
-
#  %b  =>  $msginfo->body_digest
+
-
#  %m  =>  $msginfo->mail_id
+
-
#  %n  =>  $msginfo->log_id
+
-
#  %i  =>  iso8601 timestamp of a message reception time by amavisd
+
-
#  %%  =>  %
+
-
#
+
-
#$spam_quarantine_method = 'local:spam-%i-%m';  # Store quarantined mails on local file system.
+
-
$spam_quarantine_method = 'sql:';    # Store quarantined mails in SQL database.
+
-
 
+
-
#
+
-
# What to do with SPAM emails.
+
-
# - spam-quaranteine: Put SPAM in quarantine directory.
+
-
# - postmaster@domain.ltd: Send SPAM to "postmaster@domain.ltd".
+
-
# - undef: Do nothing with SPAM.
+
-
#
+
$spam_quarantine_to = 'spam-quarantine';
$spam_quarantine_to = 'spam-quarantine';
 +
$spam_quarantine_method = 'sql:';
-
#
+
# Use which database.
-
# Send notification to admin.
+
-
#
+
-
#$spam_admin = 'postmaster@domain.ltd;
+
-
 
+
-
#
+
-
# Store quarantied mails in SQL.
+
-
#
+
@storage_sql_dsn = (['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'user1', 'passwd1']);
@storage_sql_dsn = (['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'user1', 'passwd1']);
-
</pre>}}
 
-
 
-
Create necessary database and import MySQL template structure:
 
-
{{cmd|<pre>
 
-
# cd /tmp/
 
-
# wget http://iredmail.googlecode.com/hg/iRedMail/samples/amavisd.mysql
 
-
# mysql -uroot -p
 
-
mysql> CREATE DATABASE amavisd DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 
-
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON amavisd.* TO "amavisd"@localhost IDENTIFIED BY 'secret_passwd';
 
-
mysql> USE amavisd;
 
-
mysql> SOURCE /tmp/amavisd.mysql;
 
-
mysql> FLUSH PRIVILEGES;
 
</pre>}}
</pre>}}

Revision as of 15:10, 26 December 2010

Contents


WARNING: TO BE CONTINUED, do NOT apply it on your product server.

TODO

Add cron jobs to cleanup amavisd.quarantine.

Summary

When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.

Create MySQL database

Create database for Amavisd, so that it can quarantine SPAM mails into SQL database.

Import MySQL template structure:

Terminal: 
# cd /tmp/
# wget http://iredmail.googlecode.com/hg/iRedMail/samples/amavisd.mysql
# mysql -uroot -p
mysql> CREATE DATABASE amavisd DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON amavisd.* TO "amavisd"@localhost IDENTIFIED BY 'secret_passwd';
mysql> USE amavisd;
mysql> SOURCE /tmp/amavisd.mysql;
mysql> FLUSH PRIVILEGES;

Configure Amavisd

Enable a spam quarantine by setting the following variables:

File: /etc/amavisd.conf 
# Set default action when found SPAM.
$final_spam_destiny = D_DISCARD;

# Port 9998 used to release quarantined mails via network. e.g. telnet.
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
  protocol => 'AM.PDP',  # select Amavis policy delegation protocol
  inet_acl => [qw( 127.0.0.1 [::1] )],  # restrict access to these IP addresses
  #auth_required_release => 0,  # don't require secret_id for amavisd-release
};

# Store quarantined mails in SQL database.
$spam_quarantine_to = 'spam-quarantine';
$spam_quarantine_method = 'sql:';

# Use which database.
@storage_sql_dsn = (['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'user1', 'passwd1']);

Testing

SpamAssassin ships a sample SPAM mail, you can use Outlook/Thunderbird/Mail.app to open it and send it to your local user, it should be blocked. and you will find similar message in log file (/var/log/maillog or /var/log/mail.log): 

Aug 27 07:53:49 r6 amavis[3131]: (03131-02) Blocked SPAM, <root@r6.iredmail.org> -> <www@a.cn>,
quarantine: CynKoUgc0+Oz, Message-ID: <20100826235349.9942AE0B5E@r6.iredmail.org>,
mail_id: CynKoUgc0+Oz, Hits: 1005.814, size: 1081, 153 ms

If you set $spam_quarantine_method = 'local:spam-%i-%m';, quarantined emails are stored under /var/virusmails/, and you can release this mail with command amavisd-release, it will resend this email to recipient:

Terminal: 
# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv
250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58

If you set $spam_quarantine_method = 'sql:';, SPAM mail will be stored in mysql database amavisd.quarantine, you can release it with telnet (port 9998), it's useful to release it via web front-end (You can find detail in MySQL table: amavisd.quarantine):

Terminal: 
# telnet localhost 9998
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
request=release
mail_id=CynKoUgc0+Oz
secret_id=cKj-gQxqqJsN
quar_type=Q
mail_file=CynKoUgc0+Oz	
recipient=www@a.cn

setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025):
%20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E

And there's a mail log in postfix maillog file: 

Aug 27 08:29:01 r6 amavis[3132]: (rel-CynKoUgc0+Oz) Quarantined message release (miscategorized): CynKoUgc0+Oz <root@r6.iredmail.org> -> <www@a.cn>

References

Retrieved from "http://www.iredmail.org/wiki/index.php?title=IRedMail/FAQ/Quarantining.Messages"
Personal tools