From iRedMail

Revision as of 10:20, 3 January 2011

WARNING: TO BE CONTINUED, do NOT apply it on your product server.

Summary

When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.

Integrate MySQL in Amavisd

We have to integrate MySQL in Amavisd first. Please follow steps in this tutorial:

• Integrate MySQL in Amavisd

Configure Amavisd

Enable spam quarantining in Amavisd. Make sure you have below settings in /etc/amavisd.conf (RHEL/CentOS/OpenSuSE) or /etc/amavis/conf.d/50-user (Debian/Ubuntu) or /usr/local/etc/amavisd.conf (FreeBSD):

#
# Set default action when found SPAM.
#
$final_spam_destiny = D_DISCARD;

#
# Port 9998 used to release quarantined mails via network. e.g. telnet.
#
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
  protocol => 'AM.PDP',  # select Amavis policy delegation protocol
  inet_acl => [qw( 127.0.0.1 [::1] )],  # restrict access to these IP addresses
  auth_required_release => 1,  # don't require secret_id for amavisd-release
};

#
# Store quarantined mails in SQL database.
#
$spam_quarantine_to = 'spam-quarantine';
$spam_quarantine_method = 'sql:';

Note: You must configure @storage_sql_dsn in amavisd.conf, it's described in: Integrate MySQL in Amavisd

Fix incorrect character set in Amavisd-new

Amavisd-new-2.6.x and older versions can't store non-ascii mail subject in MySQL correctly, you have to fix it manually.

Find this line in /usr/sbin/amavisd (RHEL/CentOS/OpenSuSE) or /usr/sbin/amavisd-new (Debian/Ubuntu) or /usr/local/sbin/amavisd (FreeBSD):

section_time('sql-connect');

Add one line BEFORE it:

$dbh->do("SET NAMES utf8"); 
section_time('sql-connect');

Testing

SpamAssassin ships a sample SPAM mail, you can use Outlook/Thunderbird/Mail.app to open it and send it to your local user, it should be blocked. and you will find similar message in log file (/var/log/maillog or /var/log/mail.log):

Aug 27 07:53:49 r6 amavis[3131]: (03131-02) Blocked SPAM, <root@r6.iredmail.org> -> <www@a.cn>,
quarantine: CynKoUgc0+Oz, Message-ID: <20100826235349.9942AE0B5E@r6.iredmail.org>,
mail_id: CynKoUgc0+Oz, Hits: 1005.814, size: 1081, 153 ms

If you set $spam_quarantine_method = 'local:spam-%i-%m';, quarantined emails are stored under /var/virusmails/, and you can release this mail with command amavisd-release, it will resend this email to recipient:

# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv
250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58

If you set $spam_quarantine_method = 'sql:';, SPAM mail will be stored in mysql database amavisd.quarantine, you can release it with telnet (port 9998), it's useful to release it via web front-end (You can find detail in MySQL table: amavisd.quarantine):

# telnet localhost 9998
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
request=release
mail_id=CynKoUgc0+Oz
secret_id=cKj-gQxqqJsN
quar_type=Q
mail_file=CynKoUgc0+Oz	
recipient=www@a.cn

setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025):
%20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E

And there's a mail log in postfix maillog file:

Aug 27 08:29:01 r6 amavis[3132]: (rel-CynKoUgc0+Oz) Quarantined message release (miscategorized): CynKoUgc0+Oz <root@r6.iredmail.org> -> <www@a.cn>

References

• Fighting Spam/Viruses with Amavisd-New, Maia and Postfix
• Integrate MySQL in Amavisd