IRedMail/FAQ/Quarantining.Messages

From iRedMail
(Difference between revisions)
Jump to: navigation, search
(References)
 

Latest revision as of 07:24, 12 April 2011

Contents


Note: This tutorial is appliable for iRedMail-0.6.1 and earlier versions. If you're using iRedMail-0.7.0 and later versions, please refer to this tutorial.

[edit] Summary

When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.

[edit] Integrate MySQL in Amavisd

We have to integrate MySQL in Amavisd first. Please follow steps in this tutorial:

[edit] Configure Amavisd

Enable spam quarantining in Amavisd. Make sure you have below settings in /etc/amavisd.conf (RHEL/CentOS/OpenSuSE) or /etc/amavis/conf.d/50-user (Debian/Ubuntu) or /usr/local/etc/amavisd.conf (FreeBSD):

File: amavisd.conf
#
# Set default action when found VIRUS and SPAM.
#
$final_virus_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;

# Port 9998 used to release quarantined mails via network. e.g. telnet.
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
  protocol => 'AM.PDP',  # select Amavis policy delegation protocol
  inet_acl => [qw( 127.0.0.1 [::1] )],  # restrict access to these IP addresses
  auth_required_release => 1,  # don't require secret_id for amavisd-release
};

# Store quarantined mails in SQL database.
$spam_quarantine_to = 'spam-quarantine';
$spam_quarantine_method = 'sql:';

$virus_quarantine_to = 'virus-quarantine';
$virus_quarantine_method = 'sql:';

Note: You must configure @storage_sql_dsn in amavisd.conf, it's described in: Integrate MySQL in Amavisd

[edit] Testing

SpamAssassin ships a sample SPAM mail, you can use Outlook/Thunderbird/Mail.app to open it and send it to your local user, it should be blocked. and you will find similar message in log file (/var/log/maillog or /var/log/mail.log):

Aug 27 07:53:49 r6 amavis[3131]: (03131-02) Blocked SPAM, <root@r6.iredmail.org> -> <www@a.cn>,
quarantine: CynKoUgc0+Oz, Message-ID: <20100826235349.9942AE0B5E@r6.iredmail.org>,
mail_id: CynKoUgc0+Oz, Hits: 1005.814, size: 1081, 153 ms

If you set $spam_quarantine_method = 'local:spam-%i-%m';, quarantined emails are stored under /var/virusmails/, and you can release this mail with command amavisd-release, it will resend this email to recipient:

Terminal:
# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv
250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58

If you set $spam_quarantine_method = 'sql:';, SPAM mail will be stored in mysql database amavisd.quarantine, you can release it with telnet (port 9998), it's useful to release it via web front-end (You can find detail in MySQL table: amavisd.quarantine):

Terminal:
# telnet localhost 9998
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
request=release
mail_id=CynKoUgc0+Oz
secret_id=cKj-gQxqqJsN

setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025):
%20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E

And there's a mail log in postfix maillog file:

Aug 27 08:29:01 r6 amavis[3132]: (rel-CynKoUgc0+Oz) Quarantined message release (miscategorized):
CynKoUgc0+Oz <root@r6.iredmail.org> -> <www@a.cn>

[edit] References

[edit] ChangeLog

  • 2011-04-12: Add settings used to quarantine VIRUS into MySQL.
Personal tools