IRedMail/FAQ/Quarantining.Messages

From iRedMail

Revision as of 01:10, 27 August 2010 by ZhangHuangbin (Talk | contribs)
Jump to: navigation, search

Contents


WARNING: TO BE CONTINUED, do NOT apply it on your product server.

TODO

Add cron jobs to cleanup amavisd.quarantine.

Summary

When amavisd detects a spam email, it logs a message to its log file by default. It can also quarantine the email and/or notify an administrator. It can then generate a bounce message to the sender. Finally, it can either accept and deliver the message, or discard the message. Many different configuration variables are involved in these decisions.

Configure Amavisd

Enable a spam quarantine by setting the following variables:

File: /etc/amavisd.conf 
# Set quarantine directory. Default is /var/virusmails.
$QUARANTINEDIR = '/var/virusmails';

# Set default action when found SPAM.
$final_spam_destiny = D_DISCARD;

# Port 9998 used to release quarantined mails via network. e.g. telnet.
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
  protocol => 'AM.PDP',  # select Amavis policy delegation protocol
  inet_acl => [qw( 127.0.0.1 [::1] )],  # restrict access to these IP addresses
  #auth_required_release => 0,  # don't require secret_id for amavisd-release
};

# Filename of SPAM email in $QUARANTINEDIR.
# Below is a complete list of place-holders currently recognized in filename templates:
#   %P  =>  $msginfo->partition_tag
#   %b  =>  $msginfo->body_digest
#   %m  =>  $msginfo->mail_id
#   %n  =>  $msginfo->log_id
#   %i  =>  iso8601 timestamp of a message reception time by amavisd
#   %%  =>  %
#$spam_quarantine_method = 'local:spam-%i-%m';  # Store quarantined mails on local file system.
$spam_quarantine_method = 'sql:';    # Store quarantined mails in SQL database.

# What to do with SPAM emails.
# - spam-quaranteine: Put SPAM in quarantine directory.
# - postmaster@domain.ltd: Send SPAM to "postmaster@domain.ltd".
# - undef: Do nothing with SPAM.
$spam_quarantine_to = 'spam-quarantine';

# Send notification to admin.
#$spam_admin = 'postmaster@domain.ltd;

The following symbolic constants can be used in $final_spam_destiny:

  • D_DISCARD: Mail will not be delivered to its recipients, sender will NOT be notified. Effectively we lose mail (but will be quarantined unless disabled). Losing mail is not decent for a mailer, but might be desired.
  • D_BOUNCE: Mail will not be delivered to its recipients, a non-delivery notification (bounce) will be sent to the sender by amavisd-new; Exception: bounce (DSN) will not be sent if a virus name matches $viruses_that_fake_sender_re, or to messages from mailing lists, or for spam level that exceeds the $sa_dsn_cutoff_level.
  • D_REJECT: mail will not be delivered to its recipients, sender should preferably get a reject, e.g. SMTP permanent reject response.

Testing

SpamAssassin ships a sample SPAM mail, you can use Outlook/Thunderbird/Mail.app to open it and send it to your local user, it should be blocked. and you will find similar message in log file (/var/log/maillog or /var/log/mail.log): 

Aug 27 08:50:02 r6 amavis[2760]: (02760-01) Blocked SPAM, MYNETS LOCAL [192.168.187.1] [192.168.187.1]
<www@a.cn> -> <www@a.cn>, quarantine: s6t-HEG8Myl7, Message-ID: <4C770BB8.5090707@a.cn>, mail_id:
s6t-HEG8Myl7, Hits: 995.936, size: 1341, 274 ms

If you set $spam_quarantine_method = 'local:spam-%i-%m';, quarantined emails are stored under /var/virusmails/, and you can release this mail with command amavisd-release, it will resend this email to recipient:

Terminal: 
# amavisd-release S/spam-20100825T234859-SX9PrjWLAKOv
250 2.0.0 Ok, id=rel-SX9PrjWLAKOv, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5D6ECE0B58

If you set $spam_quarantine_method = 'sql:';, SPAM mail will be stored in mysql database amavisd.quarantine, you can release it with telnet (port 9998), it's useful to release it via web front-end (You can find detail in MySQL table: amavisd.quarantine):

Terminal: 
# telnet localhost 9998
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
request=release
mail_id=CynKoUgc0+Oz
secret_id=cKj-gQxqqJsN
quar_type=Q
mail_file=CynKoUgc0+Oz	
recipient=www@a.cn

setreply=250 2.0.0 Ok,%20id=rel-CynKoUgc0+Oz,%20from%20MTA([127.0.0.1]:10025):
%20250%202.0.0%20Ok:%20queued%20as%20F00DDE0B5E

And there's a mail log in postfix maillog file: 

Aug 27 08:29:01 r6 amavis[3132]: (rel-CynKoUgc0+Oz) Quarantined message release (miscategorized): CynKoUgc0+Oz <root@r6.iredmail.org> -> <www@a.cn>

References

Retrieved from "http://www.iredmail.org/wiki/index.php?title=IRedMail/FAQ/Quarantining.Messages"
Personal tools