1

Topic: [FAQ] Quarantining SPAM with Amavisd

Hi, all.

Here's a simple tutorial to achieve quarantining SPAM messages with Amavisd. Please help test it. If no other issue, i will consider achieve it in iRedMail-0.7.0, and improve iRedAdmin-Pro to manage quarantined messages.

- Quarantining Messages
  http://www.iredmail.org/wiki/index.php? … g.Messages

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [FAQ] Quarantining SPAM with Amavisd

wouldn't it be better if quarantined messages also stored in mysql, so that we can choose if they should either be in the filesystem or mysql. example for configuration for mysql storage is in the README.sql-mysql.txt text file above the 'quarantine' table create statement

3

Re: [FAQ] Quarantining SPAM with Amavisd

it would be great if you can give me some config example.

Personally, i think storing quarantined mails on file system would be better for performance, and reduce sql database size. What's your opinion?

4

Re: [FAQ] Quarantining SPAM with Amavisd

i use the sql storage mainly for a php based solution (on a per user basis) to review the spammails und reinject them to the mailsystem. database size is on my installtion not a big problem, because i have the suggested clean up statements from the README.sql-mysql.txt for the tables in my crontab. it's right that the db will else get bigger and bigger. for me it is a little bit easier to handle it through the webfrontend or directly on the db instead with command line tools.

here are the changed config entries for amavisd-new (the AM.PDP is used by the web frontend to communicate with amavisd without invoking shell code):


$inet_socket_port = [10024, 10026, 9998];
$inet_socket_bind = undef;

@storage_sql_dsn =
( ['DBI:mysql:database=****;host=127.0.0.1;port=3306', '***', '***']);

$interface_policy{’9998′} = ‘AM.PDP’;

$policy_bank{‘AM.PDP’} = {
protocol => ‘AM.PDP’,
inet_acl => [qw( 127.0.0.1 127.0.1.1 [::1] 192.168.120.1 )],
};

$banned_files_quarantine_method = ‘sql:’;
$spam_quarantine_method         = ‘sql:’;

5

Re: [FAQ] Quarantining SPAM with Amavisd

Great, thanks for your sharing.

Would you mind sharing us some more details:

* How many SPAMs are quarantined per-day?
* How do you release them?
* Do you think sql storage is good enough for a busy server?

6 (edited by BigMichi1 2010-08-26 16:24:52)

Re: [FAQ] Quarantining SPAM with Amavisd

on my system with 15 users i got around 100-200 spam massages per day, in the last time the amount decreased to 50-100.

for releasing i use MailZu http://sourceforge.net/projects/mailzu/ (i know it is a little bit outdated, but also allows me to edit the policys),  long time before i used ClamAV webmin http://wbmclamav.labs.libre-entreprise.org/ , and i also tested PostVisAdmin http://postvisadmin.sourceforge.net/ but here i had some problems to display the stored mails

i can't really say how it would affect a really busy server, i think the little overhead due to the mysql storage is acceptable if you would have a comfortable way to work then with the spam, but i can't give you some benchmarks, because never did them smile

7

Re: [FAQ] Quarantining SPAM with Amavisd

Thanks for your sharing, @BigMichi1.

I will try to achieve it this way:

* Store SPAM/Virus on file system for, in my opinion, better performance.
* Display quarantined mail related information in iRedAdmin-Pro. But seems we can only display mail size, sender, recipient, subject.
* Since iRedAdmin-Pro is running as user "iredadmin", i will add sudo privilege to "iredadmin", so that we can release quarantined mails with command "amavisd-release" in iRedAdmin-Pro.

8

Re: [FAQ] Quarantining SPAM with Amavisd

How you store quarantine messages will have affect on performance depending on the number of messages. For high volume server, mysql should be far better. ANd it would greately improve if database maintenace is done, and if, for example, quarantine messages do have a time limit on how long they should be kept, let say 30 days, after which they can b eeither deleted or submited as spam, since nobody was looking for them.

As releasing messsages from quarantine is not a web email client, but administrative function, the need for the content of the message is not there. aving message in sql will simplify displaying first , lets say, 100 charactters of the message, just to give idea of message content.

Displaying sender, receipient and subject is sufficient to come to edicated decision about if message should be released or not. When yo think of it, if message is coming from unknown sender, with unexpected subject, it is probably a message that you could not care less about. Receipient is important in situation where domain admin is the only one who will release messages. When receipient A comes to them adn ask for email from sender B, they know exacly what to look for.

When it comes to releasing it is important to ad feature if sender can be automagicaly addedd to whitelist, just to prevent future events if sender is sending banned file types. Or to create a SA rule, with negative score, if content si the reason for banning. Either way there should be an interface to manage those exclusion from the rules imposed on the system wide.

9

Re: [FAQ] Quarantining SPAM with Amavisd

I changed wiki page, storing quarantined mails in SQL by default, providing release method with port '9998'. Still need a crontab job to cleanup database.

@011, seems SQL storage is better for management, e.g. display mail subject, mail body, filenames of attachments, sender/recipient address, add sender address to whitelist after released, etc.

10

Re: [FAQ] Quarantining SPAM with Amavisd

SQL storage is the only way if you want efficient quarantine handling method and the plan is to use web intefrace for the job. And this is what iRedMAil thing is. everything is done and accessed via web or email services.