1

Topic: how to send quarantine notification to a group of user

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Iredadmin-Pro 3.0
Iredmain  0.9.7
centos 7

Hi Zhang,
If we want to send the notification instead of the receiver could we?
as below, we set and not success
However, admin is not receiving email about the quarantine even thou setting should be ok:

/etc/amavisd/amavisd.conf:

$virus_admin = "group_it@ourdomain.com";
$spam_admin = undef;
$banned_admin = "group_it@ourdoamin.com";
$bad_header_admin = undef;

Please advise
Napoleon.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: how to send quarantine notification to a group of user

With iRedMail-0.9.7, we use default spam policy stored in SQL table "amavisd.policy". Global policy has sql value "policy.policy_name='@.'", Please change its "virus_admin", "spam_admin" values to the group email.

3 (edited by napoleon.lam 2017-11-09 12:11:27)

Re: how to send quarantine notification to a group of user

ZhangHuangbin wrote:

With iRedMail-0.9.7, we use default spam policy stored in SQL table "amavisd.policy". Global policy has sql value "policy.policy_name='@.'", Please change its "virus_admin", "spam_admin" values to the group email.

Hi Zhang,

  I get the below error message
Nov  5 03:17:39 ct-openldap postfix/pipe[19035]: 2CD29A1604D3: to=<group_it@ourdomain.com>, relay=dovecot, delay=0.12, delays=0.09/0.01/0/0.02, dsn=4.3.0, status=deferred (bounce or trace service failure)
Nov  5 03:17:39 ct-openldap postfix/pipe[19036]: 2E784A160500: to=<group_it@ourdomain.com>, relay=dovecot, delay=0.11, delays=0.09/0.01/0/0.02, dsn=4.3.0, status=deferred (bounce or trace service failure)
Nov  5 03:17:39 ct-openldap postfix/pipe[19038]: warning: 2F480A160506: defer service failure
Nov  5 03:17:39 ct-openldap postfix/pipe[19038]: 2F480A160506: to=<group_it@ourdomain.com>, relay=dovecot, delay=0.11, delays=0.08/0.02/0/0.01, dsn=4.3.0, status=deferred (bounce or trace service failure)

this group_it@ourdomain.com is a mail list, is that okey? we could not received any of the spam quarantine notification

4

Re: how to send quarantine notification to a group of user

napoleon.lam wrote:

this group_it@ourdomain.com is a mail list, is that okey? we could not received any of the spam quarantine notification

Does it work if you use a normal mail address to receive the notification?

5

Re: how to send quarantine notification to a group of user

ZhangHuangbin wrote:
napoleon.lam wrote:

this group_it@ourdomain.com is a mail list, is that okey? we could not received any of the spam quarantine notification

Does it work if you use a normal mail address to receive the notification?

Hi Zhang,
  It work for individual email, i have received many notification

6

Re: how to send quarantine notification to a group of user

Hi Zhang,

but should this spam should go to quarantine instead. please teach me how to do it?
Below is one of the notice.


Content type: Spam
Internal reference code for the message is 03828-11/xqHcBkjPK49h

First upstream SMTP client IP address: [120.92.101.237]:60364

Received trace: ESMTPS://[120.92.101.237]:60364 < 120.92.101.237

Return-Path: <post4@gotraining96.com>
From: "tamo" <post4@gotraining96.com>
Message-ID: <20171110115832445017@gotraining96.com>
X-Mailer: Foxmail 6, 13, 102, 15 [cn]
Subject: 企业高管(含外籍、外派人士)个人所得税详解
Not quarantined.

The message WILL BE relayed to:
<carl.shen@ourdomain.com>

Spam scanner report:
Spam detection software, running on the system "ct-openldap", has identified this incoming email as possible spam.  The original message has been attached to this so you can view it or label similar future email.  If you have any questions, see the administrator of that system for details.


   [...]

Content analysis details:   (13.7 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: qygltraining.cn]
3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                            [120.92.101.237 listed in zen.spamhaus.org]
2.6 RCVD_IN_SBL            RBL: Received via a relay in Spamhaus SBL
1.6 RCVD_IN_BRBL_LASTEXT   RBL: No description available.
                            [120.92.101.237 listed in bb.barracudacentral.org]
2.5 URIBL_DBL_SPAM         Contains a spam URL listed in the DBL blocklist
                            [URIs: trainingservereighty-one.com]
0.1 URIBL_SBL_A            Contains URL's A record listed in the SBL blocklist
                            [URIs: trainingservereighty-one.com]
0.0 HTML_MESSAGE           BODY: HTML included in message
0.3 HTML_FONT_FACE_BAD     BODY: HTML font face is not a word
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
                            background
1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS

7

Re: how to send quarantine notification to a group of user

HI Zhang,
  Aside from my question above, i found out iredmail quarantine all mail with rar zip attachment, if i like it to scan the content inside and pass when there is no virus, how could i have it set.

Thanks
Napoleon

8

Re: how to send quarantine notification to a group of user

Do you have setting like below in Amavisd config file?

$banned_namepath_re = new_RE(
    [qr'T=(rar|arc|arj|zoo|gz|bz2)(,|\t)'xmi => 'DISCARD'],     # Compressed file types
    ...
};

Second line will block compressed files (rar, arc, zrj, zoo, gz, bz2). You should comment out this line and restart Amavisd service.

9 (edited by napoleon.lam 2017-11-14 16:26:16)

Re: how to send quarantine notification to a group of user

ZhangHuangbin wrote:

Do you have setting like below in Amavisd config file?

$banned_namepath_re = new_RE(
    [qr'T=(rar|arc|arj|zoo|gz|bz2)(,|\t)'xmi => 'DISCARD'],     # Compressed file types
    ...
};

Second line will block compressed files (rar, arc, zrj, zoo, gz, bz2). You should comment out this line and restart Amavisd service.

Hi Zhang,

could that compressed files be scan for virus if i release the blocking?

Thanks
Napoleon

10

Re: how to send quarantine notification to a group of user

If compressed file is not protected by a password, Amavisd will uncompress it and scan.