1 (edited by shinobi_b_92 2020-03-05 21:03:02)

Topic: Amavis letting "Passed BANNED" email through

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.1 OPENLDAP edition (updated from 1.0)
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu (Server) 18.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have the following settings in my /etc/amavis/conf.d/20-debian_defaults

$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_BOUNCE;
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;

but Amavis is still letting "Passed BANNED" mails through. I read somewhere in the forum that policies are handled by SQL and in amavisd.policy and banned_files_lover has be set to N. So the related settings in 20-debian_defaults have no effect?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Amavis letting "Passed BANNED" email through

Global spam policy is also set in SQL table “amavisd.policy”, please update it too.

If you run iRedAdmin-Pro, please login to iRedAdmin-Pro as global admin, then go to “System -> Global Spam Policy” to manage it.

3

Re: Amavis letting "Passed BANNED" email through

ZhangHuangbin wrote:

Global spam policy is also set in SQL table “amavisd.policy”, please update it too.

If you run iRedAdmin-Pro, please login to iRedAdmin-Pro as global admin, then go to “System -> Global Spam Policy” to manage it.

Yep, that did it. But I'm still wondering why it has to be set in SQL table AS WELL, when it can be set in amavis configuration file too...

4

Re: Amavis letting "Passed BANNED" email through

I also encountered this problem today, it was really bad, about 50 users received infected .exe files and some of them of course opened it sad

What is the reasoning behind the option banned_files_lover being set to "Y" by default? This doesn't make any sense in production environment.

I noticed banned_files_lover is set to "N" only if I enable "Quarantine email which contains banned file types" in Iredadmin-Pro GUI. But I don't need to quarantine such files, I only want to block them!
If I update the SQL table, it works until any change is made via GUI, then the SQL entry banned_files_lover again goes back to "Y". I think this is a very dangerous bug and this setting should really default to "N" unless someone explicitly enables it.

5

Re: Amavis letting "Passed BANNED" email through

add wrote:

I noticed banned_files_lover is set to "N" only if I enable "Quarantine email which contains banned file types" in Iredadmin-Pro GUI. But I don't need to quarantine such files, I only want to block them!

Current solution is ignoring the quarantined messages if you don't like it. sad

add wrote:

If I update the SQL table, it works until any change is made via GUI, then the SQL entry banned_files_lover again goes back to "Y". I think this is a very dangerous bug and this setting should really default to "N" unless someone explicitly enables it.

I will add options for this in later release. Thanks for the feedback. smile