1

Topic: Bypass amavis sender

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  mysql
- Web server (Apache or Nginx): apache
- Manage mail accounts with iRedAdmin-Pro? YES
====
I have to bypass some email from specified email address (no virus/spam/header/etc check). They sending zipped .exe files.

I tried to add this lines but not working...

read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);
$interface_policy{'10026'} = 'BYPASS';
$policy_bank{'BYPASS'} = { # mail from the pickup daemon
bypass_virus_checks_maps => ['@whitelist_sender_maps'], # don't virus-check this mail
bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't spam-check this mail
bypass_banned_checks_maps => ['@whitelist_sender_maps'], # don't banned-check this mail
bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't header-check this mail
};

I tried to send latest putty.exe zipped....

Jan 18 12:12:07 mailsrv postfix/submission/smtpd[17893]: connect from unknown[xxx.xxx.xxx.xxx]
Jan 18 12:12:07 mailsrv postfix/submission/smtpd[17893]: Anonymous TLS connection established from unknown[xxx.xxx.xxx.xxx]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jan 18 12:12:07 mailsrv postfix/submission/smtpd[17893]: C839D3C00F8: client=unknown[xxx.xxx.xxx.xxx], sasl_method=PLAIN, sasl_username=xxx@xxxx.xx
Jan 18 12:12:08 mailsrv postfix/cleanup[17902]: C839D3C00F8: message-id=<5ba69f88-efd6-e333-315d-cb3fa797107b@xxxx.xx>
Jan 18 12:12:08 mailsrv postfix/qmgr[1426]: C839D3C00F8: from=<whitelited@email.tld>, size=589393, nrcpt=1 (queue active)
Jan 18 12:12:08 mailsrv postfix/submission/smtpd[17893]: disconnect from unknown[xxx.xxx.xxx.xxx] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Jan 18 12:12:09 mailsrv clamd[797]: /var/lib/amavis/tmp/amavis-20180118T120557-17746-BoSrMifA/parts/p005: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL(7d8ba8c05c125672077c7fdb5daac89f:581411) FOUND
Jan 18 12:12:09 mailsrv postfix/smtpd[17919]: connect from localhost[127.0.0.1]
Jan 18 12:12:09 mailsrv postfix/smtpd[17919]: B75B13C0613: client=localhost[127.0.0.1]
Jan 18 12:12:09 mailsrv postfix/cleanup[17902]: B75B13C0613: message-id=<VAxuMSuGDC4Drv@mailsrv.xxxxx.xx>
Jan 18 12:12:09 mailsrv postfix/qmgr[1426]: B75B13C0613: from=<root@mailsrv.xxxxx.xx>, size=2592, nrcpt=1 (queue active)
Jan 18 12:12:09 mailsrv postfix/smtpd[17919]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jan 18 12:12:09 mailsrv postfix/cleanup[17902]: C0D303C05B7: message-id=<VAxuMSuGDC4Drv@mailsrv.xxxxx.xx>
Jan 18 12:12:09 mailsrv postfix/local[17920]: B75B13C0613: to=<root@mailsrv.xxxxx.xx>, relay=local, delay=0.05, delays=0.01/0.02/0/0.02, dsn=2.0.0, status=sent (forwarded as C0D303C05B7)
Jan 18 12:12:09 mailsrv postfix/qmgr[1426]: C0D303C05B7: from=<root@mailsrv.xxxxx.xx>, size=2728, nrcpt=1 (queue active)
Jan 18 12:12:09 mailsrv amavis[17746]: (17746-02) Blocked INFECTED (Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL) {DiscardedInternal,Quarantined}, ORIGINATING LOCAL [xxx.xxx.xxx.xxx]:29514 [xxx.xxx.xxx.xxx] <xxx@xxxx.xx> -> <xxx@xxxx.xx>, quarantine: xuMSuGDC4Drv, Queue-ID: C839D3C00F8, Message-ID: <5ba69f88-efd6-e333-315d-cb3fa797107b@xxxx.xx>, mail_id: xuMSuGDC4Drv, Hits: -, size: 589393, 923 ms
Jan 18 12:12:09 mailsrv postfix/qmgr[1426]: B75B13C0613: removed
Jan 18 12:12:09 mailsrv postfix/smtp[17907]: C839D3C00F8: to=<xxx@xxxx.xx>, relay=127.0.0.1[127.0.0.1]:10026, delay=2.2, delays=1.2/0/0.02/0.94, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=17746-02 - INFECTED: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL)
Jan 18 12:12:09 mailsrv postfix/qmgr[1426]: C839D3C00F8: removed
Jan 18 12:12:09 mailsrv postfix/pipe[17921]: C0D303C05B7: to=<postmaster@xxxx.xx>, relay=dovecot, delay=0.1, delays=0.01/0.01/0/0.08, dsn=2.0.0, status=sent (delivered via dovecot service)
Jan 18 12:12:09 mailsrv postfix/qmgr[1426]: C0D303C05B7: removed

Can you help me?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Bypass amavis sender

Did you try this:

*) Login to iRedAdmin-Pro
*) Go to user profile page (the user you want to bypass ban file checks)
*) Click tab "Spam Policy", make sure option "Enable banned file type checking" is not checked.

https://docs.iredmail.org/images/iredadmin/user_profile_spampolicy.png