1 Topic by shinobi_b_92 (edited by shinobi_b_92 2020-03-05 22:36:50)

  • shinobi_b_92
  • Member
  • Offline
  • Registered: 2020-02-13
  • Posts: 23

Topic: Amavis not sending BANNED/VIRUS warning message to external senders

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.1 OPENLDAP edition (updated from 1.0)
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu (Server) 18.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have a problem with warning messages in case of BANNED/VIRUS content.

I am using an external relayhost in my Postfix configuration and I have the following settings in my /etc/amavis/conf.d/20-debian_defaults

$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_BOUNCE;
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;

I have set warnbannedsender => 1 and warnvirussender => 1 in $policy_bank{'ORIGINATING'} of my /etc/amavis/conf.d/50-user and in amavis.policy SQL table, virus_lover is set to N and banned_files_lover is set to Y.

If I send a banned/virus file from user1@ourdomain.com to user2@ourdomain.com, user1@ourdomain.com receives the warning message accordingly.

example warning for sending banned file:


BANNED CONTENTS ALERT

Our content checker found
    banned name: application/x-msdownload,.image,.png,test.dll

in email presumably from you <user1@ourdomain.com>
to the following recipient:
-> user2@ourdomain.com

Our internal reference code for your message is ...


The warning comes from postmaster@ourdomain.com and also a report from postmaster@mail.ourdomain.com (why the mail. though?!) will be sent to postmaster@domain.com.

If the banned/virus file sender is from an external domain, the sender does not receive any warning! Nor any report will be sent to postmaster@domain.com.

My guess is that somehow Amavis/Postfix do not follow the same relayhost smtp settings for sending warning messages! What do I look for?

I also noticed that in my /etc/amavis/conf.d/50-user some settings do not match the ones in etc/amavis/conf.d/20-debian_defaults:

$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_DISCARD;

Is this normal?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 908

Re: Amavis not sending BANNED/VIRUS warning message to external senders

the warning messages are not sent trough a mail account, but trough a local user.
this is handled by the pickup service.

Here a quick guide for solveing this:

/etc/postfix/master.cf

add:

# smtp port used by HOSTEDDOMAINS to re-inject scanned email back to Postfix, with address mapping support
127.0.0.1:10030 inet n  -   n   -   -  smtpd
    -o syslog_name=postfix/10030
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks


find: pickup
change to:
pickup     unix  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10031


add/modify /etc/postfix/sender_canonical_maps

#Rewrite ALL senders from local users
/postmaster@mail.yourdomain.de/    postmaster@mail.yourdomain.de
/.+@mail.yourdomain.de/            no-reply@yourdomain.de

in file /etc/postfix/main.cf:

sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps

ONLY WORKS IF YOU DONT USE SRS TROUGH iredAPD!

for me it looks:

# SRS (Sender Rewriting Scheme) support
#sender_canonical_maps = tcp:127.0.0.1:7778
sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps
#sender_canonical_classes = envelope_sender
#recipient_canonical_maps = tcp:127.0.0.1:7779
#recipient_canonical_classes= envelope_recipient,header_recipient


in file /etc/amavis/conf.d/50-user change/add the following:

$inet_socket_port = [10024, 10026, 10031, 9998];

WARNING: ensure that u only add 10031 tho this ports, else you break the mailing lists! i removed them from my system!

Also, add the following policy to the same file:

$interface_policy{'10031'} = 'HOSTEDDOMAINS';
$policy_bank{'HOSTEDDOMAINS'} = {
    originating                            => 1,
    allow_disclaimers                    => 1,
    enable_dkim_signing                    => 1,

    virus_admin_maps                    => ["root\@$mydomain"],
    spam_admin_maps                        => ["root\@$mydomain"],
    bad_header_admin_maps                => ["root\@$mydomain"],
    banned_admin_maps                    => ["root\@$mydomain"],
   
    final_spam_destiny                  => D_REJECT,
    final_virus_destiny                    => D_REJECT,
    final_banned_destiny                => D_REJECT,
    final_bad_header_destiny            => D_REJECT,
   
    bypass_spam_checks_maps            => [0],
    bypass_virus_checks_maps        => [0],
    bypass_banned_checks_maps        => [0],
    bypass_header_checks_maps        => [0],
   
    spam_tag_level_maps                  => [-999],
    spam_tag2_level_maps             => [2],
    spam_tag3_level_maps             => [3],
    spam_kill_level_maps            => [3],
    spam_dsn_cutoff_level_maps         => [3],
   
    warnbadhsender                    => 0,
    warnbannedsender                => 0,

    smtpd_discard_ehlo_keywords => ['8BITMIME'],
    terminate_dsn_on_notify_success => 0,
};

You sure can modify some things as you want.

then run postmap /etc/postfix/sender_canonical_maps to create the database.

restart postfix, amavis

every sent mail from one of your local users is now picked up by pickup, gets its sender rewritten to no-reply@yourdomain.de, and then passed to amavis, which can and will do disclaimer and dkim signing, and then rerouted to delivery and finally sent to the mailbox.

I hope i didnt forget anything, ensure to backup your files before trying it.

Hope it works for you!