Results 1 to 4 of 4

Thread: Easier Handling of Banned Content and Bad Header Messages

  1. #1
    Join Date
    Oct 2009
    Location
    Dublin, IRELAND
    Posts
    712
    Rep Power
    7

    Lightbulb Easier Handling of Banned Content and Bad Header Messages

    I have been trying to set up an easier way to manage emails that have bad headers and/or banned content attachments.

    I have come up the following configuration, and would like to hear feedback on whether I am introducing any unexpected weaknesses into the system by doing the following.

    1. Adding the following two settings in amavisd.conf.in file in /opt/zimbra/conf in order to send the items to a quarantine email account instead of a folder.


    $bad_header_quarantine_to = 'quarantineadmin@myco....com';
    $banned_quarantine_to = 'quarantineadmin@myco....com';


    2. Adding the following settings at the end of the master.conf.in file in /opt/zimbra/postfix/conf to allow smtp connections to postfix from a single machine on our network (192.168.1.100) to the server (192.168.1.209)


    192.168.1.209:10025 inet n - n - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o virtual_mailbox_maps=
    -o virtual_alias_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_milters=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,rej ect
    -o mynetworks_style=host
    -o mynetworks=192.168.1.100/32
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks,no_address_mappings


    3. Adding an IMAP Account to Thunderbird (or other email client) running on the machine with IP 192.168.1.100 (as defined in mynetworks setting above) for user quarantineadmin@myco....com to allow the examination of any quarantined emails. This user account can then forward any emails that are deemed to be acceptable directly to the local user through the new postfix connection bypassing the avavisd checks.


    For those of you who are more postfix savvy than I, is there a way to further restrict use of this smtpd connection to only the quarantineadmin@myco....com user.

    Thanks in advance for your thoughts.

  2. #2
    Join Date
    Apr 2010
    Posts
    14
    Rep Power
    5

    Question

    Thanks for sharing your solution!

    Can the quarantine email account in Zimbra server, i.e. if we setup the quarantine email account in the same domain as the one amavis work on, will that e-mail go through amavis again, quarantined again, and become a infinite loop until the e-mail become too big from additional headers?

    Thanks!
    Last edited by arifsaha; 09-21-2010 at 04:37 PM. Reason: wordings

  3. #3
    Join Date
    Oct 2009
    Location
    Dublin, IRELAND
    Posts
    712
    Rep Power
    7

    Default

    Quote Originally Posted by arifsaha View Post
    Thanks for sharing your solution!

    Can the quarantine email account in Zimbra server, i.e. if we setup the quarantine email account in the same domain as the one amavis work on, will that e-mail go through amavis again, quarantined again, and become a infinite loop until the e-mail become too big from additional headers?

    Thanks!
    Not if you set it up as I did with the additional allowed connection from an administrative machine to port 10025.

    By default amavisd listens on 10024, and the mail system passes emails to 10024 - through amavisd - then out from there to 10025 which is the mail sender.

    By configuring this special administrative connection direct to port 10025 - your client is sending the email directly to the mail sender - not back into amavisd.

    By the way - I use Thunderbird with an Add-on called Mail Redirect - which allows me to do a Resend on the good emails - this has the advantage that the original from address is intact in the SMTP envelope.

  4. #4
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Nice one.

    There'll be stg handy in 7.0 : Bug 11061 : amavisd virus quarantine should be to a mailbox

Similar Threads

  1. content filter attacked?
    By ahhhh in forum Administrators
    Replies: 2
    Last Post: 03-26-2007, 06:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •