I have been trying to set up an easier way to manage emails that have bad headers and/or banned content attachments.
I have come up the following configuration, and would like to hear feedback on whether I am introducing any unexpected weaknesses into the system by doing the following.
1. Adding the following two settings in amavisd.conf.in file in /opt/zimbra/conf in order to send the items to a quarantine email account instead of a folder.
$bad_header_quarantine_to = 'quarantineadmin@myco....com';
$banned_quarantine_to = 'quarantineadmin@myco....com';
2. Adding the following settings at the end of the master.conf.in file in /opt/zimbra/postfix/conf to allow smtp connections to postfix from a single machine on our network (192.168.1.100) to the server (192.168.1.209)
192.168.1.209:10025 inet n - n - - smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks,no_address_mappings
3. Adding an IMAP Account to Thunderbird (or other email client) running on the machine with IP 192.168.1.100 (as defined in mynetworks setting above) for user quarantineadmin@myco....com to allow the examination of any quarantined emails. This user account can then forward any emails that are deemed to be acceptable directly to the local user through the new postfix connection bypassing the avavisd checks.
For those of you who are more postfix savvy than I, is there a way to further restrict use of this smtpd connection to only the quarantineadmin@myco....com user.
Thanks in advance for your thoughts.