Anders wrote: > I just don't seem to get it right.
> I have this: > $final_virus_destiny = D_BOUNCE; > $final_banned_destiny = D_BOUNCE; > $warnvirussender = 1; > $warnbannedsender = 1; No need to set these if $final_*_destiny is D_BOUNCE. D_BOUNCE triggers sender notification. These only make sense when something other than D_BOUNCE is used. And, sending bounce notices to virus senders is generally regarded as a bad idea at any rate. Nearly all modern email virues fake the sender's address, so you are spamming (and confusing) innocent bystanders. > $warnvirusrecip = 1; > $warnbannedrecip = 1; > When I send a virus to one of my other accounts, I get a recipient > notification from Amavis about the fact, same when I send a banned file > (DLL). > To the SENDING account, I get a notice from Amavis when sending the > banned content, but from Postfix for the virus mail. (Eicar test) Just a note (not related): If using the eicar_com dot zip file containing eicar dot com it *may* not be detected by clamav. Read the log to see if is was actually detected as banned, or virus. > So, the virus sender doesn't get the text specified in my template, but > a standard Postfix message. What statement do you have in header/body checks that may have triggered a postfix bounce (if any)? What is the reason Postfix gave for the bounce? > I thought my master.cf setting; > localhost:10025 inet n - n - - smtpd > -o receive_override_options=no_header_body_checks > Would skip that, and only Amavis should take care of rejections based on > content. Am I thinking wrong here? Do you also have $virus_admin set? If so, it could cause additional confusion because an additional notice is sent. Consider your @viruses_that_fake_sender_maps setting. If it is not changed from the default, the sender may not be notified. Add this to amavisd.conf if you don't have one now - or modify yours and comment out needed items. @viruses_that_fake_sender_maps = (new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i, qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i, qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i, qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i, qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc # [qr'^(EICAR|Joke\.|Junk\.)'i => 0], # [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0], # [qr/^/ => 1], # true by default (remove or comment-out if undesired) )); I assume the sender's domain is not listed in @local_domains_maps and the recipient's is. If not, ideally test under these conditions. Gary V ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
