Hi,
I am trying to find a solution to a setup, where I want to make sure that
infected machines on the inner side (MYNETWORKS) is'nt able to push
out big amounts of SPAM.
I have full control on SPAM coming from outside but want to have a mechanism
that can detect this situation primarily to avoid being blacklistet.
This is a University Enviroment and it is not a solution to discard outgoing
SPAM
primarily because just one positive could stop that application a scientist has
sent
to apply for funds to his research project and this they normally do in the
last minute.
Normally outgoing SPAM is'nt a problem but when a server/client gets hacked this
becomes a serious problem.
So I thought I could do following:
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by deflt, but let's make it explicit
terminate_dsn_on_notify_success => 0,
spam_kill_level_maps => 6.9,
spam_subject_tag2_maps => ["***SPAM ORIGINATED FROM LOCAL*** "],
virus_admin_maps => ["maspsr\@sdu.dk"], # alert of internal viruses
warnbadhsender => 1, # warn local senders about their broken MUA
final_spam_destiny => D_DISCARD,
spam_quarantine_method => 'pipe:argv=/usr/local/etc/mxgw/scripts/spambox.pl
spam-%b ${sender}' ,
spam_quarantine_cutoff_level_maps => undef,
};
and this way handle the mail in this script: spambox.pl.
When I look at the logs the scripts is called. I can't quite figure how. I
would expect the mail passed on STDIN but somehow
nothing happens. The logs below.
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31773]: (31773-01) DO_QUARANTINE,
pipe:argv=/usr/local/etc/mxgw/scripts/spambox.pl spam-%b ${sender},
<r...@hansen.its.sdu.dk> -> spam-quarantine, spam-quarantine
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31773]: (31773-01) SEND via PIPE:
<r...@hansen.its.sdu.dk> -> <spam-quarantine>,<spam-quarantine>
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31773]: (31773-01) mail_via_pipe running
command: /usr/local/etc/mxgw/scripts/spambox.pl spam-%b r...@hansen.its.sdu.dk
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31773]: (31773-01) run_command_consumer:
[31785] /usr/local/etc/mxgw/scripts/spambox.pl spam-%b r...@hansen.its.sdu.dk
>/dev/null 2>/dev/null
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31773]: (31773-01) write_header: 0,
IO::File=GLOB(0x6e05b28)
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31785]: (31773-01) open_on_specific_fd:
target fd0 closing, to become < &=14
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31785]: (31773-01) open_on_specific_fd:
target fd0 dup2 from fd14 < &=14
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31785]: (31773-01) open_on_specific_fd:
source fd14 closed
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31785]: (31773-01) open_on_specific_fd:
target fd1 closing, to become > /dev/null
Jan 18 13:52:13 mxgw1.sdu.dk amavis[31785]: (31773-01) open_on_specific_fd:
target fd2 closing, to become > /dev/null
Jan 18 13:52:14 mxgw1.sdu.dk amavis[31773]: (31773-01) mail_via_pipe
/usr/local/etc/mxgw/scripts/spambox.pl, exit 0, 250 2.6.0 Ok
Jan 18 13:52:14 mxgw1.sdu.dk amavis[31773]: (31773-01) one_response_for_all
<r...@hansen.its.sdu.dk>: success, r=0,b=0,d=0, ndn_needed=0, '250 2.6.0 Ok,
id=31773-01'
Jan 18 13:52:14 mxgw1.sdu.dk amavis[31773]: (31773-01) DO_QUARANTINE done
This is probably not the right way to deal with this problem. Can you please
correct me on this or just point me
into the direction to find the correct solution.
Regards
Peter Sørensen/Univ.Of.Southern Denmark/email:mas...@sdu.dk
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
