Hello Hans, On Sat, 2013-07-13 at 18:00 +0200, Hans Spaans wrote: > The default is D_PASS, so did you change it or does Fedora supply amavis > with this setting?
This is indeed a setting as shipped by Fedora EPEL. Not sure what Fedora the distro does, but I'd guess they might be doing the same. If this is an invalid configuration then perhaps it should not be possible to configure amavis this way? But if amavis *can* be configured this way I'd say the mail wiggling itself from the quarantine should at least be scanned by spamassassin. > If the later is the case, then a bugreport may be > wise. Bouncing after an OK on the SMTP DATA phase will get you > blacklisted sooner or later. I prefer sooner btw ;-) Since I originally sent this email (with a different subject) a few weeks ago I have altered my configuration to $final_bad_header_destiny = D_PASS. > > Received: from unknown (HELO localhost) > > ([email protected]@2.2.2.2) by 1.1.1.1 with ESMTPA; > > Source routing, haven't seen that one for years. You're willing to > publish the IP? Well, actually all the messages that managed to get through by using this "no return path" trick do this. Could be a dozen or more. This particular address has a name that suggests a dynamic IP network under the domain vologda.ru (shpd-2-2-2-2.vologda.ru). > > The missing date header puts the mail in quarantine and the missing > > Return-Path breaks the bouncing so the mail gets sent without having > > been scanned by spamassassin: > > Yes and no, the missing return-path is there to break the mail loop that > otherwise could emerge. It is a special case, you may want to read RFC > 2822 if I'm not mistaken. > > > > <cut> > > > > And the mail gets delivered to my mailbox. > > You have setup amavis to use your address as an administrator address or > something like it? No that would be postmaster and there is no translation from the postmaster address to my email address. Only the straight forward email -> user translation. Jun 14 12:51:54 host postfix/virtual[2220]: D642542: to=<[email protected]>, orig_to=<[email protected]>, relay=virtual, delay=0.11, delays=0.07/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to maildir) It's not like the message is being handled as a quarantine after the bounce has failed. Amavis hands it back to postfix which delivers it. > > How can I assure that mail that fails to bounce at least gets scanned by > > spamassassin? > > Reading your logs, your DKIM setup appears to be broken as it tries to > sign a non-local domain, but doesn't has the right keys luckily. You may > want to follow the submission port style signing if you mix a receiving > MTA with a sending MTA on the same box. Last year when I was looking into DKIM I added 0.0.0.0/8 to @mynetworks as per the instructions at http://www.ijs.si/software/amavisd/amavisd-new-docs.html section "For the impatient - signing from scratch". At that time I didn't give it any thought, but looking into this in relation to this issue the adding of this network seemed very wrong, so I removed that addition to @mynetworks. See also my mail from June 16th. I didn't make the effort to add DKIM signing yet. Regards, Leonard.
