AW: [AMaViS-user] forwarding viruses to host

[Miro Dietiker, MD Systems]

OOPS: wrong sender address taken the mail before! Retry:

Thanks Gary, i found the solution with your help :)

Gary V wrote:

>I'm not exactly clear on all points of your setup but
>maybe this would work (or at least give you one idea).

>check_client_access hash:/etc/postfix/amavis_quarantine

>/etc/postfix/amavis_quarantine:
>192.168.1.15 FILTER smtp-amavis:[127.0.0.1]:10026

>in amavisd.conf:
>$inet_socket_port = [10024,10026];

Since both servers run standard Webserver/Mailserver environment, they
should communicate under each other using the same path as external
servers. Opening a second port with separate rules would be an oversized
solution.


>Then set up a policy bank. This will override amavisd-new's configured 
>settings for any message received on port 10026. 
>$interface_policy{'10026'} = 'QUARANTINE'; $policy_bank{'QUARANTINE'} =

>{  bypass_spam_checks_maps => [[qw( [EMAIL PROTECTED] )]],
> bypass_banned_checks_maps => [[qw( [EMAIL PROTECTED] )]],
> bypass_virus_checks_maps => [[qw( [EMAIL PROTECTED] )]],
> ...
> Gary V

And this was the moment where i registered:

Simple bypassing the spam-checks for my two quarantine accounts would
result in the right behaviour. No matter which source.

@bypass_spam_checks_acl  = qw( [EMAIL PROTECTED] );

Virus checks don't need to be bypassed since I don't deliver viruses in
the collector mailbox and therefore no scanner would catch anything.

+---+  +---+
| Miro Dietiker |  | MD Systems Miro Dietiker  |
+---+  +---+



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: AW: [AMaViS-user] forwarding viruses to host

[Mark Martinec]

Miro,

> Isn't it possible (or what arguments against) to make a spam report
> with original message attached as a file?
> Or any other suggestion about configuring that central spam collector?

One way would be to:
- enable spam defanging ($defang_spam=1), which would prepend
  spam report and wrap the original message in an attachment;
- and append address extensions e.g. [EMAIL PROTECTED] -> [EMAIL PROTECTED],
  @addr_extension_spam_maps=('spam');

then you can use Postfix pcre-based virtual maps to rewrite or
reroute messages for [EMAIL PROTECTED] to any place you want, possibly
also to more than one place, like the original recipient plus some
spam collection mailbox.

  Mark


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

AW: [AMaViS-user] forwarding viruses to host

[Miro Dietiker, MD Systems]

Ups... subject mistake ...

I primarily talk of SPAM forwarding. Virus forwarding works with no
trouble, since the virus is being removed on source complaining server
.. so the notification to the collect server is unpolluted...

But that SPAM-Forwarding still is unclear..
(so replace all "virus" with "spam" to understand my question right
...sorry)

Isn't it possible (or what arguments against) to make a spam report
with original message attached as a file?
Or any other suggestion about configuring that central spam collector?

Thanks - Miro

+---+  +---+
| Miro Dietiker |  | MD Systems Miro Dietiker  |
+---+  +---+


-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Miro
Dietiker, MD Systems
Gesendet: Mittwoch, 28. Dezember 2005 13:36
An: amavis-user@lists.sourceforge.net
Betreff: [AMaViS-user] forwarding viruses to host

Hi!

I'm running two servers with amavisd-new under debian with postfix.

On Server A there is a spam collection account [EMAIL PROTECTED], where
all viruses have to be delivered to.
On host B all spam found should be delivered to Server A into the
spam.collect account.

If now Server A receives SPAM, I can see two messages in the
spam.collect box. The SPAM mail itself, and a report for each SPAM with
title "SPAM FROM xxx"

If Server B receives SPAM, I can see three messages since (I expect)
server B identifies spam, generates a "SPAM FROM" message to Server A,
forwards SPAM itself to Server A, where server A also identifies message
as SPAM again and produces a second report...
This second report always shows up as "SPAM FROM (?)" where the
exclamation mark is present.

What would be the right or common way to forward that Mails?
I already was thinking of using a transport from B to A, not being
handled via amavis but i don't want to switch off too much checks and
don't want to open unnecessary ports .

Any suggestions to this setup?

Thanks a lot

+---+  +---+
| Miro Dietiker |  | MD Systems Miro Dietiker  |
+---+  +---+




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] forwarding viruses to host

[Gary V]

MD wrote:

> Hi!

> I'm running two servers with amavisd-new under debian with postfix.

> On Server A there is a spam collection account [EMAIL PROTECTED], where
> all viruses have to be delivered to.
> On host B all spam found should be delivered to Server A into the
> spam.collect account.

> If now Server A receives SPAM, I can see two messages in the
> spam.collect box. The SPAM mail itself, and a resport for each SPAM with
> title "SPAM FROM xxx"

> If Server B receives SPAM, I can see three messages since (I expect)
> server B identifies spam, generates a "SPAM FROM" message to Server A,
> forwards SPAM itself to Server A, where server A also identifies message
> as SPAM again and produces a second report...
> This second report always shows up as "SPAM FROM (?)" where the
> exclamation mark is present.

> What would be the right or common way to forward that Mails?
> I already was thinking of using a transport from B to A, not being
> handled via amavis but i don't want to switch off too much checks and
> don't want to open unnecessary ports .

> Any suggestions to this setup?

> Thanks a lot

> +---+  +---+
> | Miro Dietiker |  | MD Systems Miro Dietiker  |
> +---+  +---+

I'm not exactly clear on all points of your setup but
maybe this would work (or at least give you one idea).
At some appropriate place in main.cf create a
check_client_access map that will use a policy bank if
the mail originates from server B. Then only bypass checks
if mail from that client is addressed to [EMAIL PROTECTED] 

check_client_access hash:/etc/postfix/amavis_quarantine

/etc/postfix/amavis_quarantine:
192.168.1.15 FILTER smtp-amavis:[127.0.0.1]:10026

in amavisd.conf:
$inet_socket_port = [10024,10026];

Then set up a policy bank. This will override amavisd-new's
configured settings for any message received on port 10026.

$interface_policy{'10026'} = 'QUARANTINE';

$policy_bank{'QUARANTINE'} = {
 bypass_spam_checks_maps => [[qw( [EMAIL PROTECTED] )]],
 bypass_banned_checks_maps => [[qw( [EMAIL PROTECTED] )]],
 bypass_virus_checks_maps => [[qw( [EMAIL PROTECTED] )]],
 bypass_header_checks_maps => [[qw( [EMAIL PROTECTED] )]],
 spam_lovers_maps => [[qw( [EMAIL PROTECTED] )]],
 banned_files_lovers_maps => [[qw( [EMAIL PROTECTED] )]],
 virus_lovers_maps => [[qw( [EMAIL PROTECTED] )]],
 bad_header_lovers_maps => [[qw( [EMAIL PROTECTED] )]],
};

Gary V






Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] forwarding viruses to host

[Miro Dietiker, MD Systems]

Hi!

I'm running two servers with amavisd-new under debian with postfix.

On Server A there is a spam collection account [EMAIL PROTECTED], where
all viruses have to be delivered to.
On host B all spam found should be delivered to Server A into the
spam.collect account.

If now Server A receives SPAM, I can see two messages in the
spam.collect box. The SPAM mail itself, and a resport for each SPAM with
title "SPAM FROM xxx"

If Server B receives SPAM, I can see three messages since (I expect)
server B identifies spam, generates a "SPAM FROM" message to Server A,
forwards SPAM itself to Server A, where server A also identifies message
as SPAM again and produces a second report...
This second report always shows up as "SPAM FROM (?)" where the
exclamation mark is present.

What would be the right or common way to forward that Mails?
I already was thinking of using a transport from B to A, not being
handled via amavis but i don't want to switch off too much checks and
don't want to open unnecessary ports .

Any suggestions to this setup?

Thanks a lot

+---+  +---+
| Miro Dietiker |  | MD Systems Miro Dietiker  |
+---+  +---+




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/