AW: [AMaViS-user] forwarding viruses to host
OOPS: wrong sender address taken the mail before! Retry: Thanks Gary, i found the solution with your help :) Gary V wrote: >I'm not exactly clear on all points of your setup but >maybe this would work (or at least give you one idea). >check_client_access hash:/etc/postfix/amavis_quarantine >/etc/postfix/amavis_quarantine: >192.168.1.15 FILTER smtp-amavis:[127.0.0.1]:10026 >in amavisd.conf: >$inet_socket_port = [10024,10026]; Since both servers run standard Webserver/Mailserver environment, they should communicate under each other using the same path as external servers. Opening a second port with separate rules would be an oversized solution. >Then set up a policy bank. This will override amavisd-new's configured >settings for any message received on port 10026. >$interface_policy{'10026'} = 'QUARANTINE'; $policy_bank{'QUARANTINE'} = >{ bypass_spam_checks_maps => [[qw( [EMAIL PROTECTED] )]], > bypass_banned_checks_maps => [[qw( [EMAIL PROTECTED] )]], > bypass_virus_checks_maps => [[qw( [EMAIL PROTECTED] )]], > ... > Gary V And this was the moment where i registered: Simple bypassing the spam-checks for my two quarantine accounts would result in the right behaviour. No matter which source. @bypass_spam_checks_acl = qw( [EMAIL PROTECTED] ); Virus checks don't need to be bypassed since I don't deliver viruses in the collector mailbox and therefore no scanner would catch anything. +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: AW: [AMaViS-user] forwarding viruses to host
Miro, > Isn't it possible (or what arguments against) to make a spam report > with original message attached as a file? > Or any other suggestion about configuring that central spam collector? One way would be to: - enable spam defanging ($defang_spam=1), which would prepend spam report and wrap the original message in an attachment; - and append address extensions e.g. [EMAIL PROTECTED] -> [EMAIL PROTECTED], @addr_extension_spam_maps=('spam'); then you can use Postfix pcre-based virtual maps to rewrite or reroute messages for [EMAIL PROTECTED] to any place you want, possibly also to more than one place, like the original recipient plus some spam collection mailbox. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
AW: [AMaViS-user] forwarding viruses to host
Ups... subject mistake ... I primarily talk of SPAM forwarding. Virus forwarding works with no trouble, since the virus is being removed on source complaining server .. so the notification to the collect server is unpolluted... But that SPAM-Forwarding still is unclear.. (so replace all "virus" with "spam" to understand my question right ...sorry) Isn't it possible (or what arguments against) to make a spam report with original message attached as a file? Or any other suggestion about configuring that central spam collector? Thanks - Miro +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Miro Dietiker, MD Systems Gesendet: Mittwoch, 28. Dezember 2005 13:36 An: amavis-user@lists.sourceforge.net Betreff: [AMaViS-user] forwarding viruses to host Hi! I'm running two servers with amavisd-new under debian with postfix. On Server A there is a spam collection account [EMAIL PROTECTED], where all viruses have to be delivered to. On host B all spam found should be delivered to Server A into the spam.collect account. If now Server A receives SPAM, I can see two messages in the spam.collect box. The SPAM mail itself, and a report for each SPAM with title "SPAM FROM xxx" If Server B receives SPAM, I can see three messages since (I expect) server B identifies spam, generates a "SPAM FROM" message to Server A, forwards SPAM itself to Server A, where server A also identifies message as SPAM again and produces a second report... This second report always shows up as "SPAM FROM (?)" where the exclamation mark is present. What would be the right or common way to forward that Mails? I already was thinking of using a transport from B to A, not being handled via amavis but i don't want to switch off too much checks and don't want to open unnecessary ports . Any suggestions to this setup? Thanks a lot +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] forwarding viruses to host
MD wrote: > Hi! > I'm running two servers with amavisd-new under debian with postfix. > On Server A there is a spam collection account [EMAIL PROTECTED], where > all viruses have to be delivered to. > On host B all spam found should be delivered to Server A into the > spam.collect account. > If now Server A receives SPAM, I can see two messages in the > spam.collect box. The SPAM mail itself, and a resport for each SPAM with > title "SPAM FROM xxx" > If Server B receives SPAM, I can see three messages since (I expect) > server B identifies spam, generates a "SPAM FROM" message to Server A, > forwards SPAM itself to Server A, where server A also identifies message > as SPAM again and produces a second report... > This second report always shows up as "SPAM FROM (?)" where the > exclamation mark is present. > What would be the right or common way to forward that Mails? > I already was thinking of using a transport from B to A, not being > handled via amavis but i don't want to switch off too much checks and > don't want to open unnecessary ports . > Any suggestions to this setup? > Thanks a lot > +---+ +---+ > | Miro Dietiker | | MD Systems Miro Dietiker | > +---+ +---+ I'm not exactly clear on all points of your setup but maybe this would work (or at least give you one idea). At some appropriate place in main.cf create a check_client_access map that will use a policy bank if the mail originates from server B. Then only bypass checks if mail from that client is addressed to [EMAIL PROTECTED] check_client_access hash:/etc/postfix/amavis_quarantine /etc/postfix/amavis_quarantine: 192.168.1.15 FILTER smtp-amavis:[127.0.0.1]:10026 in amavisd.conf: $inet_socket_port = [10024,10026]; Then set up a policy bank. This will override amavisd-new's configured settings for any message received on port 10026. $interface_policy{'10026'} = 'QUARANTINE'; $policy_bank{'QUARANTINE'} = { bypass_spam_checks_maps => [[qw( [EMAIL PROTECTED] )]], bypass_banned_checks_maps => [[qw( [EMAIL PROTECTED] )]], bypass_virus_checks_maps => [[qw( [EMAIL PROTECTED] )]], bypass_header_checks_maps => [[qw( [EMAIL PROTECTED] )]], spam_lovers_maps => [[qw( [EMAIL PROTECTED] )]], banned_files_lovers_maps => [[qw( [EMAIL PROTECTED] )]], virus_lovers_maps => [[qw( [EMAIL PROTECTED] )]], bad_header_lovers_maps => [[qw( [EMAIL PROTECTED] )]], }; Gary V Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] forwarding viruses to host
Hi! I'm running two servers with amavisd-new under debian with postfix. On Server A there is a spam collection account [EMAIL PROTECTED], where all viruses have to be delivered to. On host B all spam found should be delivered to Server A into the spam.collect account. If now Server A receives SPAM, I can see two messages in the spam.collect box. The SPAM mail itself, and a resport for each SPAM with title "SPAM FROM xxx" If Server B receives SPAM, I can see three messages since (I expect) server B identifies spam, generates a "SPAM FROM" message to Server A, forwards SPAM itself to Server A, where server A also identifies message as SPAM again and produces a second report... This second report always shows up as "SPAM FROM (?)" where the exclamation mark is present. What would be the right or common way to forward that Mails? I already was thinking of using a transport from B to A, not being handled via amavis but i don't want to switch off too much checks and don't want to open unnecessary ports . Any suggestions to this setup? Thanks a lot +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/