Re: How do you manage the ‘hold’ queue?
On 27/01/2021 13:47, David Bürgin wrote: Thanks everybody – I’ve decided that for me personally handling this is too much work, and I’ve disabled this particular milter. (There is an open issue in the OpenDMARC project that I have upvoted: https://github.com/trusteddomainproject/OpenDMARC/issues/77) Re that issue, my workaround can be easily modified to allow emails that fail DMARC testing but have p=quarantine to pass through automatically to original recipient, while retaining ones with p=reject. FWIW my experience is that about 70% of DMARC failures proceed from fakes, the rest are genuine but misconfigured.
Re: How do you manage the ‘hold’ queue?
Thanks everybody – I’ve decided that for me personally handling this is too much work, and I’ve disabled this particular milter. (There is an open issue in the OpenDMARC project that I have upvoted: https://github.com/trusteddomainproject/OpenDMARC/issues/77)
Re: How do you manage the ‘hold’ queue?
On 2021-01-26 08:18, Patrick Ben Koetter wrote: You might want to use amavis' quarantine capabilities and let it do the job. It also has an interface to send (release) commands to and comes with a script to do it manually on the command line. https://github.com/gnanet/mailzu hope its the main repo now while i had it, it was super user friendly for all my users at that time
Re: How do you manage the ‘hold’ queue?
On Tue, Jan 26, 2021 at 08:13:01AM +0100, David Bürgin wrote: > I’ve recently begun using the ‘hold’ queue, because of a milter that I > use. A milter may ‘quarantine’ a message, which causes the message to be > placed in the ‘hold’ queue (eg OpenDMARC does this when the DMARC policy > requests quarantine). > > But how does one manage that queue? I know that > postqueue/postsuper/postcat exist, but it seems like a lot of work to > periodically (daily, weekly?) inspect each message in that queue and > deal with them one by one? Do people actually use quarantine/on-hold, > and if so how do you manage your queue? Doing something non-trivial (other than manual administrative release via "postsuper -H" on report of a false positive) is a programming exercise for the administrator. There's nothing fancy built-in. * You can use "postqueue -j" and "jq" to select particular messages from the hold queue, based on the reported features. * You can use "postcat -q [-ebh]" to examine the message content. * You can move the message into the incoming directory (must reside in the same filesystem!) of some other Postfix instance, which might then deliver it in some special way (a per_recipient maildir perhaps). With the messages stored in standard *822 format, it can be easier to write tools to do further automated processing. But this could be more easily achieved with FILTER. -- Viktor.
Re: How do you manage the ‘hold’ queue?
On 1/26/2021 1:13 AM, David Bürgin wrote: I’ve recently begun using the ‘hold’ queue, because of a milter that I use. A milter may ‘quarantine’ a message, which causes the message to be placed in the ‘hold’ queue (eg OpenDMARC does this when the DMARC policy requests quarantine). But how does one manage that queue? I know that postqueue/postsuper/postcat exist, but it seems like a lot of work to periodically (daily, weekly?) inspect each message in that queue and deal with them one by one? Do people actually use quarantine/on-hold, and if so how do you manage your queue? I sometimes use the pfqueue tool. http://pfqueue.sourceforge.net/ Mostly I just avoid putting things on hold unless I'm investigating something specific. It's better to tag-and-deliver suspected spam and let the recipient deal with it. Either sort it into a spam folder or tag the subject somehow. -- Noel Jones
Re: How do you manage the ‘hold’ queue?
On 26/01/2021 07:13, David Bürgin wrote: I’ve recently begun using the ‘hold’ queue, because of a milter that I use. A milter may ‘quarantine’ a message, which causes the message to be placed in the ‘hold’ queue (eg OpenDMARC does this when the DMARC policy requests quarantine). But how does one manage that queue? I know that postqueue/postsuper/postcat exist, but it seems like a lot of work to periodically (daily, weekly?) inspect each message in that queue and deal with them one by one? Do people actually use quarantine/on-hold, and if so how do you manage your queue? This is my approach with openDMARC. Of course the resulting local mail store (mbox file in my case) still has to be checked and managed. # grep -E "^(RejectFailures|AuthservID) " /etc/opendmarc.conf RejectFailures false AuthservID streamingbats.co.uk # postconf milter_header_checks milter_header_checks = pcre:/etc/postfix/milter_header_checks.pcre # cat /etc/postfix/milter_header_checks.pcre /^Authentication-Results: streamingbats\.co\.uk.*dmarc=fail \(p=(reject|quarantine)/ REDIRECT ubuntu@localhost
Re: How do you manage the ‘hold’ queue?
* David Bürgin : > I’ve recently begun using the ‘hold’ queue, because of a milter that I > use. A milter may ‘quarantine’ a message, which causes the message to be > placed in the ‘hold’ queue (eg OpenDMARC does this when the DMARC policy > requests quarantine). > > But how does one manage that queue? I know that > postqueue/postsuper/postcat exist, but it seems like a lot of work to > periodically (daily, weekly?) inspect each message in that queue and > deal with them one by one? Do people actually use quarantine/on-hold, > and if so how do you manage your queue? The HOLD queue was never meant to be a fullblown quarantine store with management tools etc. That might explain the lack of tools to manage the queue conveniently in daily business. You might want to use amavis' quarantine capabilities and let it do the job. It also has an interface to send (release) commands to and comes with a script to do it manually on the command line. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein