Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th April 2011, 18:36
tomrichmond tomrichmond is offline
Junior Member
 
Join Date: Dec 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Forwarding SPAM to quarantine.

Hi

I want to forward a copy of each spam email received to a specified email address, but I'm not having any success. Incoming email is filtered correctly , and the headers are altered where they should be, but I never receive a copy of the spam message at my specified email.

I've been looking through the amavisd-new documentation but I can't find a solution.

Is there anybody here who has succeeded in forwarding spam who could explain quite how they did it?

Cheers folks.
Reply With Quote
Sponsored Links
  #2  
Old 11th April 2011, 11:24
dedeon dedeon is offline
Junior Member
 
Join Date: Jan 2011
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re:

My problem same with you. I'm waiting explanation too. Somebody can help me?
Reply With Quote
  #3  
Old 11th April 2011, 16:31
Scratchpad Scratchpad is offline
Junior Member
 
Join Date: Apr 2011
Posts: 8
Thanks: 0
Thanked 2 Times in 2 Posts
Default

I used Amavisd with ClamAV for my virus scanning and have it setup so that an email gets sent to virus-alert@example.com whenever a virus is detected.

I also use Amavisd with SpamAssassin to do the same thing for SPAM.

I believe it is the following line (for originating) and I think "originating" gets changed to something else for external mail (somebody correct me on this?) in /etc/amavisd.conf that you can configure where you want the email to go:

Code:
$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["virusalert\@$mydomain"],
  spam_admin_maps  => ["virusalert\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};
And then also in the same /etc/amavisd.conf:

Code:
$virus_admin               = "virusalert\@$mydomain";  # notifications recip.

$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
then again within the same config file:

Code:
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_REJECT;
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
Make sure you change the settings to your particular needs. The above is from my test linux box so they are NOT tweaked for production use obviously.

If you don't have Amavisd running, check out any of the "Perfect Setup" tutorials on this site. There is pretty much one for every OS ... the guys are amazing!
Reply With Quote
  #4  
Old 12th April 2011, 07:27
dedeon dedeon is offline
Junior Member
 
Join Date: Jan 2011
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re :

Thanks for the reply. I make sure amavisd.conf configuration like above. for the test, I change $final_spam_destination = D_PASS, and $spam_quarantine_to = spamadmin@mydomain.com. But, when I test with sample spam, log indicate detected spam and the action is DISCARD the spam. this is the log :

Apr 11 15:32:02 mail amavis[3774]: (03774-01) Blocked SPAM, <venol@localhost> -> <guest@indra.com>, quarantine: v/spam-vs9ZxfjgcD+i.gz, Message-ID: <20110411083200.GA3806@indra.com>, mail_id: vs9ZxfjgcD+i, Hits: 999.999, size: 1240, 2604 ms
Apr 11 15:32:02 mail postfix/smtp[3819]: 4185621A16: to=<guest@indra.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.06/0.02/0.04/2.6, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=03774-01 - SPAM)
Apr 11 15:32:02 mail postfix/qmgr[3377]: 4185621A16: removed

spamadmin@mydomain.com not receive email quarantine spam. what's problem?
Reply With Quote
  #5  
Old 12th April 2011, 16:05
Scratchpad Scratchpad is offline
Junior Member
 
Join Date: Apr 2011
Posts: 8
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by dedeon View Post
Thanks for the reply. I make sure amavisd.conf configuration like above. for the test, I change $final_spam_destination = D_PASS, and $spam_quarantine_to = spamadmin@mydomain.com. But, when I test with sample spam, log indicate detected spam and the action is DISCARD the spam. this is the log :

Apr 11 15:32:02 mail amavis[3774]: (03774-01) Blocked SPAM, <venol@localhost> -> <guest@indra.com>, quarantine: v/spam-vs9ZxfjgcD+i.gz, Message-ID: <20110411083200.GA3806@indra.com>, mail_id: vs9ZxfjgcD+i, Hits: 999.999, size: 1240, 2604 ms
Apr 11 15:32:02 mail postfix/smtp[3819]: 4185621A16: to=<guest@indra.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.06/0.02/0.04/2.6, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=03774-01 - SPAM)
Apr 11 15:32:02 mail postfix/qmgr[3377]: 4185621A16: removed

spamadmin@mydomain.com not receive email quarantine spam. what's problem?
Just a basic question, but, does the email account spamadmin@mydomain.com exist? Or, is it an alias to another account in /etc/aliases or in your virtual aliases table?
Reply With Quote
  #6  
Old 15th April 2011, 14:06
dedeon dedeon is offline
Junior Member
 
Join Date: Jan 2011
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re:

thanks for the reply. spamadmin@mydomain.com listed on mysql_virtual_mailbox. I use MySql to store all virtual accounts. I test send message to spamadmin@mydomain.com was succesfull. But, the report about spam detected not send to spamadmin@mydomain.com, and spam message not send to destination even I set final_spam_destination to "D_PASS".

what the log do you necessary to help me?

thanks for the help.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help Too much SPAM!! makensy13 Installation/Configuration 4 13th January 2011 18:55
Spam Filter not functioning (revisited) Cracklefish Installation/Configuration 7 8th March 2010 13:16
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 17:17
ISPC2 How to do spam check BEFORE forwarding emails ? radim_h Tips/Tricks/Mods 1 18th March 2009 08:51
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 18:37


All times are GMT +2. The time now is 14:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.