Forwarding SPAM to quarantine.

Discussion in 'Server Operation' started by tomrichmond, Apr 6, 2011.

  1. tomrichmond

    tomrichmond New Member

    Hi

    I want to forward a copy of each spam email received to a specified email address, but I'm not having any success. Incoming email is filtered correctly , and the headers are altered where they should be, but I never receive a copy of the spam message at my specified email.

    I've been looking through the amavisd-new documentation but I can't find a solution.

    Is there anybody here who has succeeded in forwarding spam who could explain quite how they did it?

    Cheers folks.
     
  2. dedeon

    dedeon New Member

    Re:

    My problem same with you. I'm waiting explanation too. Somebody can help me?
     
  3. Scratchpad

    Scratchpad New Member

    I used Amavisd with ClamAV for my virus scanning and have it setup so that an email gets sent to virus-alert@example.com whenever a virus is detected.

    I also use Amavisd with SpamAssassin to do the same thing for SPAM.

    I believe it is the following line (for originating) and I think "originating" gets changed to something else for external mail (somebody correct me on this?) in /etc/amavisd.conf that you can configure where you want the email to go:

    Code:
    $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
      originating => 1,  # declare that mail was submitted by our smtp client
      allow_disclaimers => 1,  # enables disclaimer insertion if available
      # notify administrator of locally originating malware
      virus_admin_maps => ["virusalert\@$mydomain"],
      spam_admin_maps  => ["virusalert\@$mydomain"],
      warnbadhsender   => 1,
      # forward to a smtpd service providing DKIM signing service
      forward_method => 'smtp:[127.0.0.1]:10027',
      # force MTA conversion to 7-bit (e.g. before DKIM signing)
      smtpd_discard_ehlo_keywords => ['8BITMIME'],
      bypass_banned_checks_maps => [1],  # allow sending any file names and types
      terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
    };
    
    And then also in the same /etc/amavisd.conf:

    Code:
    $virus_admin               = "virusalert\@$mydomain";  # notifications recip.
    
    $mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
    $mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
    $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
    $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
    
    then again within the same config file:

    Code:
    $final_virus_destiny      = D_DISCARD;
    $final_banned_destiny     = D_REJECT;
    $final_spam_destiny       = D_BOUNCE;
    $final_bad_header_destiny = D_PASS;
    
    Make sure you change the settings to your particular needs. The above is from my test linux box so they are NOT tweaked for production use obviously.

    If you don't have Amavisd running, check out any of the "Perfect Setup" tutorials on this site. There is pretty much one for every OS ... the guys are amazing!
     
  4. dedeon

    dedeon New Member

    Re :

    Thanks for the reply. I make sure amavisd.conf configuration like above. for the test, I change $final_spam_destination = D_PASS, and $spam_quarantine_to = spamadmin@mydomain.com. But, when I test with sample spam, log indicate detected spam and the action is DISCARD the spam. this is the log :

    Apr 11 15:32:02 mail amavis[3774]: (03774-01) Blocked SPAM, <venol@localhost> -> <guest@indra.com>, quarantine: v/spam-vs9ZxfjgcD+i.gz, Message-ID: <20110411083200.GA3806@indra.com>, mail_id: vs9ZxfjgcD+i, Hits: 999.999, size: 1240, 2604 ms
    Apr 11 15:32:02 mail postfix/smtp[3819]: 4185621A16: to=<guest@indra.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.06/0.02/0.04/2.6, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=03774-01 - SPAM)
    Apr 11 15:32:02 mail postfix/qmgr[3377]: 4185621A16: removed

    spamadmin@mydomain.com not receive email quarantine spam. what's problem?
     
  5. Scratchpad

    Scratchpad New Member

    Just a basic question, but, does the email account spamadmin@mydomain.com exist? Or, is it an alias to another account in /etc/aliases or in your virtual aliases table?
     
  6. dedeon

    dedeon New Member

    Re:

    thanks for the reply. spamadmin@mydomain.com listed on mysql_virtual_mailbox. I use MySql to store all virtual accounts. I test send message to spamadmin@mydomain.com was succesfull. But, the report about spam detected not send to spamadmin@mydomain.com, and spam message not send to destination even I set final_spam_destination to "D_PASS".

    what the log do you necessary to help me?

    thanks for the help.
     
  7. dedeon

    dedeon New Member

    help

    maybe someone can help me..
     
  8. Scratchpad

    Scratchpad New Member

    Hmm, I would double check that you are not doing a reject somewhere else, and maybe post your amavisd.conf file without comments.
     
  9. dedeon

    dedeon New Member

    my amavisd.conf

    hi, this my amavisd configuration, need help.

    thanks.
     

Share This Page