Loading ...
Sorry, an error occurred while loading the content.

Re: prevent archiving SPAM mails

Expand Messages
  • mouss
    ... how do you deliver the archived mail? if it s via an LDA such as dovecot or maildrop or procmail, you can create a rule to discard mail which has a header
    Message 1 of 17 , Jul 22, 2012
    • 0 Attachment
      Le 19/07/2012 10:23, Nalinda Herath a écrit :
      > In my current setup, server will not discard any mail even though they are
      > tagged as SPAM. all the spam mails are routed to the junk folder's of each
      > user. According to our policy, we cannot discard any mail, and users are
      > allowed to check whether any mail has been accidentally tagged as SPAM.
      >
      > We simply BCC the emails which are received to the server by setting
      > always_bcc = <email address>
      >


      how do you deliver the archived mail? if it's via an LDA such as dovecot
      or maildrop or procmail, you can create a rule to discard mail which has
      a header that says it's spam (X-Spam-Flag: YES).

      if you want that in postfix, then you need to do some work.

      [multiple instances of postfix]
      if you accept to run multiple instances (run postfix multiple times,
      with different configurations etc), then make ue a specific domain for
      the archive (for exemple: archive.example.com), then use transport maps
      to direct such mail to its own instance. and in this instance, use
      header_checks to discard mail tagged as spam.


      [in a single instance]
      with a single instance, you can't use routing (transport_maps) because
      transport_maps is global to an instance, and you don't want to creat a
      loop. but you can create a dedicated smtpd listener.
      here is an example:

      1- use a different domain for mail archiving. but instead of always_bcc,
      I'll recommend using recipient_bcc_maps:
      recipient_bcc_maps = pcre:/etc/postfix/recipient_bcc.pcre

      then in recipient_bcc.pcre, something like
      /(.*)@example\.com$/ bcc+$1@...

      add an expression for any domain you want to archive mail for.

      side benefit: you have the original recipient in the bcc address!
      (this assumes you have recipient_delimiter = +).


      2- In your after-the-filter smtpd (assuming you are using a filter such
      as amavisd-new), add a check_recipient_access to pass such mail to a
      specific smtpd (that you need to add):
      ...
      ...
      check_recipient_access hash:/etc/postfix/filter_bcc.hash

      and in filter_bcc.hash:

      archive.example.com FILTER filter:[127.0.0.1]:10624
      .archive.example.com FILTER filter:[127.0.0.1]:10624

      (here, I assume you start an smtpd on 10624 for such mail, and I assume
      you defined a filter named "filter". this may be the same as you use to
      passe your mail to your "standard" filter).

      3- for the smtpd on 10624, create a cleanup service that uses a
      check_headers to do
      /^X\-Spam\-Flag: YES/ DISCARD


      PS. instead of discarding such spam, better deliver it to a special
      account which is purged more often. this gives you a chance to
      re-archive a message if someone says it was a false positive... etc.
      (and it gives you the content if someone claims it is a false positive
      but you don't agree. of course, reading other people's mail requires
      their consent and/or support by your local policy. but you almost always
      can run a script to parse the Received headers and show that the message
      passed via bad networks, without ever touching the body...).
      debating this is however off-topic here. I only wanted you to kknow that
      this is a possibility...

      > I need some workaround to prevent archiving mails tagged as spam by
      > Spamassassin.
      >
      > Regards,
      > Nalinda
      >
      >
      >
      > On Wed, Jul 18, 2012 at 10:22 PM, Noel Jones <njones@...> wrote:
      >
      >> On 7/18/2012 11:22 AM, Nalinda Herath wrote:
      >>> Hi all,
      >>>
      >>> Recently I have integrated spmassassin to my existing postfix
      >>> system. But now I need to tune my archiving settings in postfix to
      >>> prevent from archiving mails tagged as spam.
      >>>
      >>> It will be really helpful If someone can help me on this. Thanks.
      >>>
      >>> Regards,
      >>> Nalinda
      >>>
      >>> --
      >>> Regards,
      >>> Nalinda
      >>>
      >>>
      >>
      >>
      >> General procedure -- apply anti-spam and anti-virus before the
      >> archiving procedure.
      >>
      >> One way to do this is to run spamassassin in a pre-queue
      >> smtpd_proxy_filter or milter so only clean mail enters postfix. Or
      >> with a traditional postfix after queue content_filter, do your
      >> archiving in the after-filter postfix instance.
      >>
      >> If you need a more specific answer, you'll need to share full
      >> details of your postfix setup, your archiving procedure, and how
      >> you've integrated spamassassin.
      >> http://www.postfix.org/DEBUG_README.html#mail
      >>
      >>
      >> -- Noel Jones
      >>
      >
      >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.