RE: header_checks when amavisd reinjects mail back into local smtpd

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: header_checks when amavisd reinjects mail back into local smtpd

Jevos, Peter-2
> -----Original Message-----
> From: Noel Jones [mailto:[hidden email]]
> Sent: Friday, April 25, 2008 6:44 PM
> To: Jevos, Peter; [hidden email]
> Subject: Re: header_checks when amavisd reinjects mail back into local
> smtpd
>
> Jevos, Peter wrote:
> > Hi
> >
> > I need to control header_check but after amavisd tags mail with
> > **UNCHECKED**. Not before.
> >
> > So I  adjusted in master.cf but it doesn't work:
> >
> > 127.0.0.1:10025 inet n  -       n     -       -  smtpd
> >             -o content_filter=
> >             -o local_recipient_maps=
> >             -o relay_recipient_maps=
> >             -o smtpd_restriction_classes=
> >             -o smtpd_delay_reject=no
> >             -o smtpd_client_restrictions=permit_mynetworks,reject
> >             -o smtpd_helo_restrictions=
> >             -o smtpd_sender_restrictions=
> >             -o smtpd_recipient_restrictions=permit_mynetworks,reject
> >             -o smtpd_data_restrictions=reject_unauth_pipelining
> >             -o smtpd_end_of_data_restrictions=
> >             -o mynetworks=127.0.0.0/8
> >             -o strict_rfc821_envelopes=yes
> >             -o smtpd_error_sleep_time=0
> >             -o smtpd_soft_error_limit=1001
> >             -o smtpd_hard_error_limit=1000
> >             -o smtpd_client_connection_count_limit=0
> >             -o smtpd_client_connection_rate_limit=0
> >             -o header_checks=pcre:/etc/postfix/header_checks
> >
> > header_checks file content is:
> >
> > /^Subject:.*\*\*UNCHECKED\*\*.*/        REJECT Amavis checked
> >
> > What's wrong
> >
> > Thx
> >
> > pet
>
> Two things wrong here -
>
> First, header_checks is a property of cleanup, not smptd.  So
> you would need to define an alternate cleanup service for the
> :10025 smtpd, and then define alternate header_checks for that
> cleanup service.  Or just use a second instance of postfix.
>
> Second problem is that you really shouldn't do this in the
> first place.  Rejecting mail that you have already accepted
> creates backscatter and is considered abusive.  If you don't
> want to deliver the mail, either quarantine or discard it.
>
Dear Noel,

Thank you for your answer. It's clear. But howcan I deal with email
called mail bomb, e.g. 42.zip or bzip2 bomb are examples of such
malware?
Amavisd cannot recognize it cause it has limited amount of space for
decoding. However it can tag it with string ***UNCHECKED***.
Here are some words from amavisd doc.:
When message decoding exceeds the storage quota, the decoding stops, the
virus scanning is not performed to protect the virus scanner, but a
header field is inserted, telling MTA it may place the message 'on
hold', or reject it, or just pass it - the action depends on MTA
configuration. This works well with Postfix.

Therefore I thought that I can reject it when amavisd reinject mail back
into the postfix ( with header_check of string UNCHECKECD)

THx

Br

pet
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: header_checks when amavisd reinjects mail back into local smtpd

mouss-2
Jevos, Peter wrote:

> Thank you for your answer. It's clear. But howcan I deal with email
> called mail bomb, e.g. 42.zip or bzip2 bomb are examples of such
> malware?
> Amavisd cannot recognize it cause it has limited amount of space for
> decoding. However it can tag it with string ***UNCHECKED***.
> Here are some words from amavisd doc.:
> When message decoding exceeds the storage quota, the decoding stops, the
> virus scanning is not performed to protect the virus scanner, but a
> header field is inserted, telling MTA it may place the message 'on
> hold', or reject it, or just pass it - the action depends on MTA
> configuration. This works well with Postfix.
>
> Therefore I thought that I can reject it when amavisd reinject mail back
> into the postfix ( with header_check of string UNCHECKECD)
>  

and if you do so, postfix will generate a bounce and send backscatter to
an innocent.

only reject during the smtp transaction. either deliver, quarantine or
discard (not recommended) the message. the HOLD action will let you
inspect the message (manually or via a script or whatever) and decide
what to do. but once again, do not bounce.
Loading...