Send a BCC based on header check after receiving mail back from amavis-new

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Send a BCC based on header check after receiving mail back from amavis-new

Administrator Beckspaced.com
Hello there,

first, all the best wishes for 2019!
Let it be a good new year for all of us ;)

I'm running a SuSE Box with postfix version 3.2.0
I also do SPAM checking via amavis-new and spamassassin

after the mail passes postscreen it's directed to amavis-new
amavis-new then re-injects the mail to postfix on port 10025

If amavis-new detects some spam it will add headers like:

X-Spam-Flag: YES
X-Spam-Score: 11.248
X-Spam-Level: ***********

based on those tags I would like to send a BCC to my spam collecting
[hidden email] for further inspection and review.

the kill_level in spamassassin is set at 6.5 and the tag2_level is set
at 4.0

so all emails with SPAM scores between 4.0 and 6.49 I would like to add
a BCC

A bit of googling revealed milter_header_checks & header_checks

http://www.postfix.org/postconf.5.html#milter_header_checks
http://www.postfix.org/header_checks.5.html

so my thinking was to modify master.cf .. the postfix instance where
amavis-new re-injects mails and add a header check there

127.0.0.1:10025 inet   n       -       n       -       -       smtpd
...
   -o milter_header_checks = pcre:/etc/postfix/milter_header_checks
...

and in /etc/postfix/milter_header_checks

/^X-Spam-Level:\s****/ BCC [hidden email]

which would then add the additional header and send a BCC?
would this setup make sense? would it work?

also ... how can i test the regex?

thanks & greetings

Becki


Reply | Threaded
Open this post in threaded view
|

Re: Send a BCC based on header check after receiving mail back from amavis-new

Bastian Blank-3
On Tue, Jan 01, 2019 at 12:17:15PM +0100, Admin Beckspaced wrote:
> If amavis-new detects some spam it will add headers like:
> based on those tags I would like to send a BCC to my spam collecting
> [hidden email] for further inspection and review.

Ask amavisd-new to quarantine the mail.  Depending on tag- or
kill-level, this is CC_SPAM, CC_SPAMMY,1 or CC_SPAMMY and can be set in
%quarantine_to_maps_by_ccat.

Bastian

--
Love sometimes expresses itself in sacrifice.
                -- Kirk, "Metamorphosis", stardate 3220.3
Reply | Threaded
Open this post in threaded view
|

Re: Send a BCC based on header check after receiving mail back from amavis-new

Wietse Venema
In reply to this post by Administrator Beckspaced.com
Admin Beckspaced:
> http://www.postfix.org/postconf.5.html#milter_header_checks

This may not work. The header_checks BCC was feature was added in
Postfix 3.0, many years after Milter support was implemented in
Postfix 2.3, and I don't think that there is a BCC handler for the
end-of-data phase. It's not impossible to implement, but I don't
see any code for it, and I don't have time to do that now.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Send a BCC based on header check after receiving mail back from amavis-new

Administrator Beckspaced.com
In reply to this post by Bastian Blank-3
Am 01-Jan-19 um 17:35 schrieb Bastian Blank:
> On Tue, Jan 01, 2019 at 12:17:15PM +0100, Admin Beckspaced wrote:
>> If amavis-new detects some spam it will add headers like:
>> based on those tags I would like to send a BCC to my spam collecting
>> [hidden email] for further inspection and review.
> Ask amavisd-new to quarantine the mail.  Depending on tag- or
> kill-level, this is CC_SPAM, CC_SPAMMY,1 or CC_SPAMMY and can be set in
> %quarantine_to_maps_by_ccat.
>
> Bastian
Hello Bastian & Wietse,

thanks a lot for your replies.

Based on Wietse's comment 'this may not work' and equipped with the
proper keywords I did a bit more googling on amavis-new ...
... finally added to amavisd.conf the following lines

$quarantine_method_by_ccat{+CC_SPAMMY} = $spam_quarantine_method;
$quarantine_to_maps_by_ccat{+CC_SPAMMY} = ['[hidden email]'];

and now i do receive a copy of the tag2_level spammy emails. Nice ;)
More infos on this topic can be found there:

https://www.ijs.si/software/amavisd/amavisd-new-docs.html#quarantine
https://sourceforge.net/p/amavis/mailman/message/17352662/

thanks for pointing me in the right direction ;)

Greetings
Becki


Reply | Threaded
Open this post in threaded view
|

BCC in milter_header_checks (was: Send a BCC based on header check...)

Wietse Venema
In reply to this post by Wietse Venema
Wietse Venema:
> Admin Beckspaced:
> > http://www.postfix.org/postconf.5.html#milter_header_checks
>
> This may not work. The header_checks BCC was feature was added in
> Postfix 3.0, many years after Milter support was implemented in
> Postfix 2.3, and I don't think that there is a BCC handler for the
> end-of-data phase. It's not impossible to implement, but I don't
> see any code for it, and I don't have time to do that now.

It is supposed to work. Here is the code that handles it in
cleanup_milter.c:

    if (STREQUAL(command, "BCC", cmd_len)) {
        if (strchr(optional_text, '@') == 0) {
            msg_warn("bad BCC address \"%s\" in %s map -- "
                     "need user@domain",
                     optional_text, VAR_MILT_HEAD_CHECKS);
        } else {
            cleanup_milter_hbc_log(context, "bcc", where, buf, optional_text);
            /* Caller checks state error flags. */
            (void) cleanup_add_rcpt_par(state, optional_text, "");
        }

This code runs while headers are received, and I just verified that
it does add a record to the queue file.

        Wietse