Patrick,
Really appreciate your help, especially if Mark's not around here any
more.
- Are there best practices advice about sender notifications?
Don't notify senders for
- spam
- viruses
- unchecked
as the envelope sender is usually forged. You'd end up barking up the
wrong
tree and the server might get listed as backscatter server.
Notify senders for:
- banned files
- Looks like default is to have notifications ("warnings?") enabled
for
attachments with banned file extensions. Doesn't this risk backscatter
problems when sender address is forged?
Yes.
Given that you advised sending banned notifications to senders, you
consider the backscatter potential an acceptable risk for keeping that
turned on?
- Also, is there a place to customize the message body (and possibly
headers) for these notifications ("warnings?")?
They are placed within amavis as templates. Which platform do you run
amavis
on?
I have more than one - I see debian seems to have template files under
/etc/amavis/en_US/ though I don't see a template for the banned
extensions notification, but that system is not producing said
notifications.
On the RedHat side of things (2.10.1 installed from EPEL), I don't find
those templates and this is where the banned extension notification goes
out to everyone (local or not) no matter what I do. That package puts
some things in /usr/share/doc/amavisd-new-2.10.1 but I find no templates
there. I even did this using the first line of text from the
notification message:
grep -ri 'Our content checker found' /usr/share/doc/amavisd-new-2.10.1
- I'm having a very hard time finding documentation on any of those
settings, what exactly they do - where can I find that?
There isn't any. Amavis is orphaned.
I see. Can you or someone who knows these things explain if I am looking
at the right settings?
Does disabling $warn_offsite prevent ALL non-local notifications (based
on $mynetworks?)? Should I set it to undef to disable?
Does $warnbannedsender control the notifications I am seeing?
- I cannot find a way to disable them - tried setting these all to 0
but no
luck: $warnbadhsender $warnbannedsender $warn_offsite
I tried setting to undef instead of 0, but warning/notices are still
sent
out by amavis. So I appear to have a problem with these settings
being
overridden somewhere else(?)(or not understanding the right settings
to use)
but I hope someone can still answer my other questions:
Did you set mynetworks and local_domain_maps? Without these settings
amavis
won't be able to tell which directions - inbound/outbound - mails are
flowing. By default it only notifies recipients who belong to
hosts/domains in
local_domain_maps. Without this it won't notify at all.
local_domain_maps is set correctly. mynetworks is not, as I used the
policy banks associated with the port number which, combined with
local_domain_maps has been working correctly (amavis logs correctly for
"RelayedInbound" and "RelayedInternal" etc). Even if you recommend I set
up mynetworks, I understand you think without it I should not be seeing
the notifications at all. That's confounding.
On 2016-11-26 23:34, Dominic Raferd wrote:
> I don't think there is a way to check what the current active settings
> are for amavisd-new (nothing like postconf -n) - including all
> defaults - unfortunately. We can of course check our own settings with
> something like: grep -r "warn" /etc/amavis/conf.d|grep -v "\s*#"
>
> The defaults that I am aware of are:
>
> $warnbannedsender = undef;
> $warnbadhsender = undef;
> $warn_offsite = undef;
> $warnvirusrecip = undef;
> $warnbannedrecip = undef;
> $warnbadhrecip = undef;
>
> I presume this means there are no warnings issued unless these
> variables are set explicitly, and this isn't the case with ubuntu (or
> I think debian) standard installations? Are you sure that warnings are
> being issued by amavisd-new on your system?
>
> On 26 November 2016 at 22:44, MRob <mro...@insiberia.net> wrote:
>
> > Are there best practices advice about sender notifications?
> >
> > Looks like default is to have notifications ("warnings?") enabled
> > for attachments with banned file extensions. Doesn't this risk
> > backscatter problems when sender address is forged?
> >
> > I cannot find a way to disable them - tried setting these all to 0
> > but no luck: $warnbadhsender $warnbannedsender $warn_offsite
> >
> > I'm having a very hard time finding documentation on any of those
> > settings, what exactly they do - where can I find that?
> >
> > Also, is there a place to customize the message body (and possibly
> > headers) for these notifications ("warnings?")?
> >
> > Thank you for your great product.
