* MRob <mro...@insiberia.net>: > Patrick, > > Really appreciate your help, especially if Mark's not around here any more. > > > > - Are there best practices advice about sender notifications? > > > > Don't notify senders for > > > > - spam > > - viruses > > - unchecked > > > > as the envelope sender is usually forged. You'd end up barking up the > > wrong > > tree and the server might get listed as backscatter server. > > > > Notify senders for: > > > > - banned files > > > > > - Looks like default is to have notifications ("warnings?") enabled > > > for > > > attachments with banned file extensions. Doesn't this risk backscatter > > > problems when sender address is forged? > > > > Yes. > > Given that you advised sending banned notifications to senders, you consider > the backscatter potential an acceptable risk for keeping that turned on?
It's a calculated risk that tries to balance useful information against getting on innocent peoples nerves. I am not aware of facts (numbers) that make this an easy decision. Personally I use notifications for banned files. > > > - Also, is there a place to customize the message body (and possibly > > > headers) for these notifications ("warnings?")? > > > > They are placed within amavis as templates. Which platform do you run > > amavis > > on? > > I have more than one - I see debian seems to have template files under > /etc/amavis/en_US/ though I don't see a template for the banned extensions > notification, but that system is not producing said notifications. > > On the RedHat side of things (2.10.1 installed from EPEL), I don't find > those templates and this is where the banned extension notification goes out > to everyone (local or not) no matter what I do. That package puts some > things in /usr/share/doc/amavisd-new-2.10.1 but I find no templates there. I > even did this using the first line of text from the notification message: Take a look at %notify_sender_templ_by_ccat in the amavisd perl file: %notify_sender_templ_by_ccat = ( # bounce templates CC_VIRUS, sub { cr('notify_virus_sender_templ') }, CC_BANNED, sub { cr('notify_virus_sender_templ') }, #historical reason CC_SPAM, sub { cr('notify_spam_sender_templ') }, CC_CATCHALL, sub { cr('notify_sender_templ') }, ); Then follow notify_virus_sender_templ and you will find a function read_l10n_templates, which refers to list of files (templates) that are read among whom dir/template-virus-sender.txt seems to be what you are looking for. > grep -ri 'Our content checker found' /usr/share/doc/amavisd-new-2.10.1 > > > > - I'm having a very hard time finding documentation on any of those > > > settings, what exactly they do - where can I find that? > > > > There isn't any. Amavis is orphaned. > > I see. Can you or someone who knows these things explain if I am looking at > the right settings? > > Does disabling $warn_offsite prevent ALL non-local notifications (based on > $mynetworks?)? Should I set it to undef to disable? I wouldn't use warn_offsite, because it opens the door to backscatter. I'd leave it at its default, effectively disabling offsite warnings. What I'd do instead is set @mynetworks and @local_domains_maps. The first defines hosts (IPs/networks in CIDR) you know to be internal (from internal) and the second defines a list of domains you receive messages for (to internal). Once these have been set amavis can tell all directions, e.g. "from external" != "from internal", *and* it will begin to send notifications. It will also notify potential senders of banned files if you set $warnbannedsender. In case you are able to read and understand German you may read more about this in my blog: https://sys4.de/en/blog/2013/02/15/e-mail-content-policies-mit-amavis/ > Does $warnbannedsender control the notifications I am seeing? It does. > > > - I cannot find a way to disable them - tried setting these all to 0 > > > but no > > > luck: $warnbadhsender $warnbannedsender $warn_offsite > > > > > > I tried setting to undef instead of 0, but warning/notices are still > > > sent > > > out by amavis. So I appear to have a problem with these settings > > > being > > > overridden somewhere else(?)(or not understanding the right settings > > > to use) > > > but I hope someone can still answer my other questions: > > > > Did you set mynetworks and local_domain_maps? Without these settings > > amavis > > won't be able to tell which directions - inbound/outbound - mails are > > flowing. By default it only notifies recipients who belong to > > hosts/domains in > > local_domain_maps. Without this it won't notify at all. > > local_domain_maps is set correctly. mynetworks is not, as I used the policy > banks associated with the port number which, combined with local_domain_maps > has been working correctly (amavis logs correctly for "RelayedInbound" and > "RelayedInternal" etc). Even if you recommend I set up mynetworks, I > understand you think without it I should not be seeing the notifications at > all. That's confounding. Ah, yes. It is. I don't have a clue at the moment. :( Have you tried to use @debug_sender_maps? I'd use it as a trap to trigger verbose output. Once we have that we can try to make sense of what we see. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein