On 9 February 2018 at 17:56, Markus Clardy <[email protected]> wrote: > On Fri, Feb 9, 2018 at 5:41 PM, Dominic Raferd <[email protected]> > wrote: >> >> On 9 February 2018 at 16:59, Markus Clardy <[email protected]> wrote: >> > On Fri, Feb 9, 2018 at 4:23 PM, Dominic Raferd <[email protected]> >> > wrote: >> >> >> >> Is there a way to have the presence of a specific header (or, better, >> >> a specific beginning to a header, where the later text might vary) >> >> causing quarantining by amavis. Use case is that postfix header_checks >> >> will identify a suspect mail and add the header before the mail is >> >> passed to amavis. >> >> >> >> Example header which should lead to amavis quarantining the mail: >> >> >> >> X-Hold: mydomain.tld; Withheld by order of check_header.pcre (.world >> >> domain) >> >> >> >> I feel sure amavis is powerful enough to do this but the plethora of >> >> options, and the perl terminology, leave me baffled. Thanks for any >> >> help. >> >> >> > What you can do is have a port/policy in Amavisd for Quarantining >> > everything, then just instead of adding a header in Postfix, have the >> > mail >> > redirect to that port. >> > >> > This way, mail that is meant to be held as designated by Postfix, will >> > go to >> > the quarantine that way. >> > >> >> Thanks Marcus but I want amavis to continue doing its own stuff as >> normal as well as quarantining these extra mails. Also it sounds >> complicated to resubmit mails via a different port but it is very easy >> to add a header using the postfix PREPEND option. > Not that hard actually. > > Your create a new port for Amavisd: > > $inet_socket_port = [10024, 10030] > > Then create a Policy for it: > > $interface_policy{'10030'} = 'Quarantine.Postfix'; > $policy_bank{'Quarantine.Postfix'} = { > archive_quarantine_to_maps = > ['archive-quarantine']; > archive_quarantine_method => 'local:hold-%m', > final_destiny_maps_by_ccat => { REPLACE = 1, &CC_CATCHALL => D_DISCARD > }, > forward_method => 'smtp:[127.0.0.1]:10024' > }; > > > After that, in your header checks, you would have the header check cause > "FILTER smtp-amavis:[127.0.0.1]:10030" instead of "PREPEND X-Hold: ....". > > This will mean that any mail submitted on port 10030 of Amavisd gets > quarantined (and will appear as hold-UniqID in your quarantine (UniqID being > the Amavisd ID), and anything submitted on your normal port (assumed 10024 > in this case), will get scanned as normal. > > This is just an example, and you could do more with it if you'd like, such > as separating different reasons to be quarantined. > > > To my knowledge, Amavis doesn't have an automatic quarantine header list. > > > > The other option would be to add a large score in SpamAssassin if this > header is found. That would also cause the mail to get quarantined, but may > not appear necessarily the same way you are looking for it to appear in the > quarantine (it'll get marked as Spam). >
I've implemented your second suggestion with a couple of lines in /etc/spamassassin/local.cf thus: header LOCAL_SUSPECT_HEADER X-Hold =~ /mydomain\.tld; suspect/ score LOCAL_SUSPECT_HEADER 9 and entries in my postfix access tables like this: world PREPEND X-Hold: mydomain.tld; suspect sender (.world) and it is working perfectly. Thanks for your help.
