Bug #3148

Spam scan of relay domains

Added by Filippo Carletti over 6 years ago. Updated about 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-mail-filter
Target version:v6.6
Security class: Resolution:
Affected version:v6.6-final NEEDINFO:No

Description

Now, the antispam scans only mail addressed to domains which are delivered locally.
A common usage pattern is to use NethServer as a proxy that filters email and then delivers it to an "internal" mail server.
Mail relayed should also be checked for spam.

20virtual_domains (323 Bytes) Filippo Carletti, 05/06/2015 09:47 AM


Related issues

Related to NethServer 6 - Enhancement #3150: Mail filter bypass CLOSED

Associated revisions

Revision db9137dc
Added by Davide Principi about 6 years ago

Include relay domains into amavis @local_domains_maps. Refs #3148

Spam headers are added only to domains listed in @local_domains_maps.

Revision 937f43fb
Added by Davide Principi about 6 years ago

Moved previous commit to nethserver-mail-filter. Refs #3148

Revision 85cf3152
Added by Davide Principi about 6 years ago

Disable address extensions on relay domains. Refs #3148

Imported fragment from nethserver-mail-server defining relay domains
as "local inbound".

Revision 0cbade53
Added by Davide Principi about 6 years ago

Fix lookup result for address extensions. Refs #3148

History

#1 Updated by Filippo Carletti over 6 years ago

We need to tweak amavisd.conf @local_domains_maps adding a list of domains for which we relay mails.
See attached template (thanks to DavideP).

#2 Updated by Davide Principi about 6 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.6
  • % Done changed from 0 to 20

#3 Updated by Davide Principi about 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#4 Updated by Davide Principi about 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Filippo Carletti wrote:

Now, the antispam scans only mail addressed to domains which are delivered locally.
A common usage pattern is to use NethServer as a proxy that filters email and then delivers it to an "internal" mail server.
Mail relayed should also be checked for spam.

AFAIK, the mail is scanned and possibly blocked. Spam headers are never added.

MODIFIED

Added a separate fragment: by overriding it, it's easy to revert to the old behaviour.

#5 Updated by Davide Principi about 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-mail-server-1.8.8-1.1.gdb9137d.ns6.noarch.rpm

#6 Updated by Alessio Fattorini about 6 years ago

  • Assignee set to Alessio Fattorini

#7 Updated by Alessio Fattorini about 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90
  • New fragment is present /etc/e-smith/templates/etc/amavisd.conf/21relay_domains
  • Into local_domains_maps there are all domains configured
  • new spam message is checked and tagged correctly
May 13 16:20:44 nethserver amavis[20990]: (20990-13) Passed SPAMMY {RelayedTaggedInbound}, [93.57.***]:50647 [93.57.***] <alessio@neths*********> -> <d***@di*****>, Message-ID: <20150513142038.C8E328C04D9@******.nethesis.it>, mail_id: 17N61Ch37l6N, Hits: 4.035, size: 18489, queued_as: 6FE8F1011D2, 2110 ms
May 13 16:20:44 nethserver transfer/smtpd[28014]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6FE8F1011D2; from=<alessio@******> to=<test@***> proto=ESMTP helo=<neth******>

VERIFIED

#8 Updated by Davide Principi about 6 years ago

  • Status changed from VERIFIED to ON_QA
  • Assignee deleted (Alessio Fattorini)
  • % Done changed from 90 to 70
  • Affected version changed from v6.6 to v6.6-final

#9 Updated by Davide Principi about 6 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

When a message is relayed the +spam extension address must not be added: some mail servers (Exchange) does not accept it.

#10 Updated by Davide Principi about 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#11 Updated by Davide Principi about 6 years ago

  • Category changed from nethserver-mail-server to nethserver-mail-filter
  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

MODIFIED

moved fragment implementation into nethserver-mail-filter

To test the bug fix, upgrade both nethserver-mail-server and nethserver-mail-filter packages.

#12 Updated by Davide Principi about 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing
nethserver-mail-filter-1.3.2-1.1.g85cf315.ns6.noarch.rpm
nethserver-mail-filter-1.3.2-1.4.gb7000f4.ns6.noarch.rpm
nethserver-mail-server-1.8.8-1.2.g937f43f.ns6.noarch.rpm

#13 Updated by Davide Principi about 6 years ago

#14 Updated by Alessio Fattorini about 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Verified

#15 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-mail-filter-1.3.3-1.ns6.noarch.rpm
  • nethserver-mail-server-1.8.9-1.ns6.noarch.rpm

Also available in: Atom PDF