Enhancement #3348

« Previous | Next »

Amavis virus+spam policy tweaks

Added by Davide Principi over 5 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-mail-filter
Target version:v6.7
Resolution: NEEDINFO:No

Description

I'm almost sure the current amavis configuration has a small oversight in

/etc/e-smith/templates/etc/amavisd.conf/20policy
$final_virus_destiny      = D_REJECT; 
$final_spam_destiny       = D_DISCARD;

Assuming virus false positives are rare enough, virus should be DISCARDED, whilst spam explicitly REJECTED.

Related issues

Related to NethServer 6 - Bug #3383: mail-server: no feedback for user if a virus is detected ... CLOSED

Associated revisions

Revision 6d3f1eb2
Added by Davide Principi over 5 years ago

Fix spam and virus policies. Refs #3348

History

#1 Updated by Davide Principi over 5 years ago

  • Category set to nethserver-mail-filter
  • Status changed from NEW to TRIAGED
  • Target version set to v6.7
  • % Done changed from 0 to 20

#2 Updated by Davide Principi over 5 years ago

  • Status changed from TRIAGED to MODIFIED
  • % Done changed from 20 to 60

Test case

  • send a message containing EICAR virus signature: it must be silently discarded
  • send a spam message: score below 20 must be explicitly rejected with code 500

#3 Updated by Davide Principi over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-mail-filter-1.3.4-1.1.g6d3f1eb.ns6.noarch.rpm

#4 Updated by Filippo Carletti over 5 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

I used the GTUBE spam. See snippets of the smtp transaction before and after upgrade.

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
.
250 2.7.0 Ok, discarded, id=14443-18 - spam

Post-upgarde:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
.
554 5.7.0 Reject, id=27254-01 - spam

#5 Updated by Filippo Carletti over 5 years ago

Server side maillog showing virus rejection:
Pre upgrade:

Feb 10 11:36:33 server transfer/smtpd[10172]: proxy-reject: END-OF-MESSAGE: 554 5.7.0 Reject, id=15435-12 - INFECTED: Sanesecurity.F
oxhole.Zip_doc.UNOFFICIAL;

Post upgrade:
Feb 10 16:40:32 server transfer/smtpd[402]: proxy-accept: END-OF-MESSAGE: 250 2.7.0 Ok, discarded, id=27255-02 - INFECTED: Eicar-Test-Signature.UNOFFICIAL;

#6 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

Released in 6.7/nethserver-updates:
nethserver-mail-filter-1.3.5-1.ns6.noarch.rpm

Released in 7.2.1511/nethserver-updates:
nethserver-mail-filter-1.3.5-1.11.ga4d581d.ns7.noarch.rpm

#7 Updated by Davide Principi over 5 years ago

  • Related to Bug #3383: mail-server: no feedback for user if a virus is detected on submission port added

Also available in: Atom PDF