plus addressing based amavisd-new quarantine

amavis wrote:

> Hi,
> How do I direct all mails tagged as say "SPAM" to a separate mailbox for a particular domain.
> The destination mailbox is on a separate server.
> Please help.
> Thank you.
> -Sysadmin

I will assume you are using the default 'local' quarantine method. Let's also assume you are currently quarantining to a mailbox: $spam_quarantine_to = 'spambin@example.com'; Mail that scores at $sa_kill_level_deflt will be quarantined there. There is a problem with this. I will quote Mark from previous posts:

####################################################################
If the intention is for the 'quarantined' mail to be directly viewable by original recipients without pre-processing, then the quarantining mechanism is not the right way. Quarantining stores one copy per message, not one per recipient, which looses personalized header fields inserted, and reveals all original envelope recipients, violating sender's privacy. Releasing from a quarantine or viewing quarantined mail by users requires some pre-processing, like hiding X-Envelope-To.

The correct solution lies in adding address extensions as a way to tag spam (at tag2 level), ensure the mail is delivered (D_PASS or having kill_level safely high), then use MTA's virtual mapping to rewrite modified address (with address extension appended) to some other mailbox on some host. See the: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#addrext and follow the example at the end of that section.

This approach ensures that each recipient receives mail the way it was intended for them, with proper personalized headers inserted, with bypass*, while/blacklists, spam levels, etc. properly observed.

Rewriting a recipient address (by adding an extension and redirecting) results in a clean mail that can be seen (or forwarded to) directly by end-user if needed. A mail is also cloned as needed in case of it having multiple recipients (e.g. from different subdomains), perhaps each with different settings.

Using native quarantining mechanisms does not preserve sender's privacy as it stores all envelope information in mail header - which should be removed before handing mail for user inspection. Also proper mail cloning is not done: even in case of multiple quarantines all copies would be equal (e.g. each listing _all_ envelope recipients).
####################################################################

This is not a concern for me personally because there is no one in my (small) organization that has a clue what an email header is and even if they did, would not care who a message was BCC'd to. Plus, as luck would have it, no mail I have ever released was addressed to multiple recipients. So I could use something like this:

$spam_quarantine_to = 'spambin@example.com';

@spam_quarantine_to_maps = (
  { '.example.net' => 'spambin@example.net',
  },
  $spam_quarantine_to, # current setting for everyone else
);

To use plus addressing to deliver to a single mailbox for each domain would first require you rethink settings like sa_kill_level and sa_tag2_level because mail would be directed to the spambin mailboxes at sa_tag2_level. The recipient domains must be considered 'local' domains by amavisd-new (included in @local_domains_maps or similar - I'm not referring to local mailboxes). You would probably want to disable rewriting of the subject line, so 'quarantined' mail does not get the ***SPAM*** entry (search for spam_modifies_subj in amavisd.conf-sample). You would raise sa_tag2_level to sa_kill_level and raise sa_kill_level to a higher number (maybe 15 or so). If the mail scored at 15, it would quarantine using the conventional quarantine method (use of plus addressing would not change that fact). Set it higher, or set $final_spam_destiny = D_PASS; if you don't want to use conventional quarantine. At something like 15, you could still use my example @spam_quarantine_to_maps above.

You would need to enable plus addressing in both amavisd.conf and main.cf and create an additional virtual alias map (pcre or regexp).

contents of /etc/postfix/virtual_pcre
/^.*\+spam@example\.com$/   spambin@example.com
/^.*\+spam@example\.net$/   spambin@example.net

main.cf:
recipient_delimiter = +
virtual_alias_maps =
  hash:/etc/postfix/virtual
  pcre:/etc/postfix/virtual_pcre

amavisd.conf:
$recipient_delimiter = '+';
@addr_extension_spam_maps = ('spam');
(and the other @addr_extension_*_maps)

read amavisd.conf-sample for more examples of using different settings for different recipients/domains.
Depending on your needs, you may want to repeat this for banned/virus/bad_header mail. However, to 'quarantine' e.g. banned files using plus addressing, you would need to set $final_banned_destiny = D_PASS; otherwise conventional quarantine would be used (if configured).

In the case of banned files, this could be conventional quarantine:

$final_banned_destiny = D_BOUNCE;

$banned_quarantine_to = 'banned@example.com';

@banned_quarantine_to_maps = (
  { '.example.net' => 'banned@example.net',
  },
  $banned_quarantine_to, # current setting for everyone else
);

or 'quarantine' banned files using plus addressing:

$final_banned_destiny = D_PASS;

contents of /etc/postfix/virtual_pcre
/^.*\+spam@example\.com$/   spambin@example.com
/^.*\+spam@example\.net$/   spambin@example.net
/^.*\+banned@example\.com$/   banned@example.com
/^.*\+banned@example\.net$/   banned@example.net

While I'm at it, there are a couple other caveats when using a virtual alias map to help perform 'plus address' quarantining. You cannot have address rewriting disabled for the amavisd-new reinjection port. To prevent duplicate mail (due to address rewriting), it is not uncommon to disable address rewriting on the amavisd-new reinjection port with something like:

127.0.0.1:10025  inet  n  - n - - smtpd
    -o content_filter=
    [...]
    -o receive_override_options=no_address_mappings,no_unknown_recipient_checks

which would break the use of address rewriting along with 'plus addressing'. In a case like this you would have to rethink your options and possibly rewrite addresses after amavisd-new:

smtp inet  n  - n  -  -  smtpd
    -o receive_override_options=no_address_mappings

127.0.0.1:10025  inet  n  - n  -  -  smtpd
    -o content_filter=
    [...]
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

The other caveat is ^.*\+spam@example.com is now a wildcard that enables mail to anything+spam@example.com. Wildcards or regexp tricks in virtual_alias_maps (or canonical_maps) breaks recipient validation. Not using a wildcard involves creating an alias for every user, for every quarantine bin (at which point a hash: or dbm: type of virtual alias map would probably be used instead of a pcre or regexp map):


virtual_alias_maps = hash:/etc/postfix/virtual

With the contents of /etc/postfix/virtual:

user1+spam@example.com spambin@example.com
user1+banned@example.com banned@example.com
user2+spam@example.com spambin@example.com
user2+banned@example.com banned@example.com

Note that this is not the only way 'plus addressing' is used. This deals with placing all "quarantined" messages into a domain wide mailbox. If a LDA like Cyrus IMAP is used, spam can automatically be directed to individual sub-folders, as it could with maildrop and a clever recipe in maildroprc. If you want similar functionality but your LDA is not 'plus addressing' smart, you could create additional mailboxes for each user and use the virtual table similar to the above to redirect malware there. You could also (for example) direct spam to individual users on a different host:

user1+spam@example.com user1@host.example.com

user2+spam@example.com user2@host.example.com

If using a pcre map, I imagine it would look like this (but I have not tried it):
/^(.*)\+spam@example\.com$/ $1@host.example.com

Gary V - mr88talent at yahoo dot com