LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 04-16-2010, 04:21 PM   #1
tedcox
LQ Newbie
 
Registered: Jan 2004
Distribution: Fedora Core
Posts: 23

Rep: Reputation: 15
Roaming users getting flagged as spam on my server


Hey there,

Amavis-new on my mail server is marking my emails as spam, like so:

Quote:
Apr 16 12:15:52 myserver amavis[30979]: (o3GIFltt008868) Blocked SPAM, AM.PDP-SOCK [xx.xx.xx.xx] [xx.xx.xx.xx] <myemail@mydomain.com> -> <myfriend@hisdomain.com>, quarantine: spam-w1hxRn9Pr4P6.gz, Message-ID: <4BC8A9E8.2070108@mydomain.com>, mail_id: w1hxRn9Pr4P6, Hits: 7.844, size: 6763, 1986 ms
The mail server is not on my local LAN, and all the primary users are roaming. They connect via TLS auth, which is required to make a sendmail connection to my server. I could whitelist all addresses in my domain, but then anyone spoofing my email wouldn't be seen as spam. How do I simply tell amavis-new and/or sendmail not to spam scan TLS authenticated users?

Thanks!

Last edited by tedcox; 04-16-2010 at 04:23 PM. Reason: for clarity and readability
 
Old 04-17-2010, 01:39 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,345

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
if you're using TLS to authenticate you should have the confidence that anything sent is not spam, and so not check it in the first place. However if it being seen as spam, then your spam engine is not configured correctly, so really you should make it work properly or other emails arriving into your system for local users are just as likely to be incorrectly filtered surely. There are plenty of ways to integrate these products can be linked together, so the subtlties of how to not use SA change a lot depending on how it's done. Often you'd only use it via procmail, so it would only apply to mail for your domain, which would implicitly cover your users sending email out.
 
Old 04-17-2010, 04:31 AM   #3
tedcox
LQ Newbie
 
Registered: Jan 2004
Distribution: Fedora Core
Posts: 23

Original Poster
Rep: Reputation: 15
Maybe my initial description was poor (or maybe I'm just not understanding your reply). My server, of course, receives email for my domain (incoming mail) without TLS auth. However, it required TLS Auth for outgoing messages. Ideally, I don't want to spam scan outgoing messages, but I do want all incoming messages scanned.

This has worked without a hitch for a number of years. I'm running CentOS, with amavis-milter configured in sendmail and clamav and spamassassin tied into amavis. I haven't changed any of that configuration in years. A recent update to clamav changed the permissions on all of the clamav files in /var. That broke amavis completely. I fixed the permissions (just some chown commands) and everything looks correct again except that suddenly I'm having this weird problem where my outgoing messages are being spam scanned. I assume I need to tweak a config variable either in sendmail or amavis, but the only thing I see is this line in amavisd.conf:

Quote:
# it is up to MTA to re-route mail from authenticated roaming users or
# from internal hosts to a dedicated TCP port (such as 10026) for filtering
$interface_policy{'10026'} = 'ORIGINATING';
I have no idea, though, how to make sendmail do this.

Last edited by tedcox; 04-17-2010 at 04:35 AM.
 
Old 04-17-2010, 09:32 AM   #4
tedcox
LQ Newbie
 
Registered: Jan 2004
Distribution: Fedora Core
Posts: 23

Original Poster
Rep: Reputation: 15
It looks to me like my problem is here. In amavisd.conf:

Quote:
$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_spam_checks_maps => [1], # don't spam-check outgoing mail
bypass_banned_checks_maps => [1], # allow sending any file names and types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
};
It looks to me like checks are bring bypassed for "originating" users. The problem seems to be in sendmail letting amavis know what users are "originating." Do I have that right?

The sendmail handoff to amavis looks like this in sendmail.mc:

Quote:
define(`MILTER', 1)
INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/amavis/amavis-milter.sock, F=T, T=S:10m;R:10m;E:10m')
 
Old 04-18-2010, 02:42 AM   #5
tedcox
LQ Newbie
 
Registered: Jan 2004
Distribution: Fedora Core
Posts: 23

Original Poster
Rep: Reputation: 15
Ok, so I think I solved my problem. I'm going to post the solution and explanation here in case someone else comes looking with a similar issue. First of all, by default, Amavisd only scans messages for local delivery (i.e. messages the server expects to deliver to it's own users) so it SHOULDN"T scan outgoing mail. As I suspected, there was a problem with identify what was outgoing mail. That problem appears to have been with this line:

Quote:
$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
At some point, mine had picked up a carriage return between -odd and -f. While this wasn't generating any errors, since correcting it, I've seen incoming mail get scanned, but outgoing mail leave without any hindrance by the spam filter.
 
  


Reply

Tags
amavisnew, roaming, sendmail, spam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
My outgoing email is getting flagged as spam timyaukey Linux - Server 1 09-17-2007 06:35 PM
Roaming profile for linux samba users wreza Linux - Networking 0 09-01-2007 08:30 AM
How to set up a VPN for roaming users on Internet? licht Linux - Networking 22 07-26-2007 12:26 AM
Roaming users on RH BarryT Linux - Networking 3 03-11-2004 04:58 AM
Sendmail for roaming users clintonm9 Linux - Software 1 06-24-2003 12:16 AM


All times are GMT -5. The time now is 12:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration