Amavisd-new
From Kolab wiki
Contents |
Banned file types
1) Amavisd has a list of banned file types. Edit
/kolab/etc/kolab/templates/amavisd.conf.template
and look for
banned_filename_re
You will find instructions how you can change these there. When you're finished, run
/kolab/sbin/kolabconf
to make the changes permanent.
2) Another way is to allow banned files to pass: edit /kolab/etc/kolab/templates/amavis.conf.template.conf and modify this line:
$final_banned_destiny = D_PASS; # (defaults to D_BOUNCE).
After that run
/kolab/sbin/kolabconf
to make the changes permanent. Keep in mind: This will (effectively) completely disable checking of banned file types, virus scanning will still work though.
Releasing mails from quarantine
Using amavis-release
The utility amavisd-release (amavisd-new-2.3.3 or later) tells the amavisd daemon to fetch a mail from a local quarantine, and send it to MTA through its regular channels ($notify_method), bypassing re-checking.
By default it connects to socket /var/amavis/amavisd.sock, on which amavisd should be listening for AM.PDP protocol, but one can use inet socket instead of a Unix socket if there is a need to run amavisd-release from a remote host.
In the amavisd.conf.template the following should be added:
# $unix_socketname = "$MYHOME/amavisd.sock"; # listen on Unix socket
$unix_socketname = "/kolab/var/amavisd/amavisd.sock"; # listen on Unix socket
# alternatively (less common):
# $inet_socket_port = [10024, 9998]; # listen on listed inet tcp ports
# apply policy bank AM.PDP-SOCK on a Unix socket:
# (note that this precludes the use of old amavis-milter
# helper program (with sendmail) on the same socket)
$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
# apply policy bank AM.PDP-INET to some inet tcp socket, e.g. tcp port 9998:
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP', # select Amavis policy delegation protocol
auth_required_release => 0, # don't require secret_id for amavisd-release
};
$policy_bank{'AM.PDP-INET'} = {
protocol => 'AM.PDP', # select Amavis policy delegation protocol
inet_acl => [qw( 127.0.0.1 [::1] )], # restrict access to these IP addresses
# auth_required_release => 0, # don't require secret_id for amavisd-release
};
Setting of $auth_required_release decides whether the requestor needs to specify secret_id in addition to mail_id to authorize a mail release. The secret_id is stored in SQL table msgs when logging to SQL is enabled, otherwise this information is not accessible.
Note that turning off $auth_required_release check is safe as long as access to the socket is restricted, like with file protections on a Unix socket, or restricted with inet_acl to specific IP addresses. Enabling or disabling $auth_required_release is a management / setup decision and convenience.
To release a mail message an exact quarantine location should be specified as an argument to amavisd-release, e.g.:
$ amavisd-release /kolab/var/amavisd/virusmails/spam-UM3XM3XDbN52.gz
The amavisd-release utility also accepts mail_id from STDIN if releasing more than one message in one go is more convenient:
$ amavisd-release - /kolab/var/amavisd/virusmails/spam-UM3XM3XDbN52.gz /kolab/var/amavisd/virusmails/spam-gnwKVFKiuey3.gz /kolab/var/amavisd/virusmails/spam-Xpkj9mLLBHTR.gz
Using cyrdeliver
You may also use cyrdeliver to inject a banned mail directly into a users mail account:
/kolab/bin/cyrdeliver my.user@example.com < /kolab/var/amavisd/virusmails/banned-kXuJ2d3uGVCT
Also see this mail.
Categories: Howto | Usage
