Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
spam report with original message attached
15 views
Skip to first unread message
Sergey
Apr 5, 2012, 3:23:12 PM4/5/12
to
Hello colleagues!
I am receiving spam reports with attachment which is supposed to contain the
original message. But the attachment contains only the head of the message
with information (From/To/Subject) - no body of the original message.
Please advise how to configure so that I get the complete original message
attached with the spam report?
Version: amavisd-new-2.6.4
### Config adapted from internet ###
use strict;
$max_servers = 2; # num of pre-forked children (2..15 is common),
-m
$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
$mydomain = 'my.internet.domain'; # a convenient default for other
settings
$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = '/var/virusmails'; # -Q $spam_quarantine_to =
"quarantine.mailbox\@$mydomain"; $virus_quarantine_to =
"quarantine.mailbox\@$mydomain"; $banned_quarantine_to =
"quarantine.mailbox\@$mydomain"; $bad_header_quarantine_to =
"quarantine.mailbox\@$mydomain"; $spam_admin = "my.mailbox\@$mydomain";
$log_level = 0; # verbosity 0..5, -d
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_facility = 'mail'; # Syslog facility as a string
# e.g.: mail, daemon, user, local0, ... local7 $syslog_priority =
'debug'; # Syslog base (minimal) priority as a string,
# choose from: emerg, alert, crit, err, warning, notice, info,
debug
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if
$enable_db=1
$enable_dkim_verification = 0;
$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
$interface_policy{'SOCK'} = 'AM.PDP';
$policy_bank{'AM.PDP'} = {protocol=>'AM.PDP'};
$unix_socketname='/var/amavis/amavisd.sock';
read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
@local_domains_maps = ( [".$mydomain"] ); # list of all local domains
@mynetworks = qw( 127.0.0.0/8 10.0.0.0/8 );
# option(s) -p overrides $inet_socket_port and
$unix_socketname
$inet_socket_port = 10024; # listen on this local TCP port(s)
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it
explicit
os_fingerprint_method => undef, # don't query p0f for internal clients };
$interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = {
# mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ["my.mailbox\@$mydomain"],
spam_admin_maps => ["my.mailbox\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1], # allow sending any file names and
types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS
option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with
$unix_socketname $policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
auth_required_release => 0, # do not require secret_id for
amavisd-release }; $sa_tag_level_deflt = 4.0; # add spam info headers if
at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected'
headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive
actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn
database)
$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi
spam $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail
is larger
$sa_local_tests_only = 0; # only tests which do not require internet
access?
$virus_admin = "my.mailbox\@$mydomain"; # notifications
recip.
$mailfrom_notify_admin = "quarantine.mailbox\@$mydomain"; #
notifications sender
$mailfrom_notify_recip = "quarantine.mailbox\@$mydomain"; #
notifications sender
$mailfrom_notify_spamadmin = "quarantine.mailbox\@$mydomain"; #
notifications sender $mailfrom_to_quarantine = ''; # null return path; uses
original sender if undef
@addr_extension_virus_maps = ('virus');
@addr_extension_banned_maps = ('banned');
@addr_extension_spam_maps = ('spam');
@addr_extension_bad_header_maps = ('badh'); $path =
'/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
enforced) $sa_spam_subject_tag = '**SPAM** '; $defang_virus = 1; #
MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail
containing banned name
$defang_bad_header = 1; # default is false: don't modify mail body
# $defang_undecipherable = 1; # default is false: don't modify mail body
$defang_spam = 1; # default is false: don't modify mail body
$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998
characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
$myhostname = 'my.internet.domain'; # must be a fully-qualified domain
name!
$notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method =
'smtp:[127.0.0.1]:10025'; # set to undef with milter!
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS;
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains
undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
[ qr'^\.(exe-ms|dll)$' =>0 ], # "[" = allow,
banned file(1) types, rudimentary
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
# block certain double extensions in filenames
qr'\.[^./]*[A-Za-z][^./]*\.\s*(vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
qr'.\.(vbs|pif|scr|cpl)$'i, # banned extension - basic
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are
summed
## site-wide opinions about senders (the '.' matches any recipient)
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all
soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i =>
5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=>
5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=>
5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i =>
5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i =>
5.0],
[qr'^(your_friend|greatoffers)@'i =>
5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i =>
5.0],
),
{ # a hash-type lookup table (associative array)
'nob...@cert.org' => -3.0,
'cert-a...@us-cert.gov' => -3.0,
'owner...@iss.net' => -3.0,
'slas...@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbu...@listserv.ntbugtraq.com' => -3.0,
'securit...@linuxsecurity.com' => -3.0,
'mailman-ann...@python.org' => -3.0,
'amavis-u...@lists.sourceforge.net'=> -3.0,
'amavis-us...@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notificat...@lists.sophos.com' => -3.0,
'owner-pos...@postfix.org' => -3.0,
'owner-postf...@postfix.org' => -3.0,
'owner-sendm...@lists.sendmail.org' => -3.0,
'sendmail-ann...@lists.sendmail.org' => -3.0,
'donot...@sendmail.org' => -3.0,
'ca+en...@sendmail.org' => -3.0,
'nor...@freshmeat.net' => -3.0,
'owner-t...@postel.acm.org' => -3.0,
'ietf-12...@loki.ietf.org' => -3.0,
'cvs-commits...@gnome.org' => -3.0,
'rt-user...@lists.fsck.com' => -3.0,
'clp-r...@comp.nus.edu.sg' => -3.0,
'surveys...@lists.nua.ie' => -3.0,
'emai...@genomeweb.com' => -5.0,
'yahoo-d...@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clust...@linuxnetworx.com' => -3.0,
lc('lvs-use...@LinuxVirtualServer.org') => -3.0,
lc('owner-textb...@CNNIMAIL12.CNN.COM') => -5.0,
# soft-blacklisting (positive score)
'sen...@example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
@decoders = (
['mail', \&do_mime_decode],
['asc', \&do_ascii],
['uue', \&do_ascii],
['hqx', \&do_ascii],
['ync', \&do_ascii],
['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
['gz', \&do_uncompress, 'gzip -d'],
['gz', \&do_gunzip],
['bz2', \&do_uncompress, 'bzip2 -d'],
['lzo', \&do_uncompress, 'lzop -d'],
['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['deb', \&do_ar, 'ar'],
['zip', \&do_unzip],
['7z', \&do_7zip, ['7zr','7za','7z'] ],
['rar', \&do_unrar, ['rar','unrar'] ],
['arj', \&do_unarj, ['arj','unarj'] ],
['arc', \&do_arc, ['nomarch','arc'] ],
['zoo', \&do_zoo, ['zoo','unzoo'] ],
['lha', \&do_lha, 'lha'],
['cab', \&do_cabextract, 'cabextract'],
['tnef', \&do_tnef_ext, 'tnef'],
['tnef', \&do_tnef],
['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], );
@av_scanners = ( ['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ] ); @av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ] ); 1;
# insure a defined return
### END OF CONFIG ###
Sergey
I am receiving spam reports with attachment which is supposed to contain the
original message. But the attachment contains only the head of the message
with information (From/To/Subject) - no body of the original message.
Please advise how to configure so that I get the complete original message
attached with the spam report?
Version: amavisd-new-2.6.4
### Config adapted from internet ###
use strict;
$max_servers = 2; # num of pre-forked children (2..15 is common),
-m
$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
$mydomain = 'my.internet.domain'; # a convenient default for other
settings
$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = '/var/virusmails'; # -Q $spam_quarantine_to =
"quarantine.mailbox\@$mydomain"; $virus_quarantine_to =
"quarantine.mailbox\@$mydomain"; $banned_quarantine_to =
"quarantine.mailbox\@$mydomain"; $bad_header_quarantine_to =
"quarantine.mailbox\@$mydomain"; $spam_admin = "my.mailbox\@$mydomain";
$log_level = 0; # verbosity 0..5, -d
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_facility = 'mail'; # Syslog facility as a string
# e.g.: mail, daemon, user, local0, ... local7 $syslog_priority =
'debug'; # Syslog base (minimal) priority as a string,
# choose from: emerg, alert, crit, err, warning, notice, info,
debug
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if
$enable_db=1
$enable_dkim_verification = 0;
$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
$interface_policy{'SOCK'} = 'AM.PDP';
$policy_bank{'AM.PDP'} = {protocol=>'AM.PDP'};
$unix_socketname='/var/amavis/amavisd.sock';
read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
@local_domains_maps = ( [".$mydomain"] ); # list of all local domains
@mynetworks = qw( 127.0.0.0/8 10.0.0.0/8 );
# option(s) -p overrides $inet_socket_port and
$unix_socketname
$inet_socket_port = 10024; # listen on this local TCP port(s)
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it
explicit
os_fingerprint_method => undef, # don't query p0f for internal clients };
$interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = {
# mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ["my.mailbox\@$mydomain"],
spam_admin_maps => ["my.mailbox\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1], # allow sending any file names and
types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS
option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with
$unix_socketname $policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
auth_required_release => 0, # do not require secret_id for
amavisd-release }; $sa_tag_level_deflt = 4.0; # add spam info headers if
at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected'
headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive
actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn
database)
$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi
spam $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail
is larger
$sa_local_tests_only = 0; # only tests which do not require internet
access?
$virus_admin = "my.mailbox\@$mydomain"; # notifications
recip.
$mailfrom_notify_admin = "quarantine.mailbox\@$mydomain"; #
notifications sender
$mailfrom_notify_recip = "quarantine.mailbox\@$mydomain"; #
notifications sender
$mailfrom_notify_spamadmin = "quarantine.mailbox\@$mydomain"; #
notifications sender $mailfrom_to_quarantine = ''; # null return path; uses
original sender if undef
@addr_extension_virus_maps = ('virus');
@addr_extension_banned_maps = ('banned');
@addr_extension_spam_maps = ('spam');
@addr_extension_bad_header_maps = ('badh'); $path =
'/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
enforced) $sa_spam_subject_tag = '**SPAM** '; $defang_virus = 1; #
MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail
containing banned name
$defang_bad_header = 1; # default is false: don't modify mail body
# $defang_undecipherable = 1; # default is false: don't modify mail body
$defang_spam = 1; # default is false: don't modify mail body
$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998
characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
$myhostname = 'my.internet.domain'; # must be a fully-qualified domain
name!
$notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method =
'smtp:[127.0.0.1]:10025'; # set to undef with milter!
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS;
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains
undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
[ qr'^\.(exe-ms|dll)$' =>0 ], # "[" = allow,
banned file(1) types, rudimentary
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
# block certain double extensions in filenames
qr'\.[^./]*[A-Za-z][^./]*\.\s*(vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
qr'.\.(vbs|pif|scr|cpl)$'i, # banned extension - basic
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are
summed
## site-wide opinions about senders (the '.' matches any recipient)
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all
soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i =>
5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=>
5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=>
5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i =>
5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i =>
5.0],
[qr'^(your_friend|greatoffers)@'i =>
5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i =>
5.0],
),
{ # a hash-type lookup table (associative array)
'nob...@cert.org' => -3.0,
'cert-a...@us-cert.gov' => -3.0,
'owner...@iss.net' => -3.0,
'slas...@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbu...@listserv.ntbugtraq.com' => -3.0,
'securit...@linuxsecurity.com' => -3.0,
'mailman-ann...@python.org' => -3.0,
'amavis-u...@lists.sourceforge.net'=> -3.0,
'amavis-us...@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notificat...@lists.sophos.com' => -3.0,
'owner-pos...@postfix.org' => -3.0,
'owner-postf...@postfix.org' => -3.0,
'owner-sendm...@lists.sendmail.org' => -3.0,
'sendmail-ann...@lists.sendmail.org' => -3.0,
'donot...@sendmail.org' => -3.0,
'ca+en...@sendmail.org' => -3.0,
'nor...@freshmeat.net' => -3.0,
'owner-t...@postel.acm.org' => -3.0,
'ietf-12...@loki.ietf.org' => -3.0,
'cvs-commits...@gnome.org' => -3.0,
'rt-user...@lists.fsck.com' => -3.0,
'clp-r...@comp.nus.edu.sg' => -3.0,
'surveys...@lists.nua.ie' => -3.0,
'emai...@genomeweb.com' => -5.0,
'yahoo-d...@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clust...@linuxnetworx.com' => -3.0,
lc('lvs-use...@LinuxVirtualServer.org') => -3.0,
lc('owner-textb...@CNNIMAIL12.CNN.COM') => -5.0,
# soft-blacklisting (positive score)
'sen...@example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
@decoders = (
['mail', \&do_mime_decode],
['asc', \&do_ascii],
['uue', \&do_ascii],
['hqx', \&do_ascii],
['ync', \&do_ascii],
['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
['gz', \&do_uncompress, 'gzip -d'],
['gz', \&do_gunzip],
['bz2', \&do_uncompress, 'bzip2 -d'],
['lzo', \&do_uncompress, 'lzop -d'],
['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['deb', \&do_ar, 'ar'],
['zip', \&do_unzip],
['7z', \&do_7zip, ['7zr','7za','7z'] ],
['rar', \&do_unrar, ['rar','unrar'] ],
['arj', \&do_unarj, ['arj','unarj'] ],
['arc', \&do_arc, ['nomarch','arc'] ],
['zoo', \&do_zoo, ['zoo','unzoo'] ],
['lha', \&do_lha, 'lha'],
['cab', \&do_cabextract, 'cabextract'],
['tnef', \&do_tnef_ext, 'tnef'],
['tnef', \&do_tnef],
['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], );
@av_scanners = ( ['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ] ); @av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ] ); 1;
# insure a defined return
### END OF CONFIG ###
Sergey
Mark Martinec
Apr 5, 2012, 6:39:21 PM4/5/12
to
Sergey,
> I am receiving spam reports with attachment which is supposed to contain
> the original message. But the attachment contains only the head of the
> message with information (From/To/Subject) - no body of the original
> message. Please advise how to configure so that I get the complete
> original message attached with the spam report?
> Version: amavisd-new-2.6.4
[...]
amavisd installation? According to the settings of $final_*_destiny
you are showing, none of these are D_BOUNCE, so it can't be this
instance of amavisd that is generating notifications you are seeing.
Carefully examine a notification to see what really generated it.
When amavisd generates a nondelivery notification (a bounce), it
does indeed only contain an attached original mail header section
(a complete header section, not just From/To/Subject, but no body).
This is intentional: attaching an infected body or spam would not
be helpful and could contribute to a valid bounce being discarded
on a receiving side. Such practice of attaching only a header
section is common with mailers too.
Mark
> I am receiving spam reports with attachment which is supposed to contain
> the original message. But the attachment contains only the head of the
> message with information (From/To/Subject) - no body of the original
> message. Please advise how to configure so that I get the complete
> original message attached with the spam report?
> Version: amavisd-new-2.6.4
> $final_virus_destiny = D_DISCARD;
> $final_banned_destiny = D_DISCARD;
> $final_spam_destiny = D_DISCARD;
> $final_bad_header_destiny = D_PASS;
Are you sure these nondelivery notifications originate from your
> $final_banned_destiny = D_DISCARD;
> $final_spam_destiny = D_DISCARD;
> $final_bad_header_destiny = D_PASS;
amavisd installation? According to the settings of $final_*_destiny
you are showing, none of these are D_BOUNCE, so it can't be this
instance of amavisd that is generating notifications you are seeing.
Carefully examine a notification to see what really generated it.
When amavisd generates a nondelivery notification (a bounce), it
does indeed only contain an attached original mail header section
(a complete header section, not just From/To/Subject, but no body).
This is intentional: attaching an infected body or spam would not
be helpful and could contribute to a valid bounce being discarded
on a receiving side. Such practice of attaching only a header
section is common with mailers too.
Mark
0 new messages