Postfix: Delivery failure of BANNED attachment - SPAM(spoofed) mail address returns to original_recipient?
Scott.P...@gmail.com
I have a "possible Postfix" issue but it may be with Amavis/SA - I'm
not sure!
Please excuse my mis-posting if that is the case - maybe re-direct me
to a better place?
Thanks!
Question:
I want to stop rejects, banned message or virus emails from going to
the user - how can I do that when it the address gets spoofed and
returns to the original recipient?
Snippet of Maillog info:
Oct 17 04:01:09 helixserver amavis[1152]: (01152-02) header:
X-Envelope-To: <chris.gallwitz@weirslurr y.com>,
<chris....@weirslurry.com>\n
Oct 17 04:01:09 helixserver amavis[1152]: (01152-02) SPAM,
<p...@alt-w.com> -> <chris.gallwitz@weirslu
rry.com>,<chris....@weirslurry.com>, Yes, score=7.294 tag=-999
tag2=4.5 kill=4.5 tests=[BAYES_99=3 .886,
RCVD_IN_NJABL_DUL=0.088, SARE_MLB_Stock1=1.66, STOCK_NAME_FVGT1=1.66],
autolearn=no, quarantine XWHl9LsLsqUn
(spam.m...@weirminerals.com)
Oct 17 04:01:09 helixserver amavis[1152]: (01152-02) lookup => undef,
"chris....@weirslurry.com", no lookup tables
Oct 17 04:01:09 helixserver amavis[1152]: (01152-02) dsn: . 550 Spam
<p...@alt-w.com> -> <chris.kinner @weirslurry.com>:
on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=
Oct 17 04:01:09 helixserver amavis[1152]: (01152-02) DSN: FAIL . 550
Spam, status propagated back: <p o...@alt-w.com> ->
<chris....@weirslurry.com>
Oct 17 04:01:09 helixserver amavis[1152]: (01152-02) <p...@alt-w.com> ->
<chris.g...@weirslurry.co
m>,<chris....@weirslurry.com>, quarantine XWHl9LsLsqUn, Message-ID:
<01c6f1cb$9735fa30$6c822ecf@po v>
Oct 17 04:01:09 helixserver amavis[1152]: (01152-02) sending LMTP
response for <chris.kinner@weirslur ry.com>: "550 5.7.1
Rejected, id=01152-02 - SPAM"
Oct 17 04:01:09 helixserver postfix/lmtp[1303]: send attr
original_recipient = chris.kinner@weirslurr y.com
Oct 17 04:01:09 helixserver postfix/lmtp[1303]: send attr recipient =
chris....@weirslurry.com
Oct 17 04:01:09 helixserver postfix/lmtp[1303]: 5317B1842E0:
to=<chris....@weirslurry.com>, relay=
127.0.0.1[127.0.0.1], delay=8, status=bounced (host
127.0.0.1[127.0.0.1] said: 550 5.7.1 Rejected, id =01152-02
- SPAM (in reply to end of DATA command))
This is the users "Lotus Notes" error message:
Delivery Failure Report
Your document: star was only to it its orientation to tell me to that
chris....@weirslurry.com
550-5.7.1 Rejected, id=05131-01-7 - BANNED:550 5.7.1 multipart/related
| image/png,.image,.png,sotxteb.png
1. The email address "chris....@weirslurry.com" is an alias that a
user has in order to get "old" email from a past employee.
2. This is SPAM and has been rejected by the "banned' stanza in Amavis.
However Postfix ultimately sends it on...
Postfix config:
Is this why the soofed email is sent to the user?
--> postconf -d | egrep -i "original"
enable_original_recipient = yes
3. Snippets of the amavisd config:
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS;
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(exe|vbs|pif|scr|bat|com|png)$'i
# Notify spam sender?
# (only when mail passes ($final_spam_destiny=D_PASS, or
spam_lovers*);
# bounces or rejects produce non-delivery status notification anyway)
$warnspamsender = 1; # (defaults to false (undef))
# Notify sender of banned files?
$warnbannedsender = 0; # (defaults to false (undef))
Thanks and appreciation for any help or input!
SP