Virus- and spam-filter setup for Kolab ====================================== Last edited: $Id: README.amavisd.in,v 1.2 2005/12/10 21:57:11 richard Exp $ Introduction ------------ The Kolab server uses amavisd[1] in conjunction with clamav[2] and spamassassin[3] to filter email for spam and virus. The clamav and spamassassin versions are unpatched, but amavisd requires the amavisd.MYUSERS.patch found in the Kolab cvs[4] to work with Kolab. The patch adds functionality to amavisd to allow for different configurations for local and non-local users[5]. Goal ---- To have a virus-filter that, if a virus is found, notifies the sender of the virus if and only if the sender is a local user. To prevent "backscatter" the Kolab server should never send such notifications to non-local users. If a virus is blocked by the filter and originates from a non-local user, a notification should be sent to the local user who would have been the recipient of the email containing the virus if it had not been infected. Any infected email that is blocked from reaching it's recipient is archived to /kolab/var/amavisd/virusmails on the server. Spam-handling is different: Spam is not blocked by the filter, but instead email potentially is spam is marked with the X-Spam-Status: Yes, <reason...> X-Spam-Flag: YES headers to allow for easy server- and/or client-side filtering of spam. Configuration ------------- The relevant parts of the amavisd.conf.template that apply to all users are: $final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_spam_destiny = D_PASS; # (defaults to D_REJECT) $viruses_that_fake_sender_re = new_RE(); @viruses_that_fake_sender_maps = (); $warnvirusrecip = 1; # (defaults to false (undef)) $warnbannedrecip = 1; # (defaults to false (undef)) $QUARANTINEDIR = '/kolab/var/amavisd/virusmails'; $virus_quarantine_to = 'virus-quarantine'; @mynetworks = qw( @@@postfix-mynetworks@@@ ); In addition to that, a policy bank is defined that overrides some of the above configuration in the case where the sender is a a local user who is using his legitimate address: $policy_bank{'MYUSERS'} = { # mail from authenticated users on this system # Bounce only to local users final_virus_destiny => D_BOUNCE, final_banned_destiny => D_BOUNCE, warnvirusrecip_maps => undef, # (defaults to false (undef)) warnbannedrecip_maps => undef,# (defaults to false (undef)) warnvirussender => 1, warnbannedsender => 1, mynetworks => qw(0.0.0.0/0), }; So, in the default case, all virus mail is discarded from the mail system (but still archived in the quarantine) and the recipient is notified about the problem. In the case where the sender is local, the recipient is not notified, but instead the sender get a notification (a bounce with an error-message) from the mail server. Any local additions or changes to the configuration can of course also make use of this destinction between local and non-local users by adding to either the global part of the configuration and/or to the MYUSERS policy bank. Notes ----- [1] http://www.ijs.si/software/amavisd/ [2] http://www.clamav.net/ [3] http://spamassassin.apache.org/ [4] See http://www.kolab.org/ [5] A "local user" is a user with an email-account on the kolab server, a "non-local user" is everyone else.