Univention Bugzilla – Bug 38606
Amavis send bounce emails to sender for banned files - result in Backscatter
Last modified: 2019-01-03 07:19:45 CET
If one of the following UCRV are set to yes and a mail with the content, which is in banned-file list, is send to the mail-server, a bounce mail will be generated for the envelope sender. mail/antivir/banned/basic_ext mail/antivir/banned/double_ext mail/antivir/banned/file_type mail/antivir/banned/long_ext mail/antivir/banned/mime_type mail/antivir/banned/rfc2046 In most cases spammers are sending with fake envelope-sender addresses and if the mail contain a banned file type, the UCS mail-server (in our case the amavis) generate a bounce mail for a spam-mail! Due to many spam mails in the internet, the best way is to quarantine the mail and inform the recipient of this action. The recipient can check and decide what will be the best to do with this mail. I prefer the following scenario: * Amavis will quarantine the mail * Amavis will discard the mail (no delivery to recipient, no DSN) * Amavis will only inform the recipient (and of course the postmaster) For this scenario the template 60-univention has to be modified with the following settings: $final_banned_destiny = D_DISCARD; $banned_files_quarantine_method = "local:banned-%m"; $warnbannedsender = 0; $warnbannedrecip = 1;
Since the release of amavisd-new-2.7.0 there are new defaults for final_*_destiny (see http://www.ijs.si/software/amavisd/release-notes.txt): > due to popular demand to reduce undesired and unintentional backscatter, > defaults for the settings $final_spam_destiny and $final_banned_destiny > were changed. Previously they both defaulted to D_BOUNCE, new defaults > are: > > $final_virus_destiny = D_DISCARD; > $final_banned_destiny = D_DISCARD; > $final_spam_destiny = D_PASS; > $final_bad_header_destiny = D_PASS; please include it in the default template, or make it configurable with UCRV
There is a Customer ID set so I set the flag "Enterprise Customer affected".
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.