Bug 38606 – Amavis send bounce emails to sender for banned files - result in Backscatter

Bug 38606 - Amavis send bounce emails to sender for banned files - result in Backscatter


Summary:	Amavis send bounce emails to sender for banned files - result in Backscatter

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	Mail
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 major with 2 votes (vote)
Target Milestone:	---
Assigned To:	Mail maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-05-26 18:02 CEST by Tobias Birkefeld
Modified:	2019-01-03 07:19 CET (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Birkefeld

2015-05-26 18:02:19 CEST

If one of the following UCRV are set to yes and a mail with the content, which is in banned-file list, is send to the mail-server, a bounce mail will be generated for the envelope sender.

mail/antivir/banned/basic_ext
mail/antivir/banned/double_ext
mail/antivir/banned/file_type
mail/antivir/banned/long_ext
mail/antivir/banned/mime_type
mail/antivir/banned/rfc2046

In most cases spammers are sending with fake envelope-sender addresses and if the mail contain a banned file type, the UCS mail-server (in our case the amavis) generate a bounce mail for a spam-mail!
Due to many spam mails in the internet, the best way is to quarantine the mail and inform the recipient of this action. The recipient can check and decide what will be the best to do with this mail.

I prefer the following scenario:
* Amavis will quarantine the mail
* Amavis will discard the mail (no delivery to recipient, no DSN)
* Amavis will only inform the recipient (and of course the postmaster)

For this scenario the template 60-univention has to be modified with the following settings:

$final_banned_destiny = D_DISCARD;
$banned_files_quarantine_method = "local:banned-%m";
$warnbannedsender = 0;
$warnbannedrecip = 1;

Comment 1 Tobias Birkefeld

2015-08-07 13:18:04 CEST

Since the release of amavisd-new-2.7.0 there are new defaults for final_*_destiny (see http://www.ijs.si/software/amavisd/release-notes.txt):

> due to popular demand to reduce undesired and unintentional backscatter,
> defaults for the settings $final_spam_destiny and $final_banned_destiny
> were changed. Previously they both defaulted to D_BOUNCE, new defaults
> are:
>
>   $final_virus_destiny      = D_DISCARD;
>   $final_banned_destiny     = D_DISCARD;
>   $final_spam_destiny       = D_PASS;
>   $final_bad_header_destiny = D_PASS;

please include it in the default template, or make it configurable with UCRV

Comment 2 Florian Best

2017-06-28 14:53:06 CEST

There is a Customer ID set so I set the flag "Enterprise Customer affected".

Comment 3 Stefan Gohmann

2019-01-03 07:19:45 CET

This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.