Amavis Bypass Header Check, Bypass Banned Content

Hi Dude. Today i will post about Amavis Whitelist banned content, Amavis Bypass Header Check, Bypass Banned Content. I am implemented amavisd which integrates with postifx and clamav. And also bad header destiny with action “REJECT”. When there is a valid email but does not meet the standard header, the email will be rejected with a “BAD HEADER” error.

in the previous article, I wrote about amavisd reject password zip files. Many spam mails come in with a password-protected zip file attachment and provide the password in the body of the email.
Then the problem comes when a valid email and indeed 1 file or several files in the zip bundle and given a password. Get rejected.

In this article, i want share how to bypass incoming email without a scan or filter from amavis.

Strengths and Weaknesses:
+: Emails go straight in without filters.
– : Email is not filtered so that one day there will be spoofing or disguise of the email address that we enter into the whitelist we cannot control.

When googling, i am meet old documentation that custom amavis.

http://verchick.com/mecham/public_html/spam/bypassing.html#6

From that article, i am choose number 6. “Allow a particular sender to bypass scanning“.

I’m mainly talking about allowing a particular sender to bypass banned files checks but this could also be used to allow senders to bypass SpamAssassin. However, if you want to allow a sender to send spam, consider using one of the means to whitelist a sender outlined in the SpamAssassin or amavisd-new documentation. Use amavisd-new’s @score_sender_maps for one example. Anyone can spoof the sender address. Allowing a sender to send banned files is to invite disaster. I don’t suggest you use this (but if forced to confess, I use it for one sender myself). Look to the following section for a more secure idea. Nonetheless, if you insist on using this simple method, then you should at least limit the damage by only allowing the banned files to pass to a chosen recipient or short list of recipients. Definitely don’t use this for a sender in one of your own domains because it is extremely likely you will get mail that spoofs your own addresses. In main.cf:

http://verchick.com/mecham/public_html/spam/bypassing.html#6

OK, lets execute.

Create File amavis_senderbypass

At first, create file in /etc/postfix/amavis_senderbypass. and content of file like below.

vim /etc/postfix/amavis_senderbypass

[email protected] FILTER smtp-amavis:[127.0.0.1]:10026
[email protected] FILTER smtp-amavis:[127.0.0.1]:10026

After finished, postmap it.

postmap /etc/postfix/amavis_senderbypass

Modify main.cf Postfix

After that, add smtpd_sender_restrictions in /etc/postfix/main.cf

smtpd_sender_restrictions = 
    check_sender_access hash:/etc/postfix/amavis_senderbypass

Modify Amavisd.conf

The last, modify amavis in /etc/amavisd/amavisd.conf

$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'SENDERBYPASS';

$policy_bank{'SENDERBYPASS'} = {
 bypass_spam_checks_maps => [1],
 bypass_banned_checks_maps => [1],
 bypass_header_checks_maps => [1],
};

Description:

• $inet_socket_port = Default is [10024], edit to [10024,10026]
• [1] thats mean dont check this mail.
• 'SENDERBYPASS' is name of policy bank.

The flow of mail is incoming via postfix, and then redirect to amavisd with port 10026 without check scanning and filtering.

If we want only destination specific recipient, we can change [1] to specific recipient. Like this.

$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'SENDERBYPASS';

$policy_bank{'SENDERBYPASS'} = {
 bypass_spam_checks_maps => [[qw( [email protected] [email protected] )]],
 bypass_banned_checks_maps => [[qw( [email protected] [email protected] )]],
 bypass_header_checks_maps => [[qw( [email protected] [email protected] )]],
};

Dont forget to restart postfix and amavisd service. That is Amavis Bypass Header Check tips. Maybe usefull.

Thanks.

Let's Buy Me Coffee.



https://saweria.co/habibzain
https://ko-fi.com/habibzain