habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Amavis Bypass Header Check, Bypass Banned Content

2 min read

amavis bypass header check

Hi Dude. Today i will post about Amavis Whitelist banned content, Amavis Bypass Header Check, Bypass Banned Content. I am implemented amavisd which integrates with postifx and clamav. And also bad header destiny with action “REJECT”. When there is a valid email but does not meet the standard header, the email will be rejected with a “BAD HEADER” error.

in the previous article, I wrote about amavisd reject password zip files. Many spam mails come in with a password-protected zip file attachment and provide the password in the body of the email.
Then the problem comes when a valid email and indeed 1 file or several files in the zip bundle and given a password. Get rejected.

In this article, i want share how to bypass incoming email without a scan or filter from amavis.

Strengths and Weaknesses:
+: Emails go straight in without filters.
– : Email is not filtered so that one day there will be spoofing or disguise of the email address that we enter into the whitelist we cannot control.

When googling, i am meet old documentation that custom amavis.

http://verchick.com/mecham/public_html/spam/bypassing.html#6

From that article, i am choose number 6. “Allow a particular sender to bypass scanning“.

I’m mainly talking about allowing a particular sender to bypass banned files checks but this could also be used to allow senders to bypass SpamAssassin. However, if you want to allow a sender to send spam, consider using one of the means to whitelist a sender outlined in the SpamAssassin or amavisd-new documentation. Use amavisd-new’s @score_sender_maps for one example. Anyone can spoof the sender address. Allowing a sender to send banned files is to invite disaster. I don’t suggest you use this (but if forced to confess, I use it for one sender myself). Look to the following section for a more secure idea. Nonetheless, if you insist on using this simple method, then you should at least limit the damage by only allowing the banned files to pass to a chosen recipient or short list of recipients. Definitely don’t use this for a sender in one of your own domains because it is extremely likely you will get mail that spoofs your own addresses. In main.cf:

http://verchick.com/mecham/public_html/spam/bypassing.html#6

OK, lets execute.

See also  Log Zimbra.log not Show Anything

Create File amavis_senderbypass

At first, create file in /etc/postfix/amavis_senderbypass. and content of file like below.

vim /etc/postfix/amavis_senderbypass

[email protected] FILTER smtp-amavis:[127.0.0.1]:10026
[email protected] FILTER smtp-amavis:[127.0.0.1]:10026

After finished, postmap it.

postmap /etc/postfix/amavis_senderbypass

Modify main.cf Postfix

After that, add smtpd_sender_restrictions in /etc/postfix/main.cf

smtpd_sender_restrictions = 
    check_sender_access hash:/etc/postfix/amavis_senderbypass

Modify Amavisd.conf

The last, modify amavis in /etc/amavisd/amavisd.conf

$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'SENDERBYPASS';

$policy_bank{'SENDERBYPASS'} = {
 bypass_spam_checks_maps => [1],
 bypass_banned_checks_maps => [1],
 bypass_header_checks_maps => [1],
};

Description:

  • $inet_socket_port = Default is [10024], edit to [10024,10026]
  • [1] thats mean dont check this mail.
  • 'SENDERBYPASS' is name of policy bank.

The flow of mail is incoming via postfix, and then redirect to amavisd with port 10026 without check scanning and filtering.

If we want only destination specific recipient, we can change [1] to specific recipient. Like this.

$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'SENDERBYPASS';

$policy_bank{'SENDERBYPASS'} = {
 bypass_spam_checks_maps => [[qw( [email protected] [email protected] )]],
 bypass_banned_checks_maps => [[qw( [email protected] [email protected] )]],
 bypass_header_checks_maps => [[qw( [email protected] [email protected] )]],
};

Dont forget to restart postfix and amavisd service. That is Amavis Bypass Header Check tips. Maybe usefull.

Thanks.


Let's Buy Me Coffee.

Buy Me a Coffee at ko-fi.com

https://saweria.co/habibzain
https://ko-fi.com/habibzain
habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Easy Create Laravel Project with Composer

Requirement Laravel, a popular PHP framework, is renowned for its elegant syntax and robust features, making it a top choice for web developers. One...
habibzain
1 min read

Virtualbox Change Storage Size

Changing the storage size of a virtual machine in VirtualBox involves a few steps. Here’s a general guide. Backup your Virtual Machine (VM) Before...
habibzain
35 sec read

Easy Setup Logrotate Nginx Ubuntu

Log rotation is an important aspect of managing log files on a Linux system, including those generated by Nginx. Logrotate is a utility that...
habibzain
1 min read

2 Replies to “Amavis Bypass Header Check, Bypass Banned Content”

Leave a Reply

Your email address will not be published. Required fields are marked *

Never miss good article from us, get weekly updates in your inbox