habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Amavisd Bad Header Whitelist from Specific Mail Address

1 min read

amavisd bad header whitelist

Hi Dude, sometimes we don’t aware that legitimate emails that we should receive in our inbox are rejected or quarantined in the server log. Of course this is very annoying. Today i will share about amavisd bad header Whitelist or Allowed email address from “BLocked BAD HEADER-0”.

Sep  1 15:51:58 mx-2 postfix/qmgr[26822]: 271682BEAB6: from=<[email protected]>, size=484320, nrcpt=1 (queue active)
Sep  1 15:51:58 mx-2 amavis[37517]: (37517-14) Blocked BAD-HEADER-0 {RejectedOpenRelay,Quarantined}, [111.222.333.173]:49815 [143.37.139.151] <[email protected]> -> <[email protected]>, quarantine: spam-d4c1a0cb890877f77870b23f77fcaa63-20220901T155158-37517-14, Queue-ID: 271682BEAB6, Message-ID: <[email protected]>, mail_id: mcuC67HfiDeM, Hits: -, size: 484319, 191 ms

As we can see in the log above, emails from important clients have rejected status because of “BLocked BAD HEADER-0”.

Method 1 – Use Simple Rule bypass_header_checks_maps to

Define the sending user that we will bypass. This is simple we can add in /etc/amavisd/amavisd.conf and add following line below.

@bypass_header_checks_maps = ( [qw( [email protected], [email protected], [email protected])] );

Or, we can also use read_hash like this.

Create file /etc/amavisd/badheader. Then insert your recipient email adresses in this file (line by line).

root@server# vim /etc/amavisd/badheader

[email protected]
[email protected]
[email protected]

After that, modify in amavisd.conf

@bypass_header_checks_maps = (
   read_hash("/etc/amavisd/badheader"),
);

Last, restart service amavisd.

root@server# systemctl restart amavisd.service

Method 2 – Modify final_bad_header_destiny

If the first method does not work, we can do this second method. Modify file amavisd.conf, find final_bad_header_destiny and set like this.

$final_bad_header_destiny = D_PASS; 

This will instruct amavisd globally to by pass without checking for BAD headers.

Method 3 – Bypass Sender Address with Policy Bank

Make rule bank set to bypass BAD HEADER from spesific sender. I think this is the best option. We can choose a legitimate sender, and allow bypass without checking anything in amavisd.

See also  Easy Uninstall amavisd-new On Ubuntu

Alright, for implementation we can follow my article How to Bypass amavisd Filter Check.

Bad Header Criteria

Mostly, Bad Header Criteria is:

  • BAD HEADER Missing Header Date.
  • BAD HEADER Non-encoded 8-bit data.

That is my article about amavisd bad header whitelist. May be it’s helpful, please feel free to leave a comment if you have any questions and I’ll appreciate it.


Let's Buy Me Coffee.

Buy Me a Coffee at ko-fi.com

https://saweria.co/habibzain
https://ko-fi.com/habibzain
habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Leave a Reply

Your email address will not be published. Required fields are marked *

Never miss good article from us, get weekly updates in your inbox