quarantine

Questions and answers about how to do stuff
Post Reply
maciekh
Posts: 27
Joined: 25 Aug 2015 10:20

quarantine

Post by maciekh »

I can't use quarantine word in forum search :(
too many answers...

i need to know is there possibility to add specific email addresses to quarantine, forever ?
For example for email: all@domain.com -> move to quarantine (always) This would be to prevent spam or newsletters to send to all...
Also, some of users @domain.com are not allowed to send to all@domain.com.
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: quarantine

Post by darky83 »

In short, no its not possible

As a long answer, why not just deny external mails to all@ on your mailserver?
Version eFa 4.x now available!
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: quarantine

Post by pdwalker »

Or maybe create a custom spam assassin rule for it to automatically give it a high spam score? That'd get the message into quarantine, assuming you are saving your high spam scoring messages.

Why do you want to save the messages in quarantine?
maciekh
Posts: 27
Joined: 25 Aug 2015 10:20

Re: quarantine

Post by maciekh »

I have to tell You a little story... :)
My company (I work as IT ADMIN) has Symantec Mail Gateway (SMG) and it is great, we have everything that You can imagine but we would like to resign from SMG services because it costs about 8000EUR per year !

IN SMG manager, IT decides if there goes spam o not (for each email address all@), that is also to prevent internal users to use groups. Only "wanted" mail can go to groups, not all of them so Now we can stop unwanted emails (even if they are from inside of company).

I can share with You SMG capabilities, maybe we can together improve EFA :)

In my opinion EFA works great and it stop 95% of spam but SMG stops 99% and it is more configurable, i understand that EFA is for "free" but maybe we could upgrade EFA more and make 2 versions? For companies - payed (with support, VM's), for personal - for free (source). Did You think about it?

So my quarantine request is real problem that i will have to deal with if we decide to use Efa instead of SMG
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: quarantine

Post by pdwalker »

Are you trying to selective block/quarantine internal users from sending messages, or stop external users from sending messages?
maciekh
Posts: 27
Joined: 25 Aug 2015 10:20

Re: quarantine

Post by maciekh »

I'm trying to selective block/quarantine internal and external senders
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: quarantine

Post by pdwalker »

It can be done, but not in a nice simple gui way.

Let me have a little think and see if I can come up with a working example.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: quarantine

Post by pdwalker »

Yes, it can be done using MCP.

Read the following threads:
1/ can we block and unblock using subject
2/ Using MCP to block offensive content
3/ if you want to be able to release the messages from quarantine, make sure to do this step.

MCP is essentially a second spamassassin filter that you can also use for blocking mail. MCP = Message Content Protection. Since it is really spamassassin in disguise, you'll need to write spamassassin rules to control what gets blocked.

Following the instructions in link 2/, I enabled the MCP quarantine and added the following rules to /etc/MailScanner/mcp/10_example.cf

Code: Select all

header   MCP_TEST          Subject =~ /MCP-test/i
describe MCP_TEST          test banned subject
score    MCP_TEST          10.0
(since it is just a test, I only targeted the subject)

Once I'd "service reload MailScanner", sending messages in, or sending messages out with that text in the subject would immediately be quarantined by MCP.

Viewing the quarantine shows the messages trapped, and I could "release" them to send them on their way, or delete them if I so wanted.

Modify your rules to meet your conditions (from/to headers, plus a score), See the link to writing spamassassin rules on how to do that: https://wiki.apache.org/spamassassin/WritingRules. Personally, I just look in /var/lib/spamassassin/3.*/updates_spamassassin_org/ directory at some of the existing rulesets and find one that meets my needs.

Is this ideal, or as nice and simple as SMG? No. However, there was mention of adding a gui interface for modifying the MCP rulesets in this thread.

Hope that helps.
Last edited by pdwalker on 02 Sep 2015 17:00, edited 1 time in total.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: quarantine

Post by pdwalker »

One more thing:

On my system, I cannot block mail sent from internal users to internal users because internal mail doesn't pass through EFA. I can only block mail between internal and external parties.

If all my clients were reconfigured to send SMTP mail via EFA instead of their mailserver, then I could block internal mail going to internal mail.
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: quarantine

Post by darky83 »

Like pdwalker mentioned in your case MCP could work.

For a commercial version there is an easy answer: No.
There is not intend to create an payed version, sure we welcome company's to help other users (even if they want to pay for it) but E.F.A. itself will alway's be free in all way's.
We use money we get from donations to pay for the bandwidth and testing servers and at-least 50% of all donations are shared with the opensource products that make E.F.A. (mailwatch, mailscanner, centos, pyzor etc...)

Sure there is a drawback to this the main one is that large company's require support, my philosophy for that is simple, if you need support or you need additional features then hire an developer to add the feature's you want, that way your feature's will be available for all E.F.A. users and you help out with the project itself making the product better.
Version eFa 4.x now available!
Post Reply