主题: 带病毒邮件被服务处理后,没有通知发件人,是什么原因?

您好!

我的服务器安装的是0.7.1,DB使用的是mysql,现在发生了一种情况:当我的用户发病毒邮件时,服务对其进行过滤处理,邮件被清除掉,并发了一封邮件给管理员,但是反弹给发件人的邮件却被服务器给删除了,请问可以在什么地方设置,让他将邮件回弹给发件人,谢谢!

系统删除邮件的日志如下:
May 12 07:06:39 mailserver policyd: rcpt=24199, throttle=update(a), host=127.0.0.1, from=postmaster@domain.com.cn, to=chen.wei2007@domain.com.cn, size=2627/5242880, quota=10137/250000000, count=4/2000(13971), rcpt=4/3600(14032), threshold=0%|0%|0%
May 12 15:06:39 mailserver postfix/cleanup[14370]: DFCD72F1F8: message-id=<VACBJfkKnhwZmX@mailserver.domain.com.cn>
May 12 15:06:39 mailserver postfix/smtpd[14366]: disconnect from mailserver[127.0.0.1]
May 12 15:06:39 mailserver postfix/qmgr[14374]: DFCD72F1F8: from=<postmaster@domain.com.cn>, size=2805, nrcpt=1 (queue active)

May 12 15:06:40 mailserver postfix/smtp[14375]: A16AF2EF57: to=<origuser@domain.com.cn>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.36, delays=0.09/0.01/0.01/0.26, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=14298-01, DISCARD(bounce.suppressed))

回复: 带病毒邮件被服务处理后,没有通知发件人,是什么原因?

将 /etc/amavisd.conf 里的 warnvirussender 设置为 1 并重启 amavisd 服务即可。

回复: 带病毒邮件被服务处理后,没有通知发件人,是什么原因?

配置文件已经修改,但还是这样!!

4 最后由 sdaniel (2011-05-12 17:16:46) 编辑

回复: 带病毒邮件被服务处理后,没有通知发件人,是什么原因?

我认为这里不是amavisd的问题了,应该是postfix的配置问题,因为日志是由postfix产生的:

May 12 15:06:40 mailserver postfix/smtp[14375]: A16AF2EF57: to=<origuser@domain.com.cn>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.36, delays=0.09/0.01/0.01/0.26, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=14298-01, DISCARD(bounce.suppressed))

通过在网上搜寻资料,发现了一点信息,说明有可能是amavisd-new升级后的问题:
http://mirrors.catpipe.net/amavisd-new/ … EASE_NOTES

regnauld@178    262- avoid reporting 'BOUNCE' in a SMTP response text when a bounce (i.e.
regnauld@178    263  a nondelivery status notification) was actually suppressed, such as
regnauld@178    264  is usually the case with infected mail or when spam score exceeds
regnauld@178    265  spam_dsn_cutoff_level. Previously the SMTP response text only reflected
regnauld@178    266  the setting of a final_*_destiny, which could mislead mail administrators
regnauld@178    267  into believing that excessive unconditional backscatter was being
regnauld@178    268  generated. The new text looks like:
regnauld@178    269    250 2.5.0 Ok, id=67685-15, DISCARD(bounce.suppressed)
regnauld@178    270  instead of previous:
regnauld@178    271    250 2.5.0 Ok, id=67685-15, BOUNCE

回复: 带病毒邮件被服务处理后,没有通知发件人,是什么原因?

regnauld@178    273  A general note worth reiterating: to reduce backscatter pollution
regnauld@178    274  (sending of bounces to innocent sender addresses), please either:
regnauld@178    275
regnauld@178    276    * set $final_virus_destiny and $final_spam_destiny to D_DISCARD
regnauld@178    277      or to D_PASS  (_not_ to D_REJECT or D_BOUNCE),
regnauld@178    278
regnauld@178    279    or:
regnauld@178    280    * carefully configure virus and spam bounce suppression by:
regnauld@178    281      . configuring @viruses_that_fake_sender_maps correctly (the default
regnauld@178    282        is fine, it suppresses all bounces to infected mail), then one may
regnauld@178    283        safely set $final_virus_destiny to D_BOUNCE, it is equivalent to
regnauld@178    284        D_DISCARD for all infected mail containing malware matching the
regnauld@178    285        @viruses_that_fake_sender_maps;
regnauld@178    286
regnauld@178    287      . and: configuring @spam_dsn_cutoff_level_maps and
regnauld@178    288        @spam_dsn_cutoff_level_bysender_maps, keeping levels just slightly
regnauld@178    289        over a kill level, have a well maintained SpamAssassin with
regnauld@178    290        network tests enabled and updated rules - then one may set
regnauld@178    291        $final_spam_destiny to D_BOUNCE, which will produce bounces for
regnauld@178    292        mail with spam score between kill level and cutoff level, and
regnauld@178    293        suppress bounces above suppress level; some domains may still
regnauld@178    294        consider such practice abusive, so consider decisions twice;
regnauld@178    295
regnauld@178    296      . to monitor bounces generated by amavisd, one may assign some
regnauld@178    297        dedicated monitoring e-mail address to $dsn_bcc, which will then
regnauld@178    298        receive a copy of all delivery status notifications sent out
regnauld@178    299        by amavisd;

通过他的提示,我将$final_virus_destiny修改成了 D_PASS,重启服务,再发eicar测试邮件,成功回了2封邮件给发送者,主题如下:
1、***INFECTED*** Fwd: 测试病毒邮件;
2、VIRUS (Eicar-Test-Signature) in mail TO YOU from
我认为这就是我要的结果。