Deactivate incoming mail checks altogether for certain IPs / hosts
-
I realise this is probably a situation Cloudron is not set up for, but I'll ask anyway:
We intend to implement a mail gateway to have better control of filtering incoming mails. Cloudron does this reasonably well already but does not have whitelist capabilities or the possibility to keep mails out of mailboxes altogether that receive a particular score, for example due to custom Spamassassin rules. The problem is that the gateway will only work in conjunction with Cloudron as a mailserver if it is possible to disable incoming checks on mails relayed to it from the incoming gateway.
Question: Is there any way to stop the Cloudron mailserver from checking mails that are relayed from a particular host or IP?
-
Having revisited this, I actually think the only reason for needing / wanting to use a separate gateway in front of the mailserver is because Cloudron does not provide a way to block or quarantine mails altogether based on central SPAMAssassin rules or sender addresses, as this can only be done using filters on individual mailboxes. Also, once a mail has been classified as Spam, the individual mailbox filters do not do anything and the email will always end up in the Spam folder.
I know the Haraka config could in theory be adjusted to accommmodate quarantining, but it would be risky to do that as unsupported in the Cloudron implementation and almost certainly not update safe. Is there any chance the quarantine plugin could be implemented on an upcoming update? https://haraka.github.io/plugins/queue/quarantine
-
@ccfu The quarantine plugin only dumps the messages into a directory which is not overly useful because there is no UI to manage the quarantine.
because Cloudron does not provide a way to block or quarantine mails altogether based on central SPAMAssassin rules or sender addresses, as this can only be done using filters on individual mailboxes
We have global SpamAssassin rules - https://docs.cloudron.io/email/#custom-spam-filtering-rules .
I want to understand the use case better though. Is the issue here that spam is slipping through the SA filters?
-
G girish marked this topic as a question on
-
J james marked this topic as a regular topic
-
@james We abandoned the idea of using a separate gateway, but the underlying issue did not get resolved, but I see that I overlooked the question asked by @girish.
The issue is not spam slipping through the SA filters, but that it is not possible to reject / discard mail from certain senders or with certain subjects or coming from certain hostnames. The global SA rules can only set a score based on sender or keywords but there is no way to reject the mails altogether.
Example: Sender spammer@badactor.com regularly sends emails from different IPs. These emails are 100% junk and can / should be discarded and not even forwarded to user's mailboxes. If the host were on a blocklist the mails would be rejected, and if the IP was always the same we could network block the IP, but otherwsie SA rules are necessary. And this is where the treatment of mails is illogical:
If the mail has a SPAM core below 5.0 (the hardcoded SPAM level), it is possible to set up a (albeit mailbox-level) filter to silently discard the mail. If the score is 5.0 or above, the mail will always go to the SPAM folder bypassing the filter settings. In other words, I can discard an email that is not classified by SA as SPAM, but not one that is.
Hope this makes sense.