E-mail spam filtering does not work when automatic forwarding to other addresses or send automatic reply

Dear Deveopers!

As I see the following issue is by design, not a bug. But we need some support on it.

We use SendMail as mail engine with MIMEDefang for the ability of domain-selective relay-filtering. Think this can be an important information.

When on a virtual server I set up Edit Mail and FTP Users » » Mail forwarding settings » Forward to other addresses: Yes, forward to addresses or Send automatic reply: Yes, respond with message .. the spam (and - maybe - virus) filtering does not work for incoming e-mails before automatic forwarding or automatic reply. Filtering just work when Deliver to this user normally: Yes, deliver to mailbox and effects only the mailbox direction. I think this happens because incoming e-mails are forwarded or replied before procmailing to SpamAssassin as in SendMail Aliases table. (And - maybe - virus filtering also does not apply this case.) As I see in the code this is by design.

The problem is that not just the needed messages but also all the spam forwarded and/or replied without any attention and - our IP-address continuously blacklisted as a spammer host. - as other e-mail addresses in the same domain trust this mailbox they get the spam autoreplies unfiltered.

The workaround this issue to make the needed setup by Usermin account of the mailbox user, but it needs separate login and this does not the central administration what we and our resellers need.

I know that with Virtualmin 3.62 you've "Added a button to the Edit Mailbox page for logging into Usermin as a user without having to enter their password. Requires Webmin 1.440 or later though.", but we really never did know where is it even when with Virtualmin 3.67 you've "Added a Module Config option to disallow switching to Usermin as a mailbox user by domain owners." and the System Settings » Module Config » Server adminisrator permissions » Allow logins to Usermin as mailboxes?: Yes enabled.

Please help us to resolve this problem.

And - if you can - please tell us the reason of designing central and user e-mail automatic forwarding and reply administration and flow pipeline on a different way.

Many thanks and greetings.

Gergo Giczy Hungary/EU

Status: 
Active

Comments

Yes, you are correct in your diagnosis - spam filtering is done at the procmail level, which means it will be invoked only after any aliases or autoresponders are applied.

However, switching to the Usermin account for a mailbox user should be pretty easy though - when you click on a user to edit him, there should be a "Login to Usermin" button at the bottom of the page.

Thanks for the quick reply.

Well, we don't have that login button there.. never was.

Can you help me to make it appearing there, please?

And I'm really interested in why you do not procmail at the central administration and why you do just procmail at the user administration.

Or why don't you integrate the same functionality of Edit Mailbox » Mail forwarding settings to the User-configured mail forwarding making editable by the administrator.

So I don't really understand this dual configuration possibility - please describe the reasons in a few words.

Many thanks.

Gergo

To make the button appear, make sure that Usermin is properly detected at Webmin -> Usermin Configuration. Also, make sure that session-based authentication is enabled .. this set via the line session=1 in /etc/usermin/miniserv.conf .

The reason for using procmail at the user-level and aliases at the admin level is to allow the admin to override user settings. However, your idea of allowing the admin to edit the user-level forwarding is a good one ..

Unfortunately we don't use session-based but HTTP authentication (for iframing the service in our website), so this can be the reason the button does not appear...

Thank you for your help.

Otherwise will we have the chance to get allowing the admin to edit the user-level forwarding in the near future?

Dear Developers!

Not as forcing, but..

I'd like to kindly ask if we will have the chance to get allowing the admin to edit the user-level forwarding without session-based but HTTP authentication (IE without the "Login to Usermin" button) in the near future like described earlier here?

Many thanks and greetings.

Gergo GICZY Hungary/EU

Sorry, but I haven't had a chance to work on this yet .. That said, it shouldn't be too hard. Hopefully for the next release.

No problem, Jamie,

It was definitely not an impeachment just a question of possibility to get once this interesting function.

Thanks a lot.