Amavis Mailing List Archive

From: Jack Vandensype (Vandensype@LSLLP.com)
Date: Wed Dec 22 2004 - 11:00:00 EST

• Next message: Noel Jones: "Re: [AMaViS-user] Amavis BANNED NAME vs. Postfix mime_header_checks"
• Previous message: Peter Olsson: "[AMaViS-user] Can spam_quarantine_method be different based on recipient domain?"
• Next in thread: Noel Jones: "Re: [AMaViS-user] Amavis BANNED NAME vs. Postfix mime_header_checks"

Hello all, this is my first time posting on this list so be kind :)

I have a postfix/amavisd/spamassassin box acting as a gateway to my
Exchange server. Everything seems to be working ok except I am a bit
confused about how banned attachment names are being handled (.exe
in particular).

I use postfix's mime_header_checks to reject all mail with bad file
attachments
and this is working fine except for .exe files. It seems as if amavis
is picking
these up and notifying me for some, but not all exe's. Below is an
excerpt of an
amavis report I receive.

My question is this, in what order are the postfix/amavis rules
processed?
When I send an exe file to myself from the outside I get a reject from
*postfix*
not amavis, however, I still receive message similar to below on a daily
basis.
Any ideas? Thanks in advance.

Jack

Sample amavis report:

 BANNED NAME (.exe) FROM <ieper@punch-gmbh.de>

No viruses were found.

A banned name (.exe) was found.

The mail originated from: <ieper@punch-gmbh.de>

According to the 'Received:' trace, the message originated at:
   opfpswrhl.de (p508D0143.dip0.t-ipconnect.de [80.141.1.67])

The message WAS NOT delivered to:
<user1@mydomain2.com>:
   550 5.7.1 Message content rejected, id=01949-05 - BANNED: .exe
<user2@mydomain2.com>:
   550 5.7.1 Message content rejected, id=01949-05 - BANNED: .exe

The message has been quarantined as:
   /var/virusmails/virus-20041222-144539-01949-05

------------------------- BEGIN HEADERS -----------------------------
Return-Path: <ieper@punch-gmbh.de>
Received: from opfpswrhl.de (p508D0143.dip0.t-ipconnect.de
[80.141.1.67])
        by mailfilter.mydomain.com (Postfix) with SMTP id 4754417D03;
        Wed, 22 Dec 2004 09:45:35 -0500 (EST)
From: ieper@punch-gmbh.de
To: user1@mydomain2.com
Date: Wed, 22 Dec 2004 13:58:28 GMT
Subject: Re: Oh God it's
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <cf0d7ae5c67fb69ba@lackenbach.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==bb7330c.f4ac89"
Content-Transfer-Encoding: 7bit
-------------------------- END HEADERS ------------------------------

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

• Next message: Noel Jones: "Re: [AMaViS-user] Amavis BANNED NAME vs. Postfix mime_header_checks"
• Previous message: Peter Olsson: "[AMaViS-user] Can spam_quarantine_method be different based on recipient domain?"
• Next in thread: Noel Jones: "Re: [AMaViS-user] Amavis BANNED NAME vs. Postfix mime_header_checks"