[IMGate] amavisd/f-secure not catching viruses
I am getting a bunch of I-Worm/Sober.I. Viruses found in the attached files. The file re_mail7621.eml.zip: Virus identified I-Worm/Sober.I. The attachment was moved to the virus vault. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.4 - Release Date: 11/30/2004 My updates are current on my virusscanner, I ran www.testvirus.org and the server caught all but the last virus Eicar virus within a ZIP file that has been manipulated to evade detection by some anti-virus software by changing the uncompressed size to zero within the ZIP file headers. this seems to be the problem. I tried adding the long lists of headers but that put too much strain on my server that process 250,000 messages a day. Any help would be appreciated. Andrew P. Kaplan www.cshore.com Fashion is a form of ugliness so intolerable that we have to alter it every six months. -- Oscar Wilde -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.4 - Release Date: 11/30/2004
[IMGate] Re: Brand new to IMGate, with a problem
Thanks, I understand now. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Baker | Netsmith Inc Sent: Thursday, December 02, 2004 8:36 AM To: [EMAIL PROTECTED] Subject: [IMGate] Re: Brand new to IMGate, with a problem Note the 450 address verification IN PROGRESS Postfix returns 4xx (try again) WHILE it starts the probe process to build the address verification database. When that MTA tries again it will either get through or get a more permenent error -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Thu Dec 02 07:24:52 2004 Subject: [IMGate] Re: Brand new to IMGate, with a problem Yeah, I got that. But is the address verification timing out waiting on my Imail server to respond? How can I tell where the problem is? And was this message delivered? I THINK it wasn't, and that the lines in the maillog were for a different message that happened to come in around the same time (the clocks on the 2 servers aren't sync'ed), but I'm not sure I'm reading the data right. But even so, the message in the maillog says there is a different error on the message it refers to, Helo command rejected: 4tuple_capturing_of_non-reje... Ah. Never mind on that one. So what I'm looking at is an email that was probably rejected due to the sending server getting over-eager, but was told to retry (?), and another with an error that didn't cause it to be rejected? Is that right? Or am I way off? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Wednesday, December 01, 2004 5:36 PM To: [EMAIL PROTECTED] Subject: [IMGate] Re: Brand new to IMGate, with a problem Transcript of session follows. Out: 220 mx2.taisweb.net - ESMTP - Postfix - Attn: UCE not permitted. Violators will be prosecuted. In: EHLO mgw2.meiway.com Out: 250-mx2.taisweb.net Out: 250-PIPELINING Out: 250-SIZE 500 Out: 250-ETRN Out: 250 8BITMIME In: MAIL FROM:[EMAIL PROTECTED] SIZE=2479 BODY=8BITMIME Out: 250 Ok In: RCPT TO:[EMAIL PROTECTED] Out: 450 [EMAIL PROTECTED]: Sender address rejected: unverified address: Address verification in progress this is sender address verification In: DATA Out: 554 Error: no valid recipients the IP proceeded to DATA command before postfix OKed any RCTP TO, duh. Len
[IMGate] Re: selective address verification
I have smtpd_recipient_restrictions check_recipient_maps working and dynamically updating this list/map for the domains that I host, but now I (am just getting around to.. ) would like to perform recipient address verification for the very few domains for which I relay mail, but don't control/host the email servers for. These domains are in above list as @domain.tld OK. So I would like to specify the short list of domains to invoke the verify server. It seems like if I turn this on toward the end of my smtpd_recipient_restrictions, that imgate will start a whole bunch of probes to my servers ? As usual I am probably very confused by the postfix manual. Please advise. one way is to create a restriction class for these domains, and process them separate for main branch of main.cf. /etc/postfix/reject_unverified_recipient.class contains: domain1.tld reject_unverified_recipient.class domain2.tld reject_unverified_recipient.class domain3.tld reject_unverified_recipient.class domain4.tld reject_unverified_recipient.class and then postmap it. it's a hash: file by default. in main.cf: #define the list of classes smtpd_restriction_classes = reject_unverified_recipient.class #define the restrictions to apply to this class reject_unverified_recipient.class = reject_unverified_recipient, . . . permit smtpd_recipient_restrcitions = . . . . hash:/etc/postfix/reject_unverified_recipient.class, reject_unlisted_recipient, . . . = the logic: 1) if the @recipient.domain matches the reject_unverified_recipient.class, the msg gets branched into handling by reject_unverified_recipient.class =, and DOESN'T RETURN to the main branch. So any restrictions that you want to apply to reject_unverified_recipient.class that come afterwards in main branch have to be also listed in the reject_unverified_recipient.class = branch. 2) if the @recipient.domain mismatches reject_unverified_recipient.class, the msg continues in the main branch. maybe there's a simpler way. I'm pooped. :) Len
[IMGate] Re: Been a while, need refresher
Getting this error in log. fatal: open database /etc/postfix/helo_hostnames.regexp.db: No such file or directory you need to put pcre:/etc/postfix/helo_hostnames.regexp postfix defaults to hash: and therefore with no pcre:, it tries find the hash: .db file Len
[IMGate] Re: Been a while, need refresher
Len Conrad wrote: Getting this error in log. fatal: open database /etc/postfix/helo_hostnames.regexp.db: No such file or directory you need to put pcre:/etc/postfix/helo_hostnames.regexp postfix defaults to hash: and therefore with no pcre:, it tries find the hash: .db file Len Yep, that did it, thanks! Jeff.
