Re: [AMaViS-user] LDAP amavisBypassBannedChecks not working

Joel Nimety Tue, 26 Jul 2005 08:34:25 -0700

It would appear that MYNETS isn't working either because I have
bypass_banned_checks_maps => [1] in $policy_bank{'MYNETS'} and the email
log below is indicating CF/MYNETS (note: CF has
bypass_banned_checks_maps => [1] as well).



$policy_bank{'MYNETS'} = {  # mail originating from @mynetworks
        bypass_spam_checks_maps => [1], # Turn off spam checking for
locally originated emails
        bypass_banned_checks_maps => [1], # Turn off banned checking for
locally originated emails
};

$policy_bank{'CF'} = {
        bypass_spam_checks_maps         => [1], # Turn off spam checking
for locally originated emails
        bypass_banned_checks_maps       => [1], # Turn off banned
checking for locally originated emails
        forward_method                  => 'smtp:[127.0.0.1]:10226',  #
forward checked mail to postfix instance that handles
ContentFiltering/MailSafe
        notify_method                   => 'smtp:[127.0.0.1]:10225',  #
submit notifications through the usual smtp path
};


Joel Nimety wrote:
> Hello -- I've just upgrade to amavis-2.3.2. I'm using LDAP lookups for
> per domain/user maps.  I have a user who has BypassBannedChecks=TRUE set
> in LDAP yet he still is having attachments blocked.  I've turned up
> logging for myself using $debug_sender_acl and I've sent the user an
> .exe file.  Here's the log.  Notice that amavis successfully looks-up
> BypassBannedChecks=TRUE but still performs the banned blocking. Is this
> a bug? Please let me know if more information is required.  Thanks.
> 
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP< RCPT
> TO:<[EMAIL PROTECTED]>\r\n
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) query_keys:
> [EMAIL PROTECTED], rcpt@, rcptdomain.com, .rcptdomain.com, .com, .
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04)
> lookup_hash([EMAIL PROTECTED]), no matches
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup (local_domains)
> => undef, "[EMAIL PROTECTED]" does not match
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) query_keys:
> [EMAIL PROTECTED], @rcptdomain.com, @.rcptdomain.com, @.com, @.
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup_ldap
> "[EMAIL PROTECTED]", query keys: "[EMAIL PROTECTED]",
> "@rcptdomain.com", "@.rcptdomain.com", "@.com", "@.", base: o=na,
> filter: (&(objectclass=amavisaccount)(cybalternatedomain=%m))
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup_ldap: searching
> base="o=na", scope="sub",
> filter="(&(objectclass=amavisaccount)(|([EMAIL PROTECTED])([EMAIL 
> PROTECTED])([EMAIL PROTECTED])([EMAIL PROTECTED])([EMAIL PROTECTED])))"
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04)
> lookup_ldap([EMAIL PROTECTED]) matches,
> result=(cybalternatedomain=>"@rcptdomain.com",
> amavisbypassbannedchecks=>"TRUE", amavisbypassspamchecks=>"TRUE",
> amavisspamlover=>"TRUE", amavisbypassviruschecks=>"TRUE")
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavismessagesizelimit), no attribute,
> "[EMAIL PROTECTED]" result=undef
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup
> (message_size_limit) => undef, "[EMAIL PROTECTED]" does not match
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP> 250 2.1.5
> Recipient [EMAIL PROTECTED] OK
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP::10026
> /var/amavis/tmp/amavis-20050726T102756-32392: <[EMAIL PROTECTED]>
> -> <[EMAIL PROTECTED]> Received: SIZE=1685477 from
> mail06.perimeterco.com ([127.0.0.1]) by localhost
> (mail06.perimeterco.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP
> id 32392-04 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 10:29:38 -0400 (EDT)
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) Checking: EPI2-DPhWQFz
> CF/MYNETS [63.76.208.2] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbypassviruschecks) "[EMAIL PROTECTED]" result=(1)
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup
> (bypass_virus_checks) => true,  "[EMAIL PROTECTED]" matches,
> result="1", matching_key="/cached/"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbypassheaderchecks), no attribute,
> "[EMAIL PROTECTED]" result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) query_keys:
> [EMAIL PROTECTED], rcpt@, rcptdomain.com, .rcptdomain.com, .com, .
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_hash([EMAIL PROTECTED]), no matches
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup
> (bypass_header_checks) => undef, "[EMAIL PROTECTED]" does not match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup => true,
> "[EMAIL PROTECTED]" matches, result="1", matching_key="(constant:1)"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) p.path
> [EMAIL PROTECTED]: "P=p003,L=1,M=multipart/mixed |
> P=p001,L=1/1,M=text/plain,T=asc"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) p.path BANNED:1
> [EMAIL PROTECTED]: "P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms,N=dcom98.exe",
> matching_key="(?mix-s:(?# BLOCK COMMON NAME EXENSIONS )\n     ^ (.*\t)?
> N= [^\t\n]* \\.
> (pif|exe|cpl|swf|vbs|bat|cmd|com|dll|hta|js|jse|lnk|msi|ocx|reg|shs|vb|vbe|wsf|scr)
> (\t.*)? $)"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbannedfileslover), no attribute,
> "[EMAIL PROTECTED]" result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) query_keys:
> [EMAIL PROTECTED], rcpt@, rcptdomain.com, .rcptdomain.com, .com, .
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_hash([EMAIL PROTECTED]), no matches
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup
> (banned_files_lovers) => undef, "[EMAIL PROTECTED]" does not match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbannedquarantineto), no attribute,
> "[EMAIL PROTECTED]" result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup
> (banned_quarantine_to) => undef, "[EMAIL PROTECTED]" does not match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbannedadmin), no attribute, "[EMAIL PROTECTED]"
> result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_acl([EMAIL PROTECTED]), no match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup (banned_admin)
> => undef, "[EMAIL PROTECTED]" does not match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavislocal), no attribute, "[EMAIL PROTECTED]" result=1
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup (local_domains)
> => true,  "[EMAIL PROTECTED]" matches, result="1", matching_key="/cached/"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amaviswarnbannedrecip), no attribute,
> "[EMAIL PROTECTED]" result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup
> (warnbannedrecip) => true,  "[EMAIL PROTECTED]" matches, result="1",
> matching_key="(constant:1)"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) string_to_mime_entity
> To: <[EMAIL PROTECTED]>
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) (about to connect to
> [127.0.0.1]:10225) SEND via SMTP: <[EMAIL PROTECTED]> ->
> <[EMAIL PROTECTED]>Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> response to RCPT TO for <[EMAIL PROTECTED]>: "250 Ok"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) SEND via SMTP:
> <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, 250 2.6.0 Ok,
> id=32392-04, from MTA([127.0.0.1]:10225): 250 Ok: queued as 83BFC3A84A3
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) parse_received: for =
> <[EMAIL PROTECTED]>/<[EMAIL PROTECTED]>//
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) parse_received: for =
> <[EMAIL PROTECTED]>/<[EMAIL PROTECTED]>//
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) Blocked BANNED
> (P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms,N=dcom98.exe),
> CF/MYNETS LOCAL [63.76.208.2] [63.76.208.2] <[EMAIL PROTECTED]> ->
> <[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED]>,
> mail_id: EPI2-DPhWQFz, Hits: -, 1490 ms
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) sending LMTP response
> for <[EMAIL PROTECTED]>: "250 2.5.0 Ok [EMAIL PROTECTED], DSN sent
> (550 5.7.1 Message content rejected, id=32392-04 - BANNED:
> P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...)"Jul 26
> 10:29:39 mail06 amavis[32392]: (32392-04) LMTP> 250 2.5.0 Ok
> [EMAIL PROTECTED], DSN sent (550 5.7.1 Message content rejected,
> id=32392-04 - BANNED: P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...)
> Jul 26 10:29:39 mail06 postfix/lmtp[644]: C75993A8246:
> to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1], delay=5,
> status=sent (250 2.5.0 Ok [EMAIL PROTECTED], DSN sent (550 5.7.1
> Message content rejected, id=32392-04 - BANNED:
> P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...))
> 
> 
> 

-- 
Joel Nimety
Perimeter Internetworking Corp.
203.541.3416


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] LDAP amavisBypassBannedChecks not working

Reply via email to