Brian Wong wrote:
On 1/17/06, Michael Hall <[EMAIL PROTECTED]> wrote:
I use LDAP, and the attribute 'amavisBannedRuleNames' has me believing
I can create a named set of banned rules and reference them in the
users lookup table. Much like having different behavior in a policy
bank. Am I misinterpreting this attribute? If not, how can I go about
setting this up?
It has indeed been reported before I believe that this does not work with
LDAP, but I never got around to locate and fix the problem, mostly because
I'm not running LDAP myself. The bug should not be that deep, I would
appreciate help here from interested parties.
Sorry to jump in late.
What seems to be the issue? I've never used 'banned rules', doesn't LDAP
just store the names (which are defined elsewhere). Do you have an
example configuration that I could setup and use for testing?
Preliminary testing has shown that the existence of the
'amavisBannedRuleNames' attribute in itself affects the outcome of the
banned tests in an undesirable way. My configuration file has the
following variables.
@banned_filename_maps = (
{'[EMAIL PROTECTED]' =>
'ALLOW_VCS'},
{'.' => 'DEFAULT'}
);
%banned_rules = ('DEFAULT' => $banned_filename_re,
'ALLOW_VCS' => new_RE( [qr'.\.vcs$' => 0] )
);
When ldap lookups are correctly configured and the
'amavisBannedRuleNames' attribute absent, sending a regular plain text
message goes through normally as expected. But when I add the
attribute with a value of 'ALLOW_VCS', a plain/text message is somehow
matched against this rule and is considered banned. I have no looked
at the code yet to determine why, but I would consider this a serious
problem. Attached are the level 5 logs with and without the attribute
for the given LDAP uid.
Maybe I'm way off base here, but in line 9083 of amavisd-new 2.3.3, the
AmavisdBannedRuleNames is going in as a list (L-) into
banned_filename_maps. Its the only list attribute mapping - everything
else is going in as a string or a boolean. Changing this to a string
(S-) might solve this problem, assuming that a user only needs to match
against a single banned ruleset.
I'll give this a go hopefully tomorrow. I have to first configure my
site for bypass mode by default - we tend to have a very permissive
default policies.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
