Hello, A user complained of a message being bounced that shouldn't have been. He normally doesn't have any trouble receiving email from the sender.I can not determine why this happened, or what would be the next step to look at in order to resolve why it happened.
Any suggestions to point me in determining what caused this to happen would be appreciated. The message was a standard email, with an excel .xls attachment. We do not block xls attachments. >From my logs: Nov 20 13:22:21 mailgateway.forsythshirt.com /usr/sbin/amavisd[6586]: (06586-09) lookup (check_bann:[EMAIL PROTECTED]) => true, ["multipart/mixed","multipart/alternative","text/plain",".asc",".asc","filli ng orders towards the end of next week."] matches, result="1", matching_key="(?i-xsm:.\\.(mpg|avi|oog|ram|mov|qt|mp3|wav|ra|wmv|)$)" Here is my banned file settings: $banned_filename_re = new_RE( qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # block certain double extensions anywhere in the base name qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, qr'[{}]', # curly braces in names (serve as Class ID extensions - CLSID) qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| # wmf|wsc|wsf|wsh)$'ix, # banned ext - long # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. qr'^\.(exe-ms)$', # banned file(1) types # qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types qr'.\.(mpg|avi|oog|ram|mov|qt|mp3|wav|ra|wmv|)$'i, ); Regards, Rob Lewis ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/