Hello,
A user complained of a message being bounced that shouldn't have been. He
normally doesn't have any trouble receiving email from the sender.I can not
determine why this happened, or what would be the next step to look at in
order to resolve why it happened.
Any suggestions to point me in determining what caused this to happen would
be appreciated.
The message was a standard email, with an excel .xls attachment. We do not
block xls attachments.
>From my logs:
Nov 20 13:22:21 mailgateway.forsythshirt.com /usr/sbin/amavisd[6586]:
(06586-09) lookup (check_bann:[EMAIL PROTECTED]) => true,
["multipart/mixed","multipart/alternative","text/plain",".asc",".asc","filli
ng orders towards the end of next week."] matches, result="1",
matching_key="(?i-xsm:.\\.(mpg|avi|oog|ram|mov|qt|mp3|wav|ra|wmv|)$)"
Here is my banned file settings:
$banned_filename_re = new_RE(
qr'^UNDECIPHERABLE$', # is or contains any undecipherable
components
# block certain double extensions anywhere in the base name
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
qr'[{}]', # curly braces in names (serve as Class ID extensions
- CLSID)
qr'^application/x-msdownload$'i, # block these MIME
types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME
types
[ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in
Unix-compressed
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type
archives
[ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such
archives
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension -
basic
#
qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#
inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
# wmf|wsc|wsf|wsh)$'ix, # banned ext - long
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension -
WinZip vulnerab.
qr'^\.(exe-ms)$', # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
qr'.\.(mpg|avi|oog|ram|mov|qt|mp3|wav|ra|wmv|)$'i,
);
Regards,
Rob Lewis
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
