Hi Eric, I tested by using other email account like yahoo, gmail and others domain from the same server. All emails with zip attachment to xxx.com were rejected by the qmailtoaster server.
So I wonder how some of the spam mail with zip attachment could be delivered to xxx.com? Is it possible to trace the process from the logs? Thanks for your time. Teruo -----Original Message----- From: Eric Broch [mailto:[email protected]] Sent: Friday, October 7, 2016 10:28 AM To: [email protected] Subject: Re: [qmailtoaster] Reject email with zip attachment Syntactically, I don't see any issues in your simcontrol file. The second (default) line is most likely what is allowing .zip files through though. Are you receiving zip files for xxx.com? On 10/6/2016 7:35 PM, Kan Teruo wrote: > Hi Eric, > > Since only some of the domain want to reject email with zip > attachment, so I keep the default setting in the last line. > > xxx.com:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif:.zip > :.rar > > :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif > > > The first line stated with > "xxx.com:clam=yes,spam=yes..................." is the domain which don't want to receive email with zip and rar attachment. > The last line started with ":clam=yes,spam=yes......................." > is the default setting for the rest of the domains. > > Is there anything wrong in my simcontrol file? > > Thanks, > Alex > > > -----Original Message----- > From: Eric [mailto:[email protected]] > Sent: Thursday, October 6, 2016 10:18 PM > To: [email protected] > Subject: Re: [qmailtoaster] Reject email with zip attachment > > Hi Teruo, > > A) Here's my tcp.smtp file: > > 1) Entry for localhost relay: > 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys > /%/private",RBLSMTPD="",NOP0FCHECK="1" > > 2) Entry for all others: > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER > _WRONG > RCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/ > contro l/domainkeys/%/private",NOP0FCHECK="1" > > B) It looks like in your simcontrol file that default processing (line > beginning with ':') allows .zip files through. > > Change > > :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif > > to > > :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif:.zip > > Eric > > > On 10/5/2016 7:55 PM, Kan Teruo wrote: >> Hi Eric, >> >> Thanks for your reply. >> Please refer to below: >> >> /var/qmail/control/simcontrol >> ============================================== >> xxx.com:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif:.zi >> p :.rar :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif >> >> /etc/tcprules.d/tcp.smtp >> ============================================== >> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSE >> R >> _WRONG >> RCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQ >> U >> EUE="/ >> var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmai >> l >> /contr >> ol/domainkeys/%/private" >> >> By the way, you said you setup mail coming from 127.0.0.1 not to use >> simscan. >> May I know how to do it? >> >> Thanks for your time and help. >> >> Teruo >> >> >> -----Original Message----- >> From: Eric [mailto:[email protected]] >> Sent: Wednesday, October 5, 2016 10:18 PM >> To: [email protected] >> Subject: Re: [qmailtoaster] Reject email with zip attachment >> >> Hi Teruo, >> >> 1) Can you dump the /var/qmail/control/simcontrol file for us send it >> to the list and /etc/tcprules.d/tcp.smtp ? >> >> 2) In simcontrol the ':' should only be between (a separator for) >> file types. >> >> So if you wanted to stop .zip attachments only it would be like this >> >> attach=.zip >> >> not >> >> attach=:.zip >> >> for multiple file types >> >> attach=.typ1:.typ2:.typ3:.typ4 >> etc... >> >> 3) Check /etc/tcprules.d/tcp.smtp >> >> In this file it is determined when simscan >> (QMAILQUE="/var/qmail/bin/simscan") is used. On my setups mail coming >> from >> 127.0.0.1 (localhost) simscan is not used so zip attachments would be >> allowed through. >> >> Eric >> >> On 10/5/2016 4:18 AM, Kan Teruo wrote: >>> Hi All, >>> >>> >>> >>> I had added attach=:.zip in the simcontrol and run the command >>> "qmailctl cdb". >>> >>> It seem work fine to reject all email with zip attachment. (at least >>> I tested by using different email accounts like gmail and yahoo) >>> >>> But I found that sometime still have spam mail with zip attachment >>> delivered into users' mailbox. >>> >>> I tried to check the log but couldn't find any idea why the spam >>> mail with zip attachment can be delivered to users' mailbox. >>> >>> >>> >>> Thanks! >>> >>> Teruo >>> >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> [email protected] >> For additional commands, e-mail: >> [email protected] >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> [email protected] >> For additional commands, e-mail: >> [email protected] >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: > [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: > [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
