Am 09.03.2021 16:26, schrieb Evgeniy Berdnikov via Exim-users:
On Tue, Mar 09, 2021 at 03:28:25PM +0100, Luca Bertoncello via
Exim-users wrote:
Now, this is for me a confirmation, that Kaspersky want to send an
E-Mail...
Of course, I cannot leave the situation so, since the sender will
retry
On Tue, Mar 09, 2021 at 03:28:25PM +0100, Luca Bertoncello via Exim-users wrote:
> Now, this is for me a confirmation, that Kaspersky want to send an E-Mail...
> Of course, I cannot leave the situation so, since the sender will retry to
> send the E-Mail...
Sender should NOT send e-mail after
Am 09.03.2021 14:38, schrieb Jeremy Harris via Exim-users:
Hi Jeremy
Look into the docs description of acl_not_smtp. The data
ACL is called after an SMTP DATA command finishes, and your
message source is not SMTP.
So, I see, the "phantom E-Mail" contains an Header X-Loop.
So I create an ACL
On 09/03/2021 13:21, Luca Bertoncello via Exim-users wrote:
The virus-checking is in the data-ACL:
Look into the docs description of acl_not_smtp. The data
ACL is called after an SMTP DATA command finishes, and your
message source is not SMTP.
--
Cheers,
Jeremy
--
## List details at
On 09/03/2021 10:25, Luca Bertoncello via Exim-users wrote:
2021-03-09 09:56:29 1lJYAH-lJ-75 <= lucab...@lucabert.de U=Debian-exim
P=local S=3031
2021-03-09 09:56:29 1lJYAH-lJ-75 => l.bertonce...@queo-group.com
R=ciphermail_ext_to_int_gw T=ciphermail_smtp H=127.0.0.1 [127.0.0.1]
Am 09.03.2021 14:11, schrieb Jeremy Harris via Exim-users:
On 09/03/2021 10:25, Luca Bertoncello via Exim-users wrote:
2021-03-09 09:56:29 1lJYAH-lJ-75 <= lucab...@lucabert.de
U=Debian-exim P=local S=3031
2021-03-09 09:56:29 1lJYAH-lJ-75 => l.bertonce...@queo-group.com
Am 09.03.2021 13:44, schrieb Evgeniy Berdnikov via Exim-users:
Hi
Line
${dlfunc{/opt/kaspersky/klms/lib64/libklms-exim.so}{scan}{${spool_directory}/input}}
suggests that library entry point is called "scan".
Could you suggest me how to call it? And maybe (since it logs a huge
amount of
On Tue, Mar 09, 2021 at 01:18:53PM +0100, Luca Bertoncello via Exim-users wrote:
> > It can be finally confirmed with ltrace or gdb run,
> > and it should disappear if you remove library call.
>
> OK, I tried to start:
>
> ltrace exim -bh...
>
> But I don't see any call to/from Kaspersky...
Am 09.03.2021 13:06, schrieb Evgeniy Berdnikov via Exim-users:
Hi
This is my /tmp/sendmail.log:
6366 pts/0S+ 0:00 exim -d+all -bh 185.242.112.224
Do I understand correctly, that Exim generate the E-Mail?
Yes, this is what expected if Kaspersky library spawns child process.
It
On Tue, Mar 09, 2021 at 12:53:09PM +0100, Luca Bertoncello via Exim-users wrote:
> > I suspect Kaspersky library as source of this process.
>
> I suspect it too, but I'd like to confirm that...
...
> This is my /tmp/sendmail.log:
>
> 6366 pts/0S+ 0:00 exim -d+all -bh 185.242.112.224
>
Am 09.03.2021 12:10, schrieb Evgeniy Berdnikov via Exim-users:
Hi Evgeniy
Where the evil comes this sendmail-call?!?
I suspect Kaspersky library as source of this process.
I suspect it too, but I'd like to confirm that...
There are simple ways to check it:
1. Run exim -bh under
On Tue, Mar 09, 2021 at 11:49:41AM +0100, Luca Bertoncello via Exim-users wrote:
> 2021-03-09 11:44:14.593 [24107] cwd=/var/spool/exim4 5 args:
> /usr/sbin/sendmail -i -f lucab...@lucabert.de
> l.bertonce...@queo-group.com
...
> 2021-03-09 11:44:14.770 [24109] 1lJZqY-0006Gp-JE Completed QT=0.174s
Am 09.03.2021 11:45, schrieb Evgeniy Berdnikov via Exim-users:
On Tue, Mar 09, 2021 at 11:25:20AM +0100, Luca Bertoncello via
Exim-users wrote:
In Exim mainlog I can just see, that the E-Mail was sent:
2021-03-09 09:56:29 1lJYAH-lJ-75 <= lucab...@lucabert.de
U=Debian-exim P=local S=3031
Am 09.03.2021 10:42, schrieb Evgeniy Berdnikov via Exim-users:
Your debug log does not show any invocation of transport. If mail
really
appears in the destination mailbox, next point of investigation should
be
Kaspersky. But it is very unlikely that Kaspersky can do direct
delivery
to
On Tue, Mar 09, 2021 at 11:25:20AM +0100, Luca Bertoncello via Exim-users wrote:
> In Exim mainlog I can just see, that the E-Mail was sent:
>
> 2021-03-09 09:56:29 1lJYAH-lJ-75 <= lucab...@lucabert.de
> U=Debian-exim P=local S=3031
> 2021-03-09 09:56:29 1lJYAH-lJ-75 =>
Am 09.03.2021 10:42, schrieb Evgeniy Berdnikov via Exim-users:
Hi Evgeniy
Your debug log does not show any invocation of transport. If mail
really
appears in the destination mailbox, next point of investigation should
be
This is what I suppose, too...
Kaspersky. But it is very unlikely
On Tue, Mar 09, 2021 at 09:49:55AM +0100, Luca Bertoncello via Exim-users wrote:
> This is very strange... I tried to add a "deny" just after the check
> by Kaspersky:
>
> warn condition = ${if def:h_X-Ciphermail {false}{true}}
> condition = ${if eq {$acl_m_dontAVscan}{}
Am 09.03.2021 09:49, schrieb Luca Bertoncello via Exim-users:
The strange is, that the E-Mail just be submitted if it contains a ZIP
file as attachment. For example, an E-Mail with a PNG will not be
resubmitted...
Even stranger...
The behaviour happens just if an E-Mail was sent with a
Am 24.02.2021 13:31, schrieb Jeremy Harris via Exim-users:
Hi again
Add debug options to your -bh repeat-by,
and follow through the flow of the ACLs.
This is very strange... I tried to add a "deny" just after the check by
Kaspersky:
warn condition = ${if def:h_X-Ciphermail
Am 24.02.2021 14:14, schrieb Heiko Schlittermann via Exim-users:
Hi Heiko
Ok, it *seems* that Exim rejects the message.
But … please show us your ACL.
Could someone help me finding the problem?
There is the *fakereject* ACL verb, did you use it?
I think I found the problem...
It seems,
Hi Lucabert,
Luca Bertoncello via Exim-users (Mi 24 Feb 2021 13:19:13
CET):
> So I tried with an E-Mail we received yesterday. The E-Mail contains an
> encrypted Excel and Avast refused the E-Mail since the file is password
> protected (OK, the file is clean, I'm sure of that! And Avast should
On 24/02/2021 12:19, Luca Bertoncello via Exim-users wrote:
I tried with exim -bh. I see:
deny: condition test succeeded in ACL "acl_check_data"
end of ACL "acl_check_data": DENY
unspool_mbox(): unlinking
'/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1-0'
unspool_mbox():
Hi list!
I have a very strange problem...
By some E-Mails (no template found) the sender will be notified that the
E-Mail contains a virus, but the recipient receives the E-Mail.
Some words about our configuration: we have three Antivirus (Kasperski,
Avast and ClamAV). If at least one of
23 matches
Mail list logo