1 Topic by tapp

  • tapp
  • Member
  • Offline
  • Registered: 2017-02-24
  • Posts: 13

Topic: Why some emails are not bounced?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 MARIADB edition.
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====
Hello,
I'm having some issues related to bouncing messages with not allowed content. I've tried to follow directions from http://www.iredmail.org/docs/quarantining.html but to no avail.

F.i., if someone sends an email with a .exe file attached, a bounce message is received. This is as expected.
However, if someone sends an email with a .js file, the email is banned:

Mar 10 10:22:20 xmail amavis[22457]: (22457-03) Blocked BANNED (application/javascript,.asc,navi.js) {NoBounceInbound,Quarantined}, [17.172.80.97]:35067 [17.172.80.97] <xxxx@xxxx.com> -> , quarantine: XYgvEOhuQMRr, Queue-ID: 4F452804F038, Message-ID: <a4d6be5b-3d28-76a1-9e47-dee10dbcf9d3@xxxx.com>, mail_id: XYgvEOhuQMRr, Hits: -, size: 2555, dkim_sd=4d515a:xxxx.com, 150 ms
Mar 10 10:22:20 xmail postfix/smtp-amavis/smtp[22409]: 4F452804F038: to=<xxxx@xxxx.xxx>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.34, delays=0.18/0/0/0.15, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=22457-03, DISCARD(bounce.suppressed))

Configuration in amavisd.conf is as follows:

# Banned
$final_banned_destiny = D_BOUNCE;
#$banned_files_quarantine_method = undef;
$banned_files_quarantine_method = 'sql:';
$banned_quarantine_to = 'banned-quarantine';

However, If I set D_REJECT in final_banned_destiny, then a reject message is sent to the sender. It seems as if the bouncing is not correctly working.

Also, I see that no messages are being quarantined on the server, although they should be.

Any suggestions?

Thanks in advance.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Why some emails are not bounced?

tapp wrote:

However, if someone sends an email with a .js file, the email is banned:

Check Amavisd config file, parameter "$banned_namepath_re =". "js" is banned because it's dangerous due to used by phishing email.

3 Reply by tapp

  • tapp
  • Member
  • Offline
  • Registered: 2017-02-24
  • Posts: 13

Re: Why some emails are not bounced?

Thanks, that seems reasonable no me.

However, my main concern is with the second part of my previous message:

Configuration in amavisd.conf is as follows:
# Banned
$final_banned_destiny = D_BOUNCE;
#$banned_files_quarantine_method = undef;
$banned_files_quarantine_method = 'sql:';
$banned_quarantine_to = 'banned-quarantine';
However, If I set D_REJECT in final_banned_destiny, then a reject message is sent to the sender. It seems as if the bouncing is not correctly working
Also, I see that no messages are being quarantined on the server, although they should be.

Why no notifications regarding banned messsages are being sent (at least to the recipient)?

Thanks in advance.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Why some emails are not bounced?

Show us FULL log in Postfix log file related to your testing email.

About quarantining, does it work if you set to 'D_DISCARD'?

5 Reply by tapp

  • tapp
  • Member
  • Offline
  • Registered: 2017-02-24
  • Posts: 13

Re: Why some emails are not bounced?

ZhangHuangbin wrote:

Show us FULL log in Postfix log file related to your testing email.

About quarantining, does it work if you set to 'D_DISCARD'?

Hello,

This is the log when I try to send an email with an attached js file:

Mar 17 12:55:12 xmail amavis[7445]: (07445-03) Blocked BANNED (application/javascript,.asc,navi.js) {NoBounceInbound,Quarantined}, [17.172.80.98]:57646 [17.172.80.98] <xxxxx@icloud.com> -> , quarantine: iSb1F17Ufkc7, Queue-ID: 702F0809C745, Message-ID: <1a84e688-0d42-5409-526b-4c5016a8543e@icloud.com>, mail_id: iSb1F17Ufkc7, Hits: -, size: 2583, dkim_sd=4d515a:icloud.com, 140 ms
Mar 17 12:55:12 xmail postfix/smtp-amavis/smtp[7649]: 702F0809C745: to=<xxxxx@xxxxx.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.36, delays=0.22/0/0/0.14, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=07445-03, DISCARD(bounce.suppressed))

No bounce email is being sent to the originator or recipient of the email.
The current settings are:

# Banned
$final_banned_destiny = D_BOUNCE;
#$banned_files_quarantine_method = undef;
$banned_files_quarantine_method = 'sql:';
$banned_quarantine_to = 'banned-quarantine';

However, if I set D_REJECT instead of D_BOUNCE, the originator DOES receive an 'Undelivered Mail Returned to Sender' email message. In this case, the following are the logs:

Mar 17 13:01:27 xmail amavis[8262]: (08262-05) Blocked BANNED (application/javascript,.asc,navi.js) {RejectedInbound,Quarantined}, [17.172.80.97]:53222 [17.172.80.97] <xxxxx@icloud.com> -> , quarantine: 1PN77yC0K-eB, Queue-ID: 1C885809C74B, Message-ID: <118cdef1-8f59-f593-d9a1-3dc34ee1cd15@icloud.com>, mail_id: 1PN77yC0K-eB, Hits: -, size: 2585, dkim_sd=4d515a:icloud.com, 136 ms
Mar 17 13:01:27 xmail postfix/10025/smtpd[8140]: disconnect from xmail.xxxxx.com[127.0.0.1]
Mar 17 13:01:27 xmail postfix/smtpd[7634]: disconnect from st11p00im-asmtp003.me.com[17.172.80.97]
Mar 17 13:01:27 xmail postfix/smtp-amavis/smtp[8091]: 1C885809C74B: to=<xxxxx@xxxxx.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.35, delays=0.21/0/0.01/0.14, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=08262-05 - BANNED: application/javascript,.asc,navi.js (in reply to end of DATA command))

Any suggestions?

Thank you very much in advance.

Best regards,

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Why some emails are not bounced?

Seems Amavisd changed the behaviour of D_BOUNCE. It's better post to Amavisd mailing list to get answer from Amavisd developers.
https://amavis.org/#support