1 (edited by dsp3 2017-01-31 23:47:18)

Topic: amavis Blocked BANNED

======== Required information ====
- iRedMail version (0.96):
- Linux/BSD distribution name and version: Centos7
- Store mail accounts in which backend (MySQL):
- Web server (Nginx):
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====
Since upgrading to 0.96 I'm having issues with amavis blocking some messages with attachments (.xlsx) Has something changed in the upgrade for these attachements to be blocked?

Jan 31 17:10:21 mail postfix/submission/smtpd[23037]: connect from unknown[185.xxx.xxx.xxx]
Jan 31 17:10:21 mail postfix/submission/smtpd[23037]: E40662405C3: client=unknown[185.xxx.xxx.xxx], sasl_method=PLAIN, sasl_username=user1@domain1.com
Jan 31 17:10:22 mail postfix/cleanup[23044]: E40662405C3: message-id=<1485874872.4810.7.camel@domain1.com>
Jan 31 17:10:22 mail postfix/qmgr[29145]: E40662405C3: from=<user1@domain1.com>, size=47179, nrcpt=1 (queue active)
Jan 31 17:10:22 mail postfix/submission/smtpd[23037]: disconnect from unknown[185.xxx.xxx.xxx]
Jan 31 17:10:22 mail amavis[22723]: (22723-04) Blocked BANNED (_rels) {NoBounceInternal}, ORIGINATING LOCAL [185.xxx.xxx.xxx]:35844 [185.xxx.xxx.xxx] <user1@domain1.com> -> <user2@domain2.com>, Queue-ID: E40662405C3, Message-ID: <1485874872.4810.7.camel@domain1.com>, mail_id: aGHefO_7HGi2, Hits: -, size: 47179, 201 ms
Jan 31 17:10:22 mail postfix/smtp[23048]: E40662405C3: to=<user2@domain2.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.42, delays=0.2/0.02/0/0.2, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=22723-04, DISCARD(bounce.suppressed))
Jan 31 17:10:22 mail postfix/qmgr[29145]: E40662405C3: removed

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by dsp3 2017-02-01 00:02:52)

Re: amavis Blocked BANNED

This is what has been added to /etc/amavisd/amavisd.conf since upgrading to 0.96

 $banned_namepath_re = new_RE(
    [qr'T=(zip|rar|arc|arj|zoo|gz|bz2)(,|\t)'xmi => 'DISCARD'],     # Compressed file types
    [qr'T=x-(msdownload|msdos-program|msmetafile|wmf)(,|\t)'xmi => 'DISCARD'],
    [qr'T=(hta)(,|\t)'xmi => 'DISCARD'],

    # Dangerous file types
    [qr'T=(9|386|LeChiffre|aaa|abc|aepl|ani|aru|atm|aut|b64|bat|bhx|bin|bkd|blf|bll|bmw|boo|bps|bqf|breaking_bad|buk|bup|bxz|cc|ccc|ce0|ceo|cfxxe|chm|cih|cla|class|cmd|com|cpl|crinf|crjoker|crypt|cryptolocker|cryptowall|ctbl|cxq|cyw|dbd|delf|dev|dlb|dli|dll|dllx|dom|drv|dx|dxz|dyv|dyz|ecc|exe|exe-ms|exe1|exe_renamed|exx|ezt|ezz|fag|fjl|fnr|fuj|good|gzquar|hlp|hlw|hqx|hsq|hts|iva|iws|jar|js|kcd|keybtc@inbox_com|let|lik|lkh|lnk|locky|lok|lol!|lpaq5|magic|mfu|micro|mim|mjg|mjz|mp3|nls|oar|ocx|osa|ozd|pcx|pgm|php2|php3|pid|pif|plc|pr|pzdc|qit|qrn|r5a|rhk|rna|rsc_tmp|s7p|scr|shs|ska|smm|smtmp|sop|spam|ssy|swf|sys|tko|tps|tsa|tti|ttt|txs|upa|uu|uue|uzy|vb|vba|vbe|vbs|vbx|vexe|vxd|vzr|wlpginstall|wmf|ws|wsc|wsf|wsh|wss|xdu|xir|xlm|xlv|xnt|xnxx|xtbl|xxe|xxx|xyz|zix|zvz|zzz)(,|\t)'xmi => 'DISCARD'],

    # Dangerous file name extensions
    [qr'N=.*\.(9|386|LeChiffre|aaa|abc|aepl|ani|aru|atm|aut|b64|bat|bhx|bin|bkd|blf|bll|bmw|boo|bps|bqf|breaking_bad|buk|bup|bxz|cc|ccc|ce0|ceo|cfxxe|chm|cih|cla|class|cmd|com|cpl|crinf|crjoker|crypt|cryptolocker|cryptowall|ctbl|cxq|cyw|dbd|delf|dev|dlb|dli|dll|dllx|dom|drv|dx|dxz|dyv|dyz|ecc|exe|exe-ms|exe1|exe_renamed|exx|ezt|ezz|fag|fjl|fnr|fuj|good|gzquar|hlp|hlw|hqx|hsq|hts|iva|iws|jar|js|kcd|keybtc@inbox_com|let|lik|lkh|lnk|locky|lok|lol!|lpaq5|magic|mfu|micro|mim|mjg|mjz|mp3|nls|oar|ocx|osa|ozd|pcx|pgm|php2|php3|pid|pif|plc|pr|pzdc|qit|qrn|r5a|rhk|rna|rsc_tmp|s7p|scr|shs|ska|smm|smtmp|sop|spam|ssy|swf|sys|tko|tps|tsa|tti|ttt|txs|upa|uu|uue|uzy|vb|vba|vbe|vbs|vbx|vexe|vxd|vzr|wlpginstall|wmf|ws|wsc|wsf|wsh|wss|xdu|xir|xlm|xlv|xnt|xnxx|xtbl|xxe|xxx|xyz|zix|zvz|zzz)$'xmi => 'DISCARD'],
); 

Removing this code fixes the issue.

3

Re: amavis Blocked BANNED

I have the same problem, also with pdf. xml and some image.ezm files that are embedded in some ms files, the logs list the banned events but not say the exact match who cause it, I dont see the pdf or xml extensions listed, maybe is heredated from some MIME type blocked.
Will be nice to know, what rule is making the blockage to act this way or why add this big list of filetypes if we cant know what is breaking the whole thing

4

Re: amavis Blocked BANNED

dsp3 wrote:

Removing this code fixes the issue.

Instead of removing whole setting, you'd better just remove the file extension you want to bypass.

jbou wrote:

Will be nice to know, what rule is making the blockage to act this way or why add this big list of filetypes if we cant know what is breaking the whole thing

"postmaster@<your_domain.com" should receive a email notice which clearly explains why it was banned. Please try to get the email.

5

Re: amavis Blocked BANNED

ZhangHuangbin wrote:
dsp3 wrote:

Removing this code fixes the issue.

Instead of removing whole setting, you'd better just remove the file extension you want to bypass.

jbou wrote:

Will be nice to know, what rule is making the blockage to act this way or why add this big list of filetypes if we cant know what is breaking the whole thing

"postmaster@<your_domain.com" should receive a email notice which clearly explains why it was banned. Please try to get the email.

The file extension .xlsx isn't listed in the code. What's to remove?

6

Re: amavis Blocked BANNED

dsp3 wrote:

The file extension .xlsx isn't listed in the code. What's to remove?

Does your mail account "postmaster@<domain>" receive an email notification about this ban?

7

Re: amavis Blocked BANNED

ZhangHuangbin wrote:
dsp3 wrote:

The file extension .xlsx isn't listed in the code. What's to remove?

Does your mail account "postmaster@<domain>" receive an email notification about this ban?

No

8

Re: amavis Blocked BANNED

dsp3 wrote:
ZhangHuangbin wrote:
dsp3 wrote:

Removing this code fixes the issue.

Instead of removing whole setting, you'd better just remove the file extension you want to bypass.

jbou wrote:

Will be nice to know, what rule is making the blockage to act this way or why add this big list of filetypes if we cant know what is breaking the whole thing

"postmaster@<your_domain.com" should receive a email notice which clearly explains why it was banned. Please try to get the email.

The file extension .xlsx isn't listed in the code. What's to remove?

The reason why xlsx, docx etc. are banned is caused by this line:
[qr'T=(zip|rar|arc|arj|zoo|gz|bz2)(,|\t)'xmi => 'DISCARD'],     # Compressed file types
xlsx and docx is a zip archive containing various xml and xsd files which constitute the Excel and Word documents.

9 (edited by maxomomo 2017-02-02 06:08:53)

Re: amavis Blocked BANNED

[qr'T=(zip|rar|arc|arj|zoo|gz|bz2)(,|\t)'xmi => 'DISCARD'],     # Compressed file types
xlsx and docx is a zip archive containing various xml and xsd files which constitute the Excel and Word documents.

Got bitten by this setting as well.
Such Mails (simple zip archive attached) are getting banned, and disappear without notice (no mail to postmaster), no notice to sender.

Is there a way to at least activate such a notice mail to postmaster?

Even better way: let mail through, but scrub the offending attachement, an add a note about scrubbing to the mail. possible, and if yes how?

Thanks,
Max

10 (edited by mir 2017-02-02 07:49:13)

Re: amavis Blocked BANNED

maxomomo wrote:

[qr'T=(zip|rar|arc|arj|zoo|gz|bz2)(,|\t)'xmi => 'DISCARD'],     # Compressed file types
xlsx and docx is a zip archive containing various xml and xsd files which constitute the Excel and Word documents.

Got bitten by this setting as well.
Such Mails (simple zip archive attached) are getting banned, and disappear without notice (no mail to postmaster), no notice to sender.

Is there a way to at least activate such a notice mail to postmaster?

Even better way: let mail through, but scrub the offending attachement, an add a note about scrubbing to the mail. possible, and if yes how?

Thanks,
Max

I think this setting is completely stupid which is why I have commented it in my configuration.

11

Re: amavis Blocked BANNED

I have the same problem ! no reason to block (even on postmaster@...)

12

Re: amavis Blocked BANNED

I have the same problem too (http://www.iredmail.org/forum/topic1231 … anned.html). Someone has resolved?

13 (edited by dsp3 2017-02-03 00:12:58)

Re: amavis Blocked BANNED

vinacc wrote:

I have the same problem too (http://www.iredmail.org/forum/topic1231 … anned.html). Someone has resolved?

Yes, remove the code that was added to amavisd.conf when upgrading from 0.95 to 0.96 and restart amavisd.
This is the temporary solution.

14

Re: amavis Blocked BANNED

maxomomo wrote:

[qr'T=(zip|rar|arc|arj|zoo|gz|bz2)(,|\t)'xmi => 'DISCARD'],     # Compressed file types

Please remove 'zip|' in this line in Amavisd config file.

== UPDATE ==

Repacked iRedMail-0.9.6 with this fix.