1 Topic by jack

  • jack
  • Member
  • Offline
  • Registered: 2015-01-13
  • Posts: 22

Topic: Amavis BANNED issue - Round #2

==== Required information ====
- iRedMail version (check /etc/iredmail-release): v0.9.6
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? V2.5.0
- Related log if you're reporting an issue: maillog
====

Still blocking (BANNED) .emz emails - see previous post - see snippit below:

Mar  8 16:38:55 michael1 amavis[30268]: (30268-13) Blocked BANNED (.dat,image001.emz) {NoBounceInbound},

I allowed zip attachments which definitely is working for zip files.  Plus I now inform the senders that their emails are BANNED.  But the basic problem still exists and there is no way for me to recreate this since I don't know what is creating these files in the first place.  I believe it may be Outlook 365 but that is only a guess.

Thanks - Jack

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ThASattler

  • ThASattler
  • Member
  • Offline
  • Registered: 2016-10-15
  • Posts: 44

Re: Amavis BANNED issue - Round #2

jack wrote:

Still blocking (BANNED) .emz emails - see previous post - see snippit below:

Mar  8 16:38:55 michael1 amavis[30268]: (30268-13) Blocked BANNED (.dat,image001.emz) {NoBounceInbound},

We had also a .emz mail banned. The attachment "image001.emz" was a compressed "image001.wmf" and "wmf" files were banned.

Please check if you ban "wmf" (or "emf") files. Don't ban "wmf" files and try again.

3 Reply by jack

  • jack
  • Member
  • Offline
  • Registered: 2015-01-13
  • Posts: 22

Re: Amavis BANNED issue - Round #2

ThASattler wrote:

We had also a .emz mail banned. The attachment "image001.emz" was a compressed "image001.wmf" and "wmf" files were banned.

Please check if you ban "wmf" (or "emf") files. Don't ban "wmf" files and try again.

Yes, wmf files were definitely being banned.  I've removed wmf from amavisd.conf and we'll see what happens.

Thanks - Jack

4 Reply by jack

  • jack
  • Member
  • Offline
  • Registered: 2015-01-13
  • Posts: 22

Re: Amavis BANNED issue - Round #2

Evidently that did NOT solve the problem.  I just received another BANNED email due to .emz  I did verify in two separate senders that this is coming from Outlook 365.

Any thoughts??

--- Jack

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Amavis BANNED issue - Round #2

If you have a .emz file, please run command "file xxx.emz" to see which file type it is.

6 Reply by jack

  • jack
  • Member
  • Offline
  • Registered: 2015-01-13
  • Posts: 22

Re: Amavis BANNED issue - Round #2

ZhangHuangbin wrote:

If you have a .emz file, please run command "file xxx.emz" to see which file type it is.

Good thought!  However, I don't have an EMZ file since these messages can't come in to me.

However, in doing further online research one site states that an EMZ file is an EMF file compressed with gzip.  In my amavisd.conf, gzip is not banned, but gz is.  So I've allowed gz now to see if that helps.

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Amavis BANNED issue - Round #2

File compressed with gzip is 'xxx.gz'.

I will remove the ban rule for compress files in next iRedMail release.

8 Reply by ThASattler

  • ThASattler
  • Member
  • Offline
  • Registered: 2016-10-15
  • Posts: 44

Re: Amavis BANNED issue - Round #2

jack wrote:

Good thought!  However, I don't have an EMZ file since these messages can't come in to me.

You could turn on quarantine for banned files as we did (see Amavis BANNED issue - Round #1). Then you can release blocked mails (If you want to release mails from sql quarantine you have patch amavisd-release - see my posts in this forum).

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Amavis BANNED issue - Round #2

ThASattler wrote:

f you want to release mails from sql quarantine you have patch amavisd-release - see my posts in this forum)

To avoid confusion: with iRedAdmin-Pro, no patch required.

10 Reply by jack

  • jack
  • Member
  • Offline
  • Registered: 2015-01-13
  • Posts: 22

Re: Amavis BANNED issue - Round #2

ZhangHuangbin wrote:
ThASattler wrote:

f you want to release mails from sql quarantine you have patch amavisd-release - see my posts in this forum)

To avoid confusion: with iRedAdmin-Pro, no patch required.

Thank you both!  I did turned on the sql quarantine which is helpful - although I quickly realized that I should not have also turned it on for SPAM!  However, since I removed gz from being banned in amavisd.conf I have had no more issues for the past couple days.  Of course, that could also mean that no one is currently sending image00x.emz attachments but I have no way of knowing.

So let's claim victory and close this string.  If it crops up again, I can always start Round #3

Thanks again!!  --- Jack