1 Topic by queliton (edited by queliton 2010-02-24 05:00:26)

  • queliton
  • Member
  • Offline
  • Registered: 2010-02-24
  • Posts: 5

Topic: How to block extensions with Amavisd-new?

Hello all hope I'm not breaking any rules or posting this in the wrong area.

my Linux is 32bit CentOS 5.2
I installed and followed the guide: iRedMail-0.5.0.tar.bz2 2009-08-16. Works on RHEL / CentOS / Debian / Ubuntu.


My problem is the following:

installed and loved this one server solution for email, so I came across disability (perhaps because it is my beginner) to block certain extensions of attachments, eg mp3, avi, mpg, etc..
as did the documentation of amavisd-new:

@

  qr '. \. (exe | vbs | pif | scr | cpl | mp3) $' i, # banned extension - basic

@

and already includes the end of the file "/ etc / amavisd.conf" the following line:

@

$ banned_filename_re new_RE = (
qr '. \. (bat | exe | scr | mp3) $' i,
qr '. ^ \. (exe | zip | lha | tnef | mp3) $' i,
);

@


So well that even when I send an e-mail with an attachment I get the mp3 file normally in another account.
When I look at "/ var / log / maillog" I see that it delivers the message with the following log:

@

[root @ mail ~] # tail-f / var / log / maillog | grep mymail@mydomain
Feb 23 17:46:32 mail postfix / qmgr [2770]: 87E8F500044: <mymail@mydomain > from =, size = 9653650, nrcpt = 1 (queue active)
Feb 23 17:46:41 mail amavis [2720]: (02720-01) Passed BANNED (audio / mpeg,. Dat, dragonforce-through_the_fire_and_flames.mp3), LOCAL [192.168.0.101] [192.168.0.101] <@ mymail@mydomain > -> <mymail@mydomain >, quarantine: banned-D4ubTm8CJu44, Message-ID: <00d601cab4c9 $ 46c78ef0 $ d456acd0 ind.br $ @>, mail_id: D4ubTm8CJu44, Hits: -, size: 9653650, queued_as: E84DD500051, 8744 ms
Feb 23 17:46:41 mail postfix / smtp [3171]: 87E8F500044: <mymail@mydomain > to =, relay = 127.0.0.1 [127.0.0.1]: 10024, delay = 12, delays = 3.6 / 0.06/0.08/8.7, dsn = 2.0.0, status = sent (250 2.0.0 Ok, id = 02720-01, from MTA ([127.0.0.1]: 10025): 250 2.0.0 Ok: queued as E84DD500051)
Feb 23 17:46:41 mail postfix / qmgr [2770]: E84DD500051: <mymail@mydomain > from =, size = 9654693, nrcpt = 1 (queue active)
Feb 23 17:46:43 mail postfix / pipe [3176]: E84DD500051: <mymail@mydomain > to =, relay = dovecot, delay = 3.1, delays = 1.9/0.05/0/1.1, dsn = 2.0 .0, status = sent (delivered via dovecot service)

@

I apologize for the broken English, the more I am Brazilian, I hope you help me with this doubt.

I thank you.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: How to block extensions with Amavisd-new?

queliton wrote:

Feb 23 17:46:41 mail amavis [2720]: (02720-01) Passed BANNED (audio / mpeg,. Dat, dragonforce-through_the_fire_and_flames.mp3)

Your settings is working, but banned email will be bypassed by default in iRedMail. You can change this setting in amavisd config:

# Set default action.
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_PASS;        # <-- Change this
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;

Would you mind share us your iRedMail story in our 'Success Stories' forum?
http://www.iredmail.org/forum/forum3-su … ories.html

3 Reply by queliton

  • queliton
  • Member
  • Offline
  • Registered: 2010-02-24
  • Posts: 5

Re: How to block extensions with Amavisd-new?

ZhangHuangbin wrote:
queliton wrote:

Feb 23 17:46:41 mail amavis [2720]: (02720-01) Passed BANNED (audio / mpeg,. Dat, dragonforce-through_the_fire_and_flames.mp3)

Your settings is working, but banned email will be bypassed by default in iRedMail. You can change this setting in amavisd config:

# Set default action.
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_PASS;        # <-- Change this
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;

Would you mind share us your iRedMail story in our 'Success Stories' forum?
http://www.iredmail.org/forum/forum3-su … ories.html



Thank you very much, it worked and I am 100% satisfying, I knew it was something simpler, it was my lack of knowledge, once again thank you very much even.

I made the change to:

# Set default action.
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_REJECT;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;

following log and result:
====> Feb 24 08:07:09 mail amavis[8106]: (08106-01) Blocked BANNED (audio/mpeg,.dat,dragonforce-through_the_fire_and_flames.mp3), LOCAL [192.168.0.101] [192.168.0.101]


and a Undelivered Mail Returned to Sender:
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

                   The mail system

<mymail@maydomain>: host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject,
    id=08106-01 - BANNED:
    audio/mpeg,.dat,dragonforce-through_the_fire_and_flames.mp3 (in reply to
    end of DATA command)

.

4 Reply by queliton

  • queliton
  • Member
  • Offline
  • Registered: 2010-02-24
  • Posts: 5

Re: How to block extensions with Amavisd-new?

without wanting to abuse, it is possible to block extension by mailbox or group or by host IP?
or has to be general, to all the domains?

thanks.

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: How to block extensions with Amavisd-new?

You can integrate Amavisd with LDAP, Amavisd will query some attributes from user object, e.g. allowed file types. it's per-user setting.

6 Reply by queliton

  • queliton
  • Member
  • Offline
  • Registered: 2010-02-24
  • Posts: 5

Re: How to block extensions with Amavisd-new?

ZhangHuangbin wrote:

You can integrate Amavisd with LDAP, Amavisd will query some attributes from user object, e.g. allowed file types. it's per-user setting.

hummm! ok.
More so will work with LDAP and not with MySQL right?
thanks

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: How to block extensions with Amavisd-new?

queliton wrote:

More so will work with LDAP and not with MySQL right?

Amavisd works with MySQL too smile

8 Reply by queliton (edited by queliton 2010-02-26 03:22:30)

  • queliton
  • Member
  • Offline
  • Registered: 2010-02-24
  • Posts: 5

Re: How to block extensions with Amavisd-new?

ZhangHuangbin wrote:
queliton wrote:

More so will work with LDAP and not with MySQL right?

Amavisd works with MySQL too smile

First of all thank you for your help, I understand that to make the blocking group by extensions or e-mail I need to integrate amavisd with LDAP.
It is possible to perform this block with it already integrated with MySQL?, because my server is in production and I am not very familiar with the LDAP configuration.

9 Reply by minhtuanvnn (edited by minhtuanvnn 2011-08-17 16:50:37)

  • minhtuanvnn
  • Member
  • Offline
  • Registered: 2011-08-17
  • Posts: 1

Re: How to block extensions with Amavisd-new?

Follow your guide but when test acttach file with .exe extension, it's not work. I use iRedMail-0.7.2.tar.bz2 - Centos 5.5

10 Reply by gotanbl

  • gotanbl
  • Member
  • Offline
  • Registered: 2011-07-25
  • Posts: 8

Re: How to block extensions with Amavisd-new?

iRedMail-0.7.3.tar.bz2 - Centos 6.0

Also, for me don't work with .exe extension!

In /var/log/maillog are:

amavis[2620]:<026201-01> Passed CLEAN, MYNETS/MYUSERS ...

In /etc/amavis/amavis.conf is:
................
qr'.\.(exe|mp3|vbs)$'i,
qr'.^\.(exe|mp3|vbs)$'i,
..........
Any suggestion?

11 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: How to block extensions with Amavisd-new?

Could you please paste your Amavisd config of below setting:

$policy_bank['MYNETS'] =
$policy_bank['MYUSERS'] =

12 Reply by gotanbl

  • gotanbl
  • Member
  • Offline
  • Registered: 2011-07-25
  • Posts: 8

Re: How to block extensions with Amavisd-new?

ZhangHuangbin wrote:

Could you please paste your Amavisd config of below setting:

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 1, # enables disclaimer insertion if available
};

# it is up to MTA to re-route mail from authenticated roaming users or
# from internal hosts to a dedicated TCP port (such as 10026) for filtering
$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["root\@$mydomain"],
  spam_admin_maps  => ["root\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};
$policy_bank['MYUSERS'] =
$policy_bank{'MYUSERS'} = {
    # declare that mail was submitted by our smtp client
    originating => 1,

    # enables disclaimer insertion if available
    allow_disclaimers => 1,

    # notify administrator of locally originating malware
    virus_admin_maps => ["root\@$mydomain"],
    spam_admin_maps  => ["root\@$mydomain"],
    warnbadhsender   => 0,
    warnvirussender  => 1,
    warnspamsender   => 1,

    # forward to a smtpd service providing DKIM signing service
    #forward_method => 'smtp:[127.0.0.1]:10027',

    # force MTA conversion to 7-bit (e.g. before DKIM signing)
    smtpd_discard_ehlo_keywords => ['8BITMIME'],

    # allow sending any file names and types
       bypass_banned_checks_maps => [1],
   # don't remove NOTIFY=SUCCESS option
    terminate_dsn_on_notify_success => 0,

    # don't perform spam/header/virus check.
    #bypass_spam_checks_maps => [1],
    #bypass_header_checks_maps => [1],
    #bypass_virus_checks_maps => [1],
};