I'm having a problem with amavis on my Centos 7 machine (amavisd-new 2.12.0, postfix 2.10.1, ISPConfig Version: 3.1dev). I'm trying to configure amavis so that it discards emails with encrypted .zip or .rar files attached. (sender gets a notification of undelivered email because of non-allowed content and a notification is also sent to virusalert-at-machine-domain.com as notification of what happened. The alias of virusalert is already configured, I receive those emails in my mailbox). At the moment, amavis detects the encrypted package attached to an email, but it forwards it to the recipient anyway and it sends to virusalert mailbox a notification of what has been done. Here's the message I receive from virusalert-at-machine-domain.com: (I've sent an email from our internal mail server, that uses the one with amavis configured as relay, to my personal mailbox) Code: No viruses were found. Content type: UncheckedEncrypted Internal reference code for the message is 21621-04/VDsYr4oLBKP5 First upstream SMTP client IP address: [Sender IP]:7555 Sender rDNS Received trace: ESMTPA://[Sender IP]:7555 < Microsoft_SMTP_Server://InternalServerIP < mapi:// Return-Path: <me-at-mydomain.com> From: "My user" <me-at-mydomain.com> Message-ID: <81c03676859d4503bf70c4e14de4cb4e-at-mydomain.com> Subject: Test encrypted archive Not quarantined. The message WILL BE relayed to: <me-at-my-test-domain.com> Postfix's log shows the following: Code: postfix/smtpd[21623]: connect from myhost[myIP] postfix/smtpd[21623]: NOQUEUE: filter: RCPT from myhost[myIP]: <me-at-mydomain.com>: Sender address triggers FILTER amavis: [127.0.0.1]:10026; from=<me-at-mydomain.com> to=<me-at-my-test-domain.com> proto=ESMTP helo=<SMTP.local> postfix/smtpd[21623]: 53BFA7FB: myhost[myIP], sasl_method=LOGIN, sasl_username=myusername postfix/cleanup[21634]: 53BFA7FB: message-id=<81c03676859d4503bf70c4e14de4cb4e-at-mydomain.com> postfix/qmgr[20232]: 53BFA7FB: from=<me-at-mydomain.com>, size=28650, nrcpt=1 (queue active) postfix/smtpd[21623]: disconnect from myhost[myIP] postfix/smtpd[21639]: connect from localhost[127.0.0.1] postfix/smtpd[21639]: C04406DC: client=localhost[127.0.0.1] postfix/cleanup[21647]: C04406DC: message-id=<VAVDsYr4oLBKP5-at-machine-domain.com> postfix/qmgr[20232]: C04406DC: from=<postmaster-at-machine-domain.com>, size=3126, nrcpt=1 (queue active) postfix/smtpd[21639]: disconnect from localhost[127.0.0.1] postfix/cleanup[21634]: CA805A93: message-id=<VAVDsYr4oLBKP5-at-machine-domain.com> postfix/qmgr[20232]: CA805A93: from=<postmaster-at-machine-domain.com>, size=3261, nrcpt=1 (queue active) postfix/local[21678]: C04406DC: to=<virusalert-at-machine-domain.com>, relay=local, delay=0.05, delays=0.02/0.03/0/0.01, dsn=2.0.0, status=sent (forwarded as CA805A93) postfix/qmgr[20232]: C04406DC: removed postfix/smtpd[21646]: connect from localhost[127.0.0.1] postfix/smtpd[21646]: D5426A67: client=localhost[127.0.0.1] postfix/cleanup[21647]: D5426A67: message-id=<81c03676859d4503bf70c4e14de4cb4e-at-domain.com> postfix/qmgr[20232]: D5426A67: from=<me-at-mydomain.com>, size=29603, nrcpt=1 (queue active) postfix/smtpd[21646]: disconnect from localhost[127.0.0.1] amavis[21621]: (21621-04) Passed UNCHECKED-ENCRYPTED {RelayedOutbound}, ORIGINATING LOCAL [myIP]:7555 [myIP] <me-at-mydomain.com> -> <me-at-my-test-domain.com>, Queue-ID: 53BFA7FB, Message-ID: <81c03676859d4503bf70c4e14de4cb4e-at-mydomain.com>, mail_id: VDsYr4oLBKP5, Hits: -0.998, size: 28650, queued_as: D5426A67, dkim_new=default:domain.com, 2477 ms postfix/smtp[21635]: 53BFA7FB: to=<me-at-my-test-domain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=2.6, delays=0.08/0/0/2.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as D5426A67) postfix/qmgr[20232]: 53BFA7FB: removed dovecot: lda(me-at-mydomain.com): sieve: msgid=<VAVDsYr4oLBKP5-at-machine-domain.com>: stored mail into mailbox 'INBOX' postfix/pipe[21679]: CA805A93: to=<me-at-mydomain.com>, orig_to=<virusalert-at-machine-domain.com>, relay=dovecot, delay=0.08, delays=0.01/0.02/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service) postfix/qmgr[20232]: CA805A93: removed Why amavis detects the emails correctly but it just marks them as ***Passed UNCHECKED-ENCRYPTED*** and forwards them to the recipient anyway? I've researched online for the correct configuration to stop forwarding messages that attach encrypted archives (or gets marked as unchecked-encrypted by amavis), but so far nothing fully works. Can someone help me? Thanks a lot
