Hi! How can I stop ISPC3 / amavisd-new from scanning outgoing mail? A client of mine often needs to send EXE or ZIP files but those mails don't get through, becuse the system bans them. Reconfiguring the mailbox filter does not work, whitelisting in ISPC3 does not work either, ... Thanks for your support, Alex
Normally .zip and exe files dont get banned by amavisd, I sent them regularily. Please post the headers of such a banned email.
Hi Till, here is the top part of the message including headers we get sent back: Return-Path: <MAILER-DAEMON> Delivered-To: [email protected] Received: from localhost (localhost [127.0.0.1]) by server1.domain.tld (Postfix) with ESMTP id 10908F00C1 for <[email protected]>; Fri, 16 Jul 2010 11:56:31 +0200 (CEST) Content-Type: multipart/report; report-type=delivery-status; boundary="----------=_1279274191-2222-0" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Subject: BANNED message from you (multipart/mixed | application/x-msdownload,.exe,.exe-ms,instmsia.exe) In-Reply-To: <[email protected]> Message-ID: <[email protected]> From: "Content-filter at server1.domain.tld" <[email protected]> To: <[email protected]> Date: Fri, 16 Jul 2010 11:56:29 +0200 (CEST) This is a multi-part message in MIME format... ------------=_1279274191-2222-0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit BANNED CONTENTS ALERT Our content checker found banned name: multipart/mixed | application/x-msdownload,.exe,.exe-ms,instmsia.exe in email presumably from you <[email protected]> to the following recipient: -> [email protected] Our internal reference code for your message is 02222-01/dL86sQc6hjc9 First upstream SMTP client IP address: [79.227.35.252] p4FE323FC.dip.t-dialin.net According to a 'Received:' trace, the message originated at: [79.227.35.252], [192.168.178.20] p4FE323FC.dip.t-dialin.net [79.227.35.252] Authenticated sender: [email protected] Return-Path: <[email protected]> Message-ID: <[email protected]> Subject: Fwd: testmail mit exe Delivery of the email was stopped! The message has been blocked because it contains a component (as a MIME part or nested within) with declared name or MIME type or contents type violating our access policy.
There are several options: 1) Set "banned files lover" to "yes" in the spamfilter policy settings and / or modify the amavisd.conf file to allow binary files in general. 2) Alternatively yreconfigure amavisd and postfix to bypass the scanner. Here are several examples: http://www200.pair.com/mecham/spam/bypassing.html
- Setting policies has no effect. - There is no such file as amavisd.conf, but a directory /etc/amavisd/conf.d (Debian Lenny) - I edited /etc/amavisd/conf.d/50-user and added these two lines, restartet amavis afterwards and still get banned: @bypass_banned_checks_maps = ( [qw( domain.de domain.com )] ); @banned_files_lovers_maps = ( [qw( domain.de domain.com )] ); I must admit the bypassing document confuses me more than it actually helps me. Maybe its still to hot here in Germany... Any suggestions as to why these changes did not have any effect? Thanks, Alex
Solved My opinion: ISPConfig mailbox-filter options are for email directed to client mailbox/domain (eg. from [email protected] to [email protected]), not for outgoing mails (from client to outside). The best way to allow our clients send exe's (and without touch options for received mailbox fiters) is to tell clients to use not 25 (smtpd) port in his MUA (eg. outlooks) but port 587 (submission). Submission port (587) is especially reserved for MUA to accept mail from users MUA, and that port are suggested to use rather that port 25 (for MTA). Read this RFC2476. If you client will use submission port you may very simply bypass some amavis functions. I do it in that way: 1. tell amavis that must listen on two ports not one. Code: #$inet_socket_port = 10024; # default listening socket $inet_socket_port = [10024, 10026]; # added 10026 2. tell amavis that port 10026 are for bypass some (in my conf bypass banned and bad header, but may spam control bypass too): Code: $interface_policy{'10026'} = 'SASLBYPASS'; $policy_bank{'SASLBYPASS'} = { # mail from submission and smtps ports originating => 1, # Since amavisd-new 2.5.0 # declare that mail was submitted by our smtp client # bypass_spam_checks_maps => [1], # don't spam-check this mail bypass_banned_checks_maps => [1], # don't banned-check this mail bypass_header_checks_maps => [1], # don't header-check this mail.. }; 3. tell postfix that mails from Submission port must go to amavis 10026 not default 10024 (/etc/postfix/master.cf): Code: submission inet n - - - - smtpd -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter=amavis:[127.0.0.1]:10026 (warning in some master.cf submission is in numeric as 587) Watch that in submission we accept ONLY sasl_authenticated (-o smtpd_client_restrictions=permit_sasl_authenticated,reject) You may do this coz this port are only for users, not for MTA. It's very important, because if we dont restricts this, spammers may use that port to bypass amavis rules. Of course you leave port 25 functionality as you have. WE dont touch port 25 configuration so you dont need to move all you clients MUA to 587 but only this one who needs to bypass bannedfiles filter. ps. you may bypass_spam_checks_maps for 587 too, authenticated users rather dont send spam (to speedup system) if you wish. Till- I think that configuration needs to be default in ISPconfig install, what do you think? (sorry for my bad-english )
The ISPConfig spam scanning options are intended for incoming and outgoing emails. What you did not take in account in your setup that most spam is sent by clients unintendedly because there desktop PC's have a virus. So scanning outgoing mail is intended as it protects the mail sdrvers of the ISP.Normal email sent by clients is not affected but if a client PC gets infected by a virus, the mailfilter system in ispconfig will protect the server from being banned by other ISP's for sending spam.
Till you dont read carefully my post. I dont propose to bypass spam or virus control. I only suggest how to bypass - banned files (mostly exe) - or bad headers So even hacked smtp accounts will be checked for spam/virus. For now client dont may send executables at all (even zip-archived), and doesn't have to possibility to change this in isp-panel (ispconfig controls only are for incoming emails!). It's hard to tell client that's for his safety. Eg. he may want to send to someone: drivers, self-extract archives with files... And he may has right because our ispconfig mail server has antivirus control (clam-av/amavis), so why dont enable send exe's in email? (once again: only for outgoing emails, and only for smtp-auth clients). think about it, plz. best regards
where would I edit the list of banned files? It looks like .pdf files are banned too :-( Running Debian Squeeze here. What good is this and how can I use it? Is this a generic info? The mail only contained a .pdf here is a sample that got stopped!
