Filename Restrictions Not working

Discussion:

James Nelson

2015-02-13 20:34:32 UTC

Hello,

I am having an issue where none of my filetype rules seem to be working. I can send a test message with something as clearly dangerous as a .bat or .scr file, and MailScanner allows it through regardless. My filetype.rules.conf and filename.rules.conf (and their archive counterparts) are in their default state, and my Mail.conf points to the rules files in %rules-dir% appropriate for each section. The rules files are tabbed properly, with a simple:
FromOrTo: default /etc/MailScanner/filename.rules.conf

No matter what I've tried, MailScanner still allows everything through, even if I explicitly deny a file type in Mail.conf (without using a ruleset).

Any suggestions?

Jeremy McSpadden

2015-02-13 20:51:06 UTC

Permalink

Show us your rules file.

--
Jeremy McSpadden
Flux Labs | http://www.fluxlabs.net<http://www.fluxlabs.net/> | Endless Solutions
Office : 850-250-5590x501<tel:850-250-5590;501> | Cell : 850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>

On Feb 13, 2015, at 2:45 PM, James Nelson <***@vgt.net<mailto:***@vgt.net>> wrote:

Hello,

I am having an issue where none of my filetype rules seem to be working. I can send a test message with something as clearly dangerous as a .bat or .scr file, and MailScanner allows it through regardless. My filetype.rules.conf and filename.rules.conf (and their archive counterparts) are in their default state, and my Mail.conf points to the rules files in %rules-dir% appropriate for each section. The rules files are tabbed properly, with a simple:
FromOrTo: default /etc/MailScanner/filename.rules.conf

No matter what I've tried, MailScanner still allows everything through, even if I explicitly deny a file type in Mail.conf (without using a ruleset).

Any suggestions?

--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

James Nelson

2015-02-13 21:54:02 UTC

Permalink

Additional details: Running on CentOS 6.6, MTA is Postfix. I've covered all of the settings in MailScanner.conf that seem to be pertinent-scanning is enabled, proper location for /usr/bin/file, which I can run against the files being allowed through, to the expected result. If I run a MailScanner -lint , I don't see any mention made of the attachment rules being read, but that may be by design.

filename.rules.conf

#
# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny/deny+delete/rename/rename to replacement-text/email-addresses,
# then regular expression,
# then log text,
# then user report text.
#
# The "email-addresses" can be a space or comma-separated list of email
# addresses. If the rule hits, the message will be sent to these address(es)
# instead of the original recipients.

# If a rule is a "rename" rule, then the attachment filename will be renamed
# according to the "Default Rename Pattern" setting in MailScanner.conf.
# If a rule is a "rename" rule and the "to replacement-text" is supplied, then
# the text matched by the regular expression in the 2nd field of the line
# will be replaced with the "replacement-text" string.
# For example, the rule
# rename to .ppt \.pps$ Renamed .pps to .ppt Renamed .pps to .ppt
# will find all filenames ending in ".pps" and rename them so they end in
# ".ppt" instead.

# Due to a bug in Outlook Express, you can make the 2nd from last extension
# be what is used to run the file. So very long filenames must be denied,
# regardless of the final extension.
deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages

# JKF 10/08/2007 Adobe Acrobat nastiness
rename \.fdf$ Dangerous Adobe Acrobat data-file Opening this file can cause auto-loading of any file from the internet

# JKF 04/01/2005 More Microsoft security vulnerabilities
deny \.ico$ Windows icon file security vulnerability Possible buffer overflow in Windows
deny \.ani$ Windows animated cursor file security vulnerability Possible buffer overflow in Windows
deny \.cur$ Windows cursor file security vulnerability Possible buffer overflow in Windows
#deny \.hlp$ Windows help file security vulnerability Possible buffer overflow in Windows

# These 4 are well known viruses.
deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus
deny happy99\.exe$ "Happy" virus "Happy" virus
deny \.ceo$ WinEvar virus attachment Often used by the WinEvar virus
deny webpage\.rar$ I-Worm.Yanker virus attachment Often used by the I-Worm.Yanker virus

# JKF 08/07/2005 Several virus scanners may miss this one
deny \.cab$ Possible malicious Microsoft cabinet file Cabinet files may hide viruses

# These are in the archives which are Microsoft Office 2007 files (e.g. docx)
allow \.xml\d*\.rel$ - -
allow \.x\d+\.rel$ - -
allow \.rtf$ - -

# These are known to be mostly harmless.
allow \.jpg$ - -
allow \.gif$ - -
# .url is arguably dangerous, but I can't just ban it...
allow \.url$ - -
allow \.vcf$ - -
allow \.txt$ - -
deny \.zip$ - -
allow \.t?gz$ - -
allow \.bz2$ - -
allow \.Z$ - -
allow \.rpm$ - -
# PGP and GPG
allow \.gpg$ - -
allow \.pgp$ - -
allow \.sig$ - -
allow \.asc$ - -
# Macintosh archives
allow \.hqx$ - -
allow \.sit.bin$ - -
allow \.sea$ - -
# Backup files
allow \.bak$ - -
# And TeX and LaTeX are harmless AFAIK
allow \.tex$ - -

# These are known to be dangerous in almost all cases.
deny \.reg$ Possible Windows registry attack Windows registry entries are very dangerous in email
deny \.chm$ Possible compiled Help file-based virus Compiled help files are very dangerous in email
# See http://office.microsoft.com/2000/articles/Out2ksecFAQ.htm for more info.
deny \.cnf$ Possible SpeedDial attack SpeedDials are very dangerous in email
deny \.hta$ Possible Microsoft HTML archive attack HTML archives are very dangerous in email
deny \.ins$ Possible Microsoft Internet Comm. Settings attack Windows Internet Settings are dangerous in email
deny \.jse?$ Possible Microsoft JScript attack JScript Scripts are dangerous in email
deny \.job$ Possible Microsoft Task Scheduler attack Task Scheduler requests are dangerous in email
deny \.lnk$ Possible Eudora *.lnk security hole attack Eudora *.lnk security hole attack
# Removed ".mat" from next line as widely used by Matlab
deny \.ma[dfgmqrsvw]$ Possible Microsoft Access Shortcut attack Microsoft Access Shortcuts are dangerous in email
deny \.pif$ Possible MS-Dos program shortcut attack Shortcuts to MS-Dos programs are very dangerous in email
deny \.scf$ Possible Windows Explorer Command attack Windows Explorer Commands are dangerous in email
deny \.sct$ Possible Microsoft Windows Script Component attack Windows Script Components are dangerous in email
deny \.shb$ Possible document shortcut attack Shortcuts Into Documents are very dangerous in email
deny \.shs$ Possible Shell Scrap Object attack Shell Scrap Objects are very dangerous in email
deny \.vb[es]$ Possible Microsoft Visual Basic script attack Visual Basic Scripts are dangerous in email
deny \.ws[cfh]$ Possible Microsoft Windows Script Host attack Windows Script Host files are dangerous in email
deny \.xnk$ Possible Microsoft Exchange Shortcut attack Microsoft Exchange Shortcuts are dangerous in email

# These are new dangerous attachment types according to Microsoft in
# http://support.microsoft.com/?kbid=883260
deny \.cer$ Dangerous Security Certificate (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.its$ Dangerous Internet Document Set (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.mau$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.md[az]$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.prf$ Dangerous Outlook Profile Settings (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.pst$ Dangerous Office Data File (according to Microsoft) Dangerous attachment according to Microsoft Q883260
#deny \.tmp$ Dangerous Temporary File (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.vsmacros$ Dangerous Visual Studio Macros (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.vs[stw]$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.ws$ Dangerous Windows Script (according to Microsoft) Dangerous attachment according to Microsoft Q883260

# These 2 added by popular demand - Very often used by viruses
deny \.com$ Windows/DOS Executable Executable DOS/Windows programs are dangerous in email
deny \.exe$ Windows/DOS Executable Executable DOS/Windows programs are dangerous in email

# These are very dangerous and have been used to hide viruses
deny \.scr$ Possible virus hidden in a screensaver Windows Screensavers are often used to hide viruses
deny \.bat$ Possible malicious batch file script Batch files are often malicious
deny \.cmd$ Possible malicious batch file script Batch files are often malicious
deny \.cpl$ Possible malicious control panel item Control panel items are often used to hide viruses
deny \.mhtml$ Possible Eudora meta-refresh attack MHTML files can be used in an attack against Eudora

# Deny filenames containing CLSID's
deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type

# Deny filenames with lots of contiguous white space in them.
deny \s{10,} Filename contains lots of white space A long gap in a name is often used to hide part of it

# Allow repeated file extension, e.g. blah.zip.zip
allow (\.[a-z0-9]{3})\1$ - -

# Allow days of the week and months in doc names, e.g. blah.wed.doc
allow \.(mon|tue|wed|thu|fri|sat|sun)\.[a-z0-9]{3}$ - -
allow \.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$ - -

# Deny all other double file extensions. This catches any hidden filenames.
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension

filetype.rules.conf:

#
# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny/deny+delete/email-addresses, then regular expression,
# then log text, then user report text.
#
# The "email-addresses" can be a space or comma-separated list of email
# addresses. If the rule hits, the message will be sent to these address(es)
# instead of the original recipients.
#
# If none of the rules match, then the filetype is allowed.
#
# An optional fifth field can also be added before the "log text", which
# makes the checked text check against the MIME type of the attachment
# as determined by the output of the "file -i" command.

allow text - -
allow \bscript - -
allow archive - -
allow postscript - -
deny self-extract No self-extracting archives No self-extracting archives allowed
deny executable No executables No programs allowed
#EXAMPLE: deny - x-dosexec No DOS executables No DOS programs alloweddeny ELF No executables No programs allowed
deny Registry No Windows Registry entries No Windows Registry files allowed

#deny MPEG No MPEG movies No MPEG movies allowed
#deny AVI No AVI movies No AVI movies allowed
#deny MNG No MNG/PNG movies No MNG movies allowed
#deny QuickTime No QuickTime movies No QuickTime movies allowed
#deny ASF No Windows media No Windows media files allowed
#deny metafont No Windows Metafont drawings No WMF drawings allowed

From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of James Nelson
Sent: Friday, February 13, 2015 2:35 PM
To: ***@lists.mailscanner.info
Subject: Filename Restrictions Not working

Hello,

I am having an issue where none of my filetype rules seem to be working. I can send a test message with something as clearly dangerous as a .bat or .scr file, and MailScanner allows it through regardless. My filetype.rules.conf and filename.rules.conf (and their archive counterparts) are in their default state, and my Mail.conf points to the rules files in %rules-dir% appropriate for each section. The rules files are tabbed properly, with a simple:
FromOrTo: default /etc/MailScanner/filename.rules.conf

No matter what I've tried, MailScanner still allows everything through, even if I explicitly deny a file type in Mail.conf (without using a ruleset).

Any suggestions?

Kevin Miller

2015-02-13 22:31:45 UTC

Permalink

Just a swag, but you've stopped the Postfix daemon and took it out of the startup config, right? I use sendmail, not Postfix (yet), but sometimes an upgrade would put sendmail back into the startup routines, and I'd have mail coming in via sendmail that bypasses MailScanner.

It may not be the case here, but easy enough to double-check...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of James Nelson
Sent: Friday, February 13, 2015 12:54 PM
To: MailScanner discussion
Subject: RE: Filename Restrictions Not working

Additional details: Running on CentOS 6.6, MTA is Postfix. I've covered all of the settings in MailScanner.conf that seem to be pertinent-scanning is enabled, proper location for /usr/bin/file, which I can run against the files being allowed through, to the expected result. If I run a MailScanner -lint , I don't see any mention made of the attachment rules being read, but that may be by design.

filename.rules.conf

#
# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny/deny+delete/rename/rename to replacement-text/email-addresses,
# then regular expression,
# then log text,
# then user report text.
#
# The "email-addresses" can be a space or comma-separated list of email
# addresses. If the rule hits, the message will be sent to these address(es)
# instead of the original recipients.

# If a rule is a "rename" rule, then the attachment filename will be renamed
# according to the "Default Rename Pattern" setting in MailScanner.conf.
# If a rule is a "rename" rule and the "to replacement-text" is supplied, then
# the text matched by the regular expression in the 2nd field of the line
# will be replaced with the "replacement-text" string.
# For example, the rule
# rename to .ppt \.pps$ Renamed .pps to .ppt Renamed .pps to .ppt
# will find all filenames ending in ".pps" and rename them so they end in
# ".ppt" instead.

# Due to a bug in Outlook Express, you can make the 2nd from last extension
# be what is used to run the file. So very long filenames must be denied,
# regardless of the final extension.
deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages

# JKF 10/08/2007 Adobe Acrobat nastiness
rename \.fdf$ Dangerous Adobe Acrobat data-file Opening this file can cause auto-loading of any file from the internet

# JKF 04/01/2005 More Microsoft security vulnerabilities
deny \.ico$ Windows icon file security vulnerability Possible buffer overflow in Windows
deny \.ani$ Windows animated cursor file security vulnerability Possible buffer overflow in Windows
deny \.cur$ Windows cursor file security vulnerability Possible buffer overflow in Windows
#deny \.hlp$ Windows help file security vulnerability Possible buffer overflow in Windows

# These 4 are well known viruses.
deny pretty\s+park\.exe$ "Pretty Park" virus "Pretty Park" virus
deny happy99\.exe$ "Happy" virus "Happy" virus
deny \.ceo$ WinEvar virus attachment Often used by the WinEvar virus
deny webpage\.rar$ I-Worm.Yanker virus attachment Often used by the I-Worm.Yanker virus

# JKF 08/07/2005 Several virus scanners may miss this one
deny \.cab$ Possible malicious Microsoft cabinet file Cabinet files may hide viruses

# These are in the archives which are Microsoft Office 2007 files (e.g. docx)
allow \.xml\d*\.rel$ - -
allow \.x\d+\.rel$ - -
allow \.rtf$ - -

# These are known to be mostly harmless.
allow \.jpg$ - -
allow \.gif$ - -
# .url is arguably dangerous, but I can't just ban it...
allow \.url$ - -
allow \.vcf$ - -
allow \.txt$ - -
deny \.zip$ - -
allow \.t?gz$ - -
allow \.bz2$ - -
allow \.Z$ - -
allow \.rpm$ - -
# PGP and GPG
allow \.gpg$ - -
allow \.pgp$ - -
allow \.sig$ - -
allow \.asc$ - -
# Macintosh archives
allow \.hqx$ - -
allow \.sit.bin$ - -
allow \.sea$ - -
# Backup files
allow \.bak$ - -
# And TeX and LaTeX are harmless AFAIK
allow \.tex$ - -

# These are known to be dangerous in almost all cases.
deny \.reg$ Possible Windows registry attack Windows registry entries are very dangerous in email
deny \.chm$ Possible compiled Help file-based virus Compiled help files are very dangerous in email
# See http://office.microsoft.com/2000/articles/Out2ksecFAQ.htm for more info.
deny \.cnf$ Possible SpeedDial attack SpeedDials are very dangerous in email
deny \.hta$ Possible Microsoft HTML archive attack HTML archives are very dangerous in email
deny \.ins$ Possible Microsoft Internet Comm. Settings attack Windows Internet Settings are dangerous in email
deny \.jse?$ Possible Microsoft JScript attack JScript Scripts are dangerous in email
deny \.job$ Possible Microsoft Task Scheduler attack Task Scheduler requests are dangerous in email
deny \.lnk$ Possible Eudora *.lnk security hole attack Eudora *.lnk security hole attack
# Removed ".mat" from next line as widely used by Matlab
deny \.ma[dfgmqrsvw]$ Possible Microsoft Access Shortcut attack Microsoft Access Shortcuts are dangerous in email
deny \.pif$ Possible MS-Dos program shortcut attack Shortcuts to MS-Dos programs are very dangerous in email
deny \.scf$ Possible Windows Explorer Command attack Windows Explorer Commands are dangerous in email
deny \.sct$ Possible Microsoft Windows Script Component attack Windows Script Components are dangerous in email
deny \.shb$ Possible document shortcut attack Shortcuts Into Documents are very dangerous in email
deny \.shs$ Possible Shell Scrap Object attack Shell Scrap Objects are very dangerous in email
deny \.vb[es]$ Possible Microsoft Visual Basic script attack Visual Basic Scripts are dangerous in email
deny \.ws[cfh]$ Possible Microsoft Windows Script Host attack Windows Script Host files are dangerous in email
deny \.xnk$ Possible Microsoft Exchange Shortcut attack Microsoft Exchange Shortcuts are dangerous in email

# These are new dangerous attachment types according to Microsoft in
# http://support.microsoft.com/?kbid=883260
deny \.cer$ Dangerous Security Certificate (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.its$ Dangerous Internet Document Set (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.mau$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.md[az]$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.prf$ Dangerous Outlook Profile Settings (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.pst$ Dangerous Office Data File (according to Microsoft) Dangerous attachment according to Microsoft Q883260
#deny \.tmp$ Dangerous Temporary File (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.vsmacros$ Dangerous Visual Studio Macros (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.vs[stw]$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.ws$ Dangerous Windows Script (according to Microsoft) Dangerous attachment according to Microsoft Q883260

# These 2 added by popular demand - Very often used by viruses
deny \.com$ Windows/DOS Executable Executable DOS/Windows programs are dangerous in email
deny \.exe$ Windows/DOS Executable Executable DOS/Windows programs are dangerous in email

# These are very dangerous and have been used to hide viruses
deny \.scr$ Possible virus hidden in a screensaver Windows Screensavers are often used to hide viruses
deny \.bat$ Possible malicious batch file script Batch files are often malicious
deny \.cmd$ Possible malicious batch file script Batch files are often malicious
deny \.cpl$ Possible malicious control panel item Control panel items are often used to hide viruses
deny \.mhtml$ Possible Eudora meta-refresh attack MHTML files can be used in an attack against Eudora

# Deny filenames containing CLSID's
deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type

# Deny filenames with lots of contiguous white space in them.
deny \s{10,} Filename contains lots of white space A long gap in a name is often used to hide part of it

# Allow repeated file extension, e.g. blah.zip.zip
allow (\.[a-z0-9]{3})\1$ - -

# Allow days of the week and months in doc names, e.g. blah.wed.doc
allow \.(mon|tue|wed|thu|fri|sat|sun)\.[a-z0-9]{3}$ - -
allow \.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$ - -

# Deny all other double file extensions. This catches any hidden filenames.
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension

filetype.rules.conf:

#
# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny/deny+delete/email-addresses, then regular expression,
# then log text, then user report text.
#
# The "email-addresses" can be a space or comma-separated list of email
# addresses. If the rule hits, the message will be sent to these address(es)
# instead of the original recipients.
#
# If none of the rules match, then the filetype is allowed.
#
# An optional fifth field can also be added before the "log text", which
# makes the checked text check against the MIME type of the attachment
# as determined by the output of the "file -i" command.

allow text - -
allow \bscript - -
allow archive - -
allow postscript - -
deny self-extract No self-extracting archives No self-extracting archives allowed
deny executable No executables No programs allowed
#EXAMPLE: deny - x-dosexec No DOS executables No DOS programs alloweddeny ELF No executables No programs allowed
deny Registry No Windows Registry entries No Windows Registry files allowed

#deny MPEG No MPEG movies No MPEG movies allowed
#deny AVI No AVI movies No AVI movies allowed
#deny MNG No MNG/PNG movies No MNG movies allowed
#deny QuickTime No QuickTime movies No QuickTime movies allowed
#deny ASF No Windows media No Windows media files allowed
#deny metafont No Windows Metafont drawings No WMF drawings allowed

From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of James Nelson
Sent: Friday, February 13, 2015 2:35 PM
To: ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
Subject: Filename Restrictions Not working

Hello,

I am having an issue where none of my filetype rules seem to be working. I can send a test message with something as clearly dangerous as a .bat or .scr file, and MailScanner allows it through regardless. My filetype.rules.conf and filename.rules.conf (and their archive counterparts) are in their default state, and my Mail.conf points to the rules files in %rules-dir% appropriate for each section. The rules files are tabbed properly, with a simple:
FromOrTo: default /etc/MailScanner/filename.rules.conf

No matter what I've tried, MailScanner still allows everything through, even if I explicitly deny a file type in Mail.conf (without using a ruleset).

Any suggestions?

James Nelson

2015-02-16 21:39:34 UTC

Permalink

Hi Kevin,

I am running Postfix and all other MTAs are disabled. I can see the message in my mail log, and can view the details in MailWatch, so I know it's traversing MailScanner as expected, it's just behaving as if it's not taking any action or inspection on file names or types.

I'm thoroughly stumped.

Kevin Miller

2015-02-17 18:27:31 UTC

Permalink

Do you have a filename.rules or filetype.rules in the mix?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of James Nelson
Sent: Monday, February 16, 2015 12:40 PM
To: MailScanner discussion
Subject: RE: Filename Restrictions Not working

Hi Kevin,

I am running Postfix and all other MTAs are disabled. I can see the message in my mail log, and can view the details in MailWatch, so I know it's traversing MailScanner as expected, it's just behaving as if it's not taking any action or inspection on file names or types.

I'm thoroughly stumped.

James Nelson

2015-02-17 21:33:36 UTC

Permalink

Hi Kevin,

I've tried with linking directly to filename.rules.conf, I've tried using a filename.rules that points FromOrTo: default \etc\MailScanner\filename.rules.conf , but neither approach is working.

What's especially odd is if explicitly define a blocked file type...say, \.exe$ directly in MailScanner.conf, even THAT doesn't work.

Kevin Miller

2015-02-17 23:02:00 UTC

Permalink

So I'm thinking maybe it's a permissions issue? If you put a file in the temp dir that MailScanner uses (probably /var/spool/MailScanner/incoming) and then try to scan that as the user that your MailScanner is running as, does it return a proper response? What are the permissions on that directory?

Does virus scanning work as advertised if you send an eicar "infected" file?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of James Nelson
Sent: Tuesday, February 17, 2015 12:34 PM
To: MailScanner discussion
Subject: RE: Filename Restrictions Not working

Hi Kevin,

I've tried with linking directly to filename.rules.conf, I've tried using a filename.rules that points FromOrTo: default \etc\MailScanner\filename.rules.conf , but neither approach is working.

What's especially odd is if explicitly define a blocked file type...say, \.exe$ directly in MailScanner.conf, even THAT doesn't work.

Kevin Miller

2015-02-17 23:02:29 UTC

Permalink

Also, is there anything in your mail log or syslog that may point to the issue?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of James Nelson
Sent: Tuesday, February 17, 2015 12:34 PM
To: MailScanner discussion
Subject: RE: Filename Restrictions Not working

Hi Kevin,

I've tried with linking directly to filename.rules.conf, I've tried using a filename.rules that points FromOrTo: default \etc\MailScanner\filename.rules.conf , but neither approach is working.

What's especially odd is if explicitly define a blocked file type...say, \.exe$ directly in MailScanner.conf, even THAT doesn't work.

Alex Neuman

2015-02-17 23:04:48 UTC

Permalink

On Tue, Feb 17, 2015 at 4:33 PM, James Nelson <***@vgt.net> wrote:

> \etc\MailScanner\filename.rules.conf

You're using backslashes on filenames?
\etc\MailScanner\filename.rules.conf
?

*Alex Neuman van der Hans*
Reliant Technologies / Vida Digital
http://vidadigital.com.pa/

Mobile: +507 6781-9505
Work: +507 832-6725 <http://+5078326725/>
Work (USA): +1 (440) 253-9789
Skype: AlexNeuman

Don't miss Vida Digital on LiveStream
<http://new.livestream.com/accounts/5061819>!
Saturdays 8am-10am on MÃ¡xima 91.7FM Panama

Follow *@AlexNeuman <https://twitter.com/alexneuman>* on Twitter
Like Vida Digital <https://facebook.com/vidadigital/> on Facebook
Follow VidaDigital <http://instagram.com/vidadigital> on Instagram
Subscribe to Vida Digital <https://youtube.com/reliantpty> on Youtube

Denis Beauchemin

2015-02-18 13:44:21 UTC

Permalink

Agreed : you should use forward slashes â/â in all MS config files whenever you want to refer to a file path. And Iâm also pretty sure you canât put âallow/denyâ filetypes rules directly in MailScanner.conf.

Have you tried âMailScanner --lintâ? If so, donât you have any errors?

Denis

De : mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] De la part de James Nelson
EnvoyÃ© : 17 fÃ©vrier 2015 16:40
Ã : MailScanner discussion
Objet : RE: Filename Restrictions Not working

Hi Kevin,

Iâve tried with linking directly to filename.rules.conf, Iâve tried using a filename.rules that points FromOrTo: default \etc\MailScanner\filename.rules.conf , but neither approach is working.

Whatâs especially odd is if explicitly define a blocked file typeâŠsay, \.exe$ directly in MailScanner.conf, even THAT doesnât work.

Glenn Steen

2015-02-18 14:53:29 UTC

Permalink

Have you checked that there are headers in the delivered mails that
indicate that MailScanner has been involved? If not, especially with
some MTAs (like Postfix), it seems like you've gogofed your install a
bit and there is still a "non-MS-aware MTA" running, which would just
deliver/relay any mails....

Further... When you've fixed your typos (the back-forwardslash thing
for example), do as Denis says and try a lint run. If that works, then
do a debug run:
shut down MailScanner, then as the Run As user run:
MailScanner --debug
<generate some mail traffic, and let the debug run process the batch)...
Check output for errors...

Cheers
--
-- Glenn

On 18 February 2015 at 14:44, Denis Beauchemin
<***@usherbrooke.ca> wrote:
> Agreed : you should use forward slashes “/” in all MS config files whenever
> you want to refer to a file path. And I’m also pretty sure you can’t put
> “allow/deny” filetypes rules directly in MailScanner.conf.
>
>
>
> Have you tried “MailScanner --lint”? If so, don’t you have any errors?
>
>
>
> Denis
>
>
>
>
>
> De : mailscanner-***@lists.mailscanner.info
> [mailto:mailscanner-***@lists.mailscanner.info] De la part de James
> Nelson
> Envoyé : 17 février 2015 16:40
> À : MailScanner discussion
> Objet : RE: Filename Restrictions Not working
>
>
>
> Hi Kevin,
>
>
>
> I’ve tried with linking directly to filename.rules.conf, I’ve tried using a
> filename.rules that points FromOrTo: default
> \etc\MailScanner\filename.rules.conf , but neither approach is working.
>
>
>
> What’s especially odd is if explicitly define a blocked file type…say,
> \.exe$ directly in MailScanner.conf, even THAT doesn’t work.
>
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the w

James Nelson

2015-02-18 22:42:45 UTC

Permalink

Hey Kevin\Alex\Denis\Glenn,

Sorry, the slash direction was a typo as a result of responding on my phone. They are forward slashes in the actual files.

Kevin—Yes, virus scanning works. I’ve sent the EICAR file as a test, and additionally its caught legitimate viruses since installation. I see the entries in the maillog for virus\spam scanning, but no mention of file scanning…no error there or in the system log.

Denis- I’ve mostly been trying to make rulesets work for these purposes, but I did try explicitly defining the restrictions as a troubleshooting measure. The information in the mailscanner.conf file seems to indicate that this is supported:

# To simplify web-based configuration systems, there are now two extra
# settings here. They are both intended for use with normal rulesets
# that you would expect to find in %rules-dir%. The first gives a list
# of patterns to match against the attachment filenames, and a filename
# is allowed if it matches any of these patterns. The second gives the
# the equivalent list for patterns that are used to deny filenames.
# If either of these match at all, then filename.rules.conf is ignored
# for that filename.
# So you can easily have a set like this:
# Allow Filenames = \.txt$ \.pdf$
# Deny Filenames = \.com$ \.exe$ \.cpl$ \.pif$

Glenn—I have verified that MailScanner is processing these messages. We’ve had it in place for a few months, and the SpamAssassin\ClamAV components are processing and catching mail as expected. I can see all of MailScanner\SpamAssassin’s header info, and it states that it’s processed by postfix, as I Would expect.

I’ve run Mailscann –-lint and MailScanner --debug with no errors detected, but here’s the results anyway:

Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Read 876 hostnames from the phishing whitelist
Read 5890 hostnames from the phishing blacklists
Config: calling custom init function MailWatchLogging
Started SQL Logging child

Checking version numbers...
Version number in MailScanner.conf (4.84.6) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to (89)
MailScanner setting UID to (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function MailWatchLogging

And debug log, using an external account I sent myself a ZIP file, which should be blocked. The only thing I noticed where it even seemed to be looking at a file was this:

16:31:07 Feb 18 16:31:07.790 [5557] dbg: message: ---- MIME PARSER START ----
16:31:07 Feb 18 16:31:07.790 [5557] dbg: message: parsing multipart, got boundary: 047d7bdc131a7ef13b050f645fc3
16:31:07 Feb 18 16:31:07.790 [5557] dbg: message: found part of type multipart/alternative, boundary: 047d7bdc131a7ef134050f645fc1
16:31:07 Feb 18 16:31:07.790 [5557] dbg: message: added part, type: multipart/alternative
16:31:07 Feb 18 16:31:07.791 [5557] dbg: message: found part of type application/zip, boundary: 047d7bdc131a7ef13b050f645fc3
16:31:07 Feb 18 16:31:07.791 [5557] dbg: message: added part, type: application/zip
16:31:07 Feb 18 16:31:07.791 [5557] dbg: message: parsing multipart, got boundary: 047d7bdc131a7ef134050f645fc1
16:31:07 Feb 18 16:31:07.791 [5557] dbg: message: found part of type text/plain, boundary: 047d7bdc131a7ef134050f645fc1
16:31:07 Feb 18 16:31:07.791 [5557] dbg: message: added part, type: text/plain
16:31:07 Feb 18 16:31:07.791 [5557] dbg: message: found part of type text/html, boundary: 047d7bdc131a7ef134050f645fc1
16:31:07 Feb 18 16:31:07.792 [5557] dbg: message: added part, type: text/html
16:31:07 Feb 18 16:31:07.792 [5557] dbg: message: parsing normal part
16:31:07 Feb 18 16:31:07.792 [5557] dbg: message: parsing normal part
16:31:07 Feb 18 16:31:07.792 [5557] dbg: message: parsing normal part
16:31:07 Feb 18 16:31:07.792 [5557] dbg: message: ---- MIME PARSER END ----

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Glenn Steen
Sent: Wednesday, February 18, 2015 8:53 AM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Have you checked that there are headers in the delivered mails that indicate that MailScanner has been involved? If not, especially with some MTAs (like Postfix), it seems like you've gogofed your install a bit and there is still a "non-MS-aware MTA" running, which would just deliver/relay any mails....

Further... When you've fixed your typos (the back-forwardslash thing for example), do as Denis says and try a lint run. If that works, then do a debug run:
shut down MailScanner, then as the Run As user run:
MailScanner --debug
<generate some mail traffic, and let the debug run process the batch)...
Check output for errors...

Cheers
--
-- Glenn

On 18 February 2015 at 14:44, Denis Beauchemin <***@usherbrooke.ca> wrote:
> Agreed : you should use forward slashes “/” in all MS config files
> whenever you want to refer to a file path. And I’m also pretty sure
> you can’t put “allow/deny” filetypes rules directly in MailScanner.conf.
>
>
>
> Have you tried “MailScanner --lint”? If so, don’t you have any errors?
>
>
>
> Denis
>
>
>
>
>
> De : mailscanner-***@lists.mailscanner.info
> [mailto:mailscanner-***@lists.mailscanner.info] De la part de
> James Nelson Envoyé : 17 février 2015 16:40 À : MailScanner discussion
> Objet : RE: Filename Restrictions Not working
>
>
>
> Hi Kevin,
>
>
>
> I’ve tried with linking directly to filename.rules.conf, I’ve tried using a
> filename.rules that points FromOrTo: default
> \etc\MailScanner\filename.rules.conf , but neither approach is working.
>
>
>
> What’s especially odd is if explicitly define a blocked file type…say,
> \.exe$ directly in MailScanner.conf, even THAT doesn’t work.
>
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support M

Kevin Miller

2015-02-19 00:21:11 UTC

Permalink

Do you have filename.rules and filetype.rules files or did you edit MailScanner.conf?

Here's my filename/type rules. They're the default. I presume they match yours.

/etc/MailScanner # cat filename.rules
From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf

/etc/MailScanner # cat filetype.rules
From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filetype.rules.conf

/etc/MailScanner # cat filename.rules.allowall.conf
allow .* - -

A while back I was having an issue where an Office365 Word doc was getting flagged as an executable and blocked. I tried using the "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. The notes in there said that I'd have to an entry for both name and type. I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I". (I was trying to allow .dat files with a four character name composed of hexadecimal characters. Specifically 0000.dat but not limited to it.) The notes said the exception would have to match both rules to pass. It didn't. It had the odd effect of letting any .exe file through regardless of the name.

Have you tried reverting the filename.rules and filetype.rules back to the stock setting and mucking around in filename.rules.conf or filetype.rules.conf instead?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

James Nelson

2015-02-19 14:47:11 UTC

Permalink

Hi Kevin,

I never touched the filename\type rules or their associated line items in MailScanner.conf until I realized it wasn't working, so they have failed in both a virgin state and in a "test" state, trying various configurations that I've seen work for other people. I'm not defining anything as an allowed filetype, so that shouldn't be tripping me up I don't think.

This front-ends an Exchange system, and if I can't get it working I could use Exchange transport rules to disallow these filetypes, I just hate to do that because it puts processing back on my backend production mail system, as well as losing the ability to search within the contents of an archived file. I don't want to have to put a blanket block on zip files as in the old days, I would much rather leverage MailScanner's ability to block only those that contain malicious filetypes.

"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Wednesday, February 18, 2015 6:21 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Do you have filename.rules and filetype.rules files or did you edit MailScanner.conf?

Here's my filename/type rules. They're the default. I presume they match yours.

/etc/MailScanner # cat filename.rules
From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf

/etc/MailScanner # cat filetype.rules
From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filetype.rules.conf

/etc/MailScanner # cat filename.rules.allowall.conf
allow .* - -

A while back I was having an issue where an Office365 Word doc was getting flagged as an executable and blocked. I tried using the "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. The notes in there said that I'd have to an entry for both name and type. I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I". (I was trying to allow .dat files with a four character name composed of hexadecimal characters. Specifically 0000.dat but not limited to it.) The notes said the exception would have to match both rules to pass. It didn't. It had the odd effect of letting any .exe file through regardless of the name.

Have you tried reverting the filename.rules and filetype.rules back to the stock setting and mucking around in filename.rules.conf or filetype.rules.conf instead?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

James Nelson

2015-02-19 21:12:00 UTC

Permalink

One thing of note...maybe, maybe not...is that when I run MailScanner --lint , I notice this:

Filename Checks: Windows/DOS Executable (1 eicar.com)
Filetype Checks: Allowing 1 eicar.com (no match found)

If my filename\type checks were working, shouldn't it be denying that type, given that I have excecutables configured (as default) to deny in my filetype.rules.conf?

"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Wednesday, February 18, 2015 6:21 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Do you have filename.rules and filetype.rules files or did you edit MailScanner.conf?

Here's my filename/type rules. They're the default. I presume they match yours.

/etc/MailScanner # cat filename.rules
From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf

/etc/MailScanner # cat filetype.rules
From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filetype.rules.conf

/etc/MailScanner # cat filename.rules.allowall.conf
allow .* - -

A while back I was having an issue where an Office365 Word doc was getting flagged as an executable and blocked. I tried using the "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. The notes in there said that I'd have to an entry for both name and type. I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I". (I was trying to allow .dat files with a four character name composed of hexadecimal characters. Specifically 0000.dat but not limited to it.) The notes said the exception would have to match both rules to pass. It didn't. It had the odd effect of letting any .exe file through regardless of the name.

Have you tried reverting the filename.rules and filetype.rules back to the stock setting and mucking around in filename.rules.conf or filetype.rules.conf instead?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Kevin Miller

2015-02-19 21:31:06 UTC

Permalink

Eicar is a virus test signature. It should be caught by your virus scanner. It should also be denied by filetype checks. If it gets that far. I don't recall which happens first, virus checking or spam checking. I think filename/type checking would fall under the spam check umbrella...

Refresh our memory, what distro and version are you running? What version of file do you have?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Thursday, February 19, 2015 12:12 PM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> One thing of note...maybe, maybe not...is that when I run MailScanner --
> lint , I notice this:
>
> Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks:
> Allowing 1 eicar.com (no match found)
>
> If my filename\type checks were working, shouldn't it be denying that
> type, given that I have excecutables configured (as default) to deny in
> my filetype.rules.conf?
>
>
>
> "a rockpile ceases to be a rockpile the moment a single man contemplates
> it, bearing within him the image of a cathedral."
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Wednesday, February 18, 2015 6:21 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Do you have filename.rules and filetype.rules files or did you edit
> MailScanner.conf?
>
> Here's my filename/type rules. They're the default. I presume they
> match yours.
>
> /etc/MailScanner # cat filename.rules
> From: 127.0.0.1
> /etc/MailScanner/filename.rules.allowall.conf
> FromOrTo: default /etc/MailScanner/filename.rules.conf
>
> /etc/MailScanner # cat filetype.rules
> From: 127.0.0.1
> /etc/MailScanner/filetype.rules.allowall.conf
> FromOrTo: default /etc/MailScanner/filetype.rules.conf
>
> /etc/MailScanner # cat filename.rules.allowall.conf
> allow .* - -
>
> A while back I was having an issue where an Office365 Word doc was
> getting flagged as an executable and blocked. I tried using the "Allow
> Filenames" and "Allow Filetypes" in MailScanner.conf. The notes in
> there said that I'd have to an entry for both name and type. I set
> "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I".
> (I was trying to allow .dat files with a four character name composed of
> hexadecimal characters. Specifically 0000.dat but not limited to it.)
> The notes said the exception would have to match both rules to pass. It
> didn't. It had the odd effect of letting any .exe file through
> regardless of the name.
>
> Have you tried reverting the filename.rules and filetype.rules back to
> the stock setting and mucking around in filename.rules.conf or
> filetype.rules.conf instead?
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

James Nelson

2015-02-19 22:09:26 UTC

Permalink

Right, and clamd is detecting that successfully, but as noted in the earlier message, it is being inspected via the File check, detected as an executable, and then "allowed." If it's not working at that level in a test scenario, I'm probably hopeless for it to work on anything else :)

MailScanner is version 4.84.6, Centos 6.6, file is version 5.04

"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Thursday, February 19, 2015 3:31 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Eicar is a virus test signature. It should be caught by your virus scanner. It should also be denied by filetype checks. If it gets that far. I don't recall which happens first, virus checking or spam checking. I think filename/type checking would fall under the spam check umbrella...

Refresh our memory, what distro and version are you running? What version of file do you have?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Thursday, February 19, 2015 12:12 PM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> One thing of note...maybe, maybe not...is that when I run MailScanner
> -- lint , I notice this:
>
> Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks:
> Allowing 1 eicar.com (no match found)
>
> If my filename\type checks were working, shouldn't it be denying that
> type, given that I have excecutables configured (as default) to deny
> in my filetype.rules.conf?
>
>
>
> "a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral."
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Wednesday, February 18, 2015 6:21 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Do you have filename.rules and filetype.rules files or did you edit
> MailScanner.conf?
>
> Here's my filename/type rules. They're the default. I presume they
> match yours.
>
> /etc/MailScanner # cat filename.rules
> From: 127.0.0.1
> /etc/MailScanner/filename.rules.allowall.conf
> FromOrTo: default /etc/MailScanner/filename.rules.conf
>
> /etc/MailScanner # cat filetype.rules
> From: 127.0.0.1
> /etc/MailScanner/filetype.rules.allowall.conf
> FromOrTo: default /etc/MailScanner/filetype.rules.conf
>
> /etc/MailScanner # cat filename.rules.allowall.conf
> allow .* - -
>
> A while back I was having an issue where an Office365 Word doc was
> getting flagged as an executable and blocked. I tried using the
> "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. The
> notes in there said that I'd have to an entry for both name and type.
> I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I".
> (I was trying to allow .dat files with a four character name composed
> of hexadecimal characters. Specifically 0000.dat but not limited to
> it.) The notes said the exception would have to match both rules to
> pass. It didn't. It had the odd effect of letting any .exe file
> through regardless of the name.
>
> Have you tried reverting the filename.rules and filetype.rules back to
> the stock setting and mucking around in filename.rules.conf or
> filetype.rules.conf instead?
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Kevin Miller

2015-02-20 01:19:34 UTC

Permalink

Hmmm. If it's not a production server I'd say wipe it and reinstall from scratch at this point.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Thursday, February 19, 2015 1:09 PM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Right, and clamd is detecting that successfully, but as noted in the
> earlier message, it is being inspected via the File check, detected as
> an executable, and then "allowed." If it's not working at that level in
> a test scenario, I'm probably hopeless for it to work on anything else
> :)
>
> MailScanner is version 4.84.6, Centos 6.6, file is version 5.04
>
> "a rockpile ceases to be a rockpile the moment a single man contemplates
> it, bearing within him the image of a cathedral."
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Thursday, February 19, 2015 3:31 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Eicar is a virus test signature. It should be caught by your virus
> scanner. It should also be denied by filetype checks. If it gets that
> far. I don't recall which happens first, virus checking or spam
> checking. I think filename/type checking would fall under the spam
> check umbrella...
>
> Refresh our memory, what distro and version are you running? What
> version of file do you have?
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> > ***@lists.mailscanner.info] On Behalf Of James Nelson
> > Sent: Thursday, February 19, 2015 12:12 PM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > One thing of note...maybe, maybe not...is that when I run MailScanner
> > -- lint , I notice this:
> >
> > Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks:
> > Allowing 1 eicar.com (no match found)
> >
> > If my filename\type checks were working, shouldn't it be denying that
> > type, given that I have excecutables configured (as default) to deny
> > in my filetype.rules.conf?
> >
> >
> >
> > "a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral."
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> > ***@lists.mailscanner.info] On Behalf Of Kevin Miller
> > Sent: Wednesday, February 18, 2015 6:21 PM
> > To: 'MailScanner discussion'
> > Subject: RE: Filename Restrictions Not working
> >
> > Do you have filename.rules and filetype.rules files or did you edit
> > MailScanner.conf?
> >
> > Here's my filename/type rules. They're the default. I presume they
> > match yours.
> >
> > /etc/MailScanner # cat filename.rules
> > From: 127.0.0.1
> > /etc/MailScanner/filename.rules.allowall.conf
> > FromOrTo: default /etc/MailScanner/filename.rules.conf
> >
> > /etc/MailScanner # cat filetype.rules
> > From: 127.0.0.1
> > /etc/MailScanner/filetype.rules.allowall.conf
> > FromOrTo: default /etc/MailScanner/filetype.rules.conf
> >
> > /etc/MailScanner # cat filename.rules.allowall.conf
> > allow .* - -
> >
> > A while back I was having an issue where an Office365 Word doc was
> > getting flagged as an executable and blocked. I tried using the
> > "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. The
> > notes in there said that I'd have to an entry for both name and type.
> > I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-
> f]{4}\.dat$/I".
> > (I was trying to allow .dat files with a four character name composed
> > of hexadecimal characters. Specifically 0000.dat but not limited to
> > it.) The notes said the exception would have to match both rules to
> > pass. It didn't. It had the odd effect of letting any .exe file
> > through regardless of the name.
> >
> > Have you tried reverting the filename.rules and filetype.rules back to
> > the stock setting and mucking around in filename.rules.conf or
> > filetype.rules.conf instead?
> >
> > ...Kevin
> > --
> > Kevin Miller
> > Network/email Administrator, CBJ MIS Dept.
> > 155 South Seward Street
> > Juneau, Alaska 99801
> > Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> > 307357
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Scott B. Anderson

2015-02-20 02:12:49 UTC

Permalink

FWIW - I've been running 4.84.3 on both a Fedora custom source build derivative (long story, can't get stock kernels to see the software based reiserfs boot volume) and a current unbuntu server LTS. Both catch eicar and sent two notifications - depends on your notification settings. I use a ruleset to send virus, spam and file denies to people in my domain but the default is to turn it off. If you were getting a ton of undeliverable emails you might have turned one of the notifications off rather than using a domain based ruleset, you might have disabled other notifications as well.

I am eagerly awaiting the new release to be considered Beta instead of Alpha in tar (not rpm or deb) form before going further.

Scott

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Thursday, February 19, 2015 7:20 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Hmmm. If it's not a production server I'd say wipe it and reinstall from scratch at this point.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Thursday, February 19, 2015 1:09 PM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Right, and clamd is detecting that successfully, but as noted in the
> earlier message, it is being inspected via the File check, detected as
> an executable, and then "allowed." If it's not working at that level
> in a test scenario, I'm probably hopeless for it to work on anything
> else
> :)
>
> MailScanner is version 4.84.6, Centos 6.6, file is version 5.04
>
> "a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral."
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Thursday, February 19, 2015 3:31 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Eicar is a virus test signature. It should be caught by your virus
> scanner. It should also be denied by filetype checks. If it gets
> that far. I don't recall which happens first, virus checking or spam
> checking. I think filename/type checking would fall under the spam
> check umbrella...
>
> Refresh our memory, what distro and version are you running? What
> version of file do you have?
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info
> > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
> > James Nelson
> > Sent: Thursday, February 19, 2015 12:12 PM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > One thing of note...maybe, maybe not...is that when I run
> > MailScanner
> > -- lint , I notice this:
> >
> > Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks:
> > Allowing 1 eicar.com (no match found)
> >
> > If my filename\type checks were working, shouldn't it be denying
> > that type, given that I have excecutables configured (as default) to
> > deny in my filetype.rules.conf?
> >
> >
> >
> > "a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral."
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info
> > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
> > Kevin Miller
> > Sent: Wednesday, February 18, 2015 6:21 PM
> > To: 'MailScanner discussion'
> > Subject: RE: Filename Restrictions Not working
> >
> > Do you have filename.rules and filetype.rules files or did you edit
> > MailScanner.conf?
> >
> > Here's my filename/type rules. They're the default. I presume they
> > match yours.
> >
> > /etc/MailScanner # cat filename.rules
> > From: 127.0.0.1
> > /etc/MailScanner/filename.rules.allowall.conf
> > FromOrTo: default /etc/MailScanner/filename.rules.conf
> >
> > /etc/MailScanner # cat filetype.rules
> > From: 127.0.0.1
> > /etc/MailScanner/filetype.rules.allowall.conf
> > FromOrTo: default /etc/MailScanner/filetype.rules.conf
> >
> > /etc/MailScanner # cat filename.rules.allowall.conf
> > allow .* - -
> >
> > A while back I was having an issue where an Office365 Word doc was
> > getting flagged as an executable and blocked. I tried using the
> > "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. The
> > notes in there said that I'd have to an entry for both name and type.
> > I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-
> f]{4}\.dat$/I".
> > (I was trying to allow .dat files with a four character name
> > composed of hexadecimal characters. Specifically 0000.dat but not
> > limited to
> > it.) The notes said the exception would have to match both rules to
> > pass. It didn't. It had the odd effect of letting any .exe file
> > through regardless of the name.
> >
> > Have you tried reverting the filename.rules and filetype.rules back
> > to the stock setting and mucking around in filename.rules.conf or
> > filetype.rules.conf instead?
> >
> > ...Kevin
> > --
> > Kevin Miller
> > Network/email Administrator, CBJ MIS Dept.
> > 155 South Seward Street
> > Juneau, Alaska 99801
> > Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> > 307357
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
...

--
Rely On Us.
ImproMed LLC
--

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

James Nelson

2015-02-21 07:29:26 UTC

Permalink

Sigh, built a brand new MailScanner box from scratch...once again, everything works except filename checking. The only thing I changed was to disallow zip files(just changed allow to deny in filenames.rules.conf) and it still lets it all through.

It just doesn't seem to want to work, with no errors to shed any light.
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Jerry Benton

2015-02-21 11:53:43 UTC

Permalink

I’m not pimping my product, but I would suggest you install a Mailborder server for a comparison test. Check to see if it is working correctly (the Mailborder server) and compare the configs on the Mailborder server to yours. This will at least eliminate the Mailscanner configuration variable from the equation.

-
Jerry Benton
www.mailborder.com

> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net> wrote:
>
> Sigh, built a brand new MailScanner box from scratch...once again, everything works except filename checking. The only thing I changed was to disallow zip files(just changed allow to deny in filenames.rules.conf) and it still lets it all through.
>
> It just doesn't seem to want to work, with no errors to shed any light.
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book of

James Nelson

2015-02-22 21:33:46 UTC

Permalink

I will try that tomorrow...i'm about out of other ideas.

I suppose I could also try the new MS beta, just to throw something else at the wall...

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Saturday, February 21, 2015 5:54 AM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

I’m not pimping my product, but I would suggest you install a Mailborder server for a comparison test. Check to see if it is working correctly (the Mailborder server) and compare the configs on the Mailborder server to yours. This will at least eliminate the Mailscanner configuration variable from the equation.

-
Jerry Benton
www.mailborder.com

> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net> wrote:
>
> Sigh, built a brand new MailScanner box from scratch...once again, everything works except filename checking. The only thing I changed was to disallow zip files(just changed allow to deny in filenames.rules.conf) and it still lets it all through.
>
> It just doesn't seem to want to work, with no errors to shed any light.
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the websi

Jerry Benton

2015-02-22 22:11:22 UTC

Permalink

Its not beta anymore. (The RPM package.)

-
Jerry Benton
www.mailborder.com

> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net> wrote:
>
> I will try that tomorrow...i'm about out of other ideas.
>
> I suppose I could also try the new MS beta, just to throw something else at the wall...
>
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Saturday, February 21, 2015 5:54 AM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> I’m not pimping my product, but I would suggest you install a Mailborder server for a comparison test. Check to see if it is working correctly (the Mailborder server) and compare the configs on the Mailborder server to yours. This will at least eliminate the Mailscanner configuration variable from the equation.
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net> wrote:
>>
>> Sigh, built a brand new MailScanner box from scratch...once again, everything works except filename checking. The only thing I changed was to disallow zip files(just changed allow to deny in filenames.rules.conf) and it still lets it all through.
>>
>> It just doesn't seem to want to work, with no errors to shed any light.
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website

James Nelson

2015-02-23 18:26:05 UTC

Permalink

Well, an interesting update...

I changed up my approach, and pointed the Deny Filenames = in MailScanner.conf to %rules-dir%/filename_deny.rules , which is as follows:

To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$ \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,} \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$

When running MailScanner --lint now, it DOES detect eicar.com as a blocked filetype. However, it's still allowing blocked filetypes through ?

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Sunday, February 22, 2015 4:11 PM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Its not beta anymore. (The RPM package.)

-
Jerry Benton
www.mailborder.com

> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net> wrote:
>
> I will try that tomorrow...i'm about out of other ideas.
>
> I suppose I could also try the new MS beta, just to throw something else at the wall...
>
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Saturday, February 21, 2015 5:54 AM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> I’m not pimping my product, but I would suggest you install a Mailborder server for a comparison test. Check to see if it is working correctly (the Mailborder server) and compare the configs on the Mailborder server to yours. This will at least eliminate the Mailscanner configuration variable from the equation.
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net> wrote:
>>
>> Sigh, built a brand new MailScanner box from scratch...once again, everything works except filename checking. The only thing I changed was to disallow zip files(just changed allow to deny in filenames.rules.conf) and it still lets it all through.
>>
>> It just doesn't seem to want to work, with no errors to shed any light.
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScann

Kevin Miller

2015-02-23 18:49:48 UTC

Permalink

Maybe you could post your MailScanner.conf to pastebin. I'm guessing something in there is wonky.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Monday, February 23, 2015 9:26 AM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Well, an interesting update...
>
> I changed up my approach, and pointed the Deny Filenames = in
> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> follows:
>
> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ \.sct$
> \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ \.mau$ \.md[az]$
> \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$ \.com$ \.exe$ \.scr$
> \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,} \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-
> 9]{3}$
>
> When running MailScanner --lint now, it DOES detect eicar.com as a
> blocked filetype. However, it's still allowing blocked filetypes
> through ?
>
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates
> it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Sunday, February 22, 2015 4:11 PM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Its not beta anymore. (The RPM package.)
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
> > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
> wrote:
> >
> > I will try that tomorrow...i'm about out of other ideas.
> >
> > I suppose I could also try the new MS beta, just to throw something
> else at the wall...
> >
> >
> >
> >
> > “a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral.”
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
> > Sent: Saturday, February 21, 2015 5:54 AM
> > To: MailScanner discussion
> > Subject: Re: Filename Restrictions Not working
> >
> > I’m not pimping my product, but I would suggest you install a
> Mailborder server for a comparison test. Check to see if it is working
> correctly (the Mailborder server) and compare the configs on the
> Mailborder server to yours. This will at least eliminate the Mailscanner
> configuration variable from the equation.
> >
> > -
> > Jerry Benton
> > www.mailborder.com
> >
> >
> >
> >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
> wrote:
> >>
> >> Sigh, built a brand new MailScanner box from scratch...once again,
> everything works except filename checking. The only thing I changed was
> to disallow zip files(just changed allow to deny in
> filenames.rules.conf) and it still lets it all through.
> >>
> >> It just doesn't seem to want to work, with no errors to shed any
> light.
> >> --
> >> MailScanner mailing list
> >> ***@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the w

James Nelson

2015-02-23 19:51:56 UTC

Permalink

Kevin,

Here's my complete MailScanner.conf:

http://pastebin.com/ci9dz8iL

Jerry:

I changed default to *@* this morning in the course of my, "did that work? No, okay, how about this," but the result was the same regardless.

I'm not applying any configuration via conf.d at the moment...if I were to do that, would it supersede anything in MailScanner.conf?

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Monday, February 23, 2015 12:50 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Maybe you could post your MailScanner.conf to pastebin. I'm guessing something in there is wonky.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Monday, February 23, 2015 9:26 AM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Well, an interesting update...
>
> I changed up my approach, and pointed the Deny Filenames = in
> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> follows:
>
> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ \.sct$
> \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ \.mau$
> \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$ \.com$
> \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>
> When running MailScanner --lint now, it DOES detect eicar.com as a
> blocked filetype. However, it's still allowing blocked filetypes
> through ?
>
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Sunday, February 22, 2015 4:11 PM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Its not beta anymore. (The RPM package.)
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
> > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
> wrote:
> >
> > I will try that tomorrow...i'm about out of other ideas.
> >
> > I suppose I could also try the new MS beta, just to throw something
> else at the wall...
> >
> >
> >
> >
> > “a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral.”
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info
> > [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
> > Sent: Saturday, February 21, 2015 5:54 AM
> > To: MailScanner discussion
> > Subject: Re: Filename Restrictions Not working
> >
> > I’m not pimping my product, but I would suggest you install a
> Mailborder server for a comparison test. Check to see if it is working
> correctly (the Mailborder server) and compare the configs on the
> Mailborder server to yours. This will at least eliminate the
> Mailscanner configuration variable from the equation.
> >
> > -
> > Jerry Benton
> > www.mailborder.com
> >
> >
> >
> >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
> wrote:
> >>
> >> Sigh, built a brand new MailScanner box from scratch...once again,
> everything works except filename checking. The only thing I changed
> was to disallow zip files(just changed allow to deny in
> filenames.rules.conf) and it still lets it all through.
> >>
> >> It just doesn't seem to want to work, with no errors to shed any
> light.
> >> --
> >> MailScanner mailing list
> >> ***@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner d

Kevin Miller

2015-02-23 20:19:58 UTC

Permalink

It said this "This is a private paste. If you created this paste, please login to view it." I couldn't see it.

If there's anything that needs to be munged (like your watermark), just edit that before posting and make it a public post.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Monday, February 23, 2015 10:52 AM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Kevin,
>
> Here's my complete MailScanner.conf:
>
> http://pastebin.com/ci9dz8iL
>
> Jerry:
>
> I changed default to *@* this morning in the course of my, "did that
> work? No, okay, how about this," but the result was the same regardless.
>
> I'm not applying any configuration via conf.d at the moment...if I were
> to do that, would it supersede anything in MailScanner.conf?
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates
> it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 12:50 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Maybe you could post your MailScanner.conf to pastebin. I'm guessing
> something in there is wonky.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> > ***@lists.mailscanner.info] On Behalf Of James Nelson
> > Sent: Monday, February 23, 2015 9:26 AM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > Well, an interesting update...
> >
> > I changed up my approach, and pointed the Deny Filenames = in
> > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> > follows:
> >
> > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
> > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ \.sct$
> > \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ \.mau$
> > \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$ \.com$
> > \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
> > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
> >
> > When running MailScanner --lint now, it DOES detect eicar.com as a
> > blocked filetype. However, it's still allowing blocked filetypes
> > through ?
> >
> >
> >
> >
> > “a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.”
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> > ***@lists.mailscanner.info] On Behalf Of Jerry Benton
> > Sent: Sunday, February 22, 2015 4:11 PM
> > To: MailScanner discussion
> > Subject: Re: Filename Restrictions Not working
> >
> > Its not beta anymore. (The RPM package.)
> >
> > -
> > Jerry Benton
> > www.mailborder.com
> >
> >
> >
> > > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
> > wrote:
> > >
> > > I will try that tomorrow...i'm about out of other ideas.
> > >
> > > I suppose I could also try the new MS beta, just to throw something
> > else at the wall...
> > >
> > >
> > >
> > >
> > > “a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.”
> > >
> > >
> > > -----Original Message-----
> > > From: mailscanner-***@lists.mailscanner.info
> > > [mailto:mailscanner-
> > ***@lists.mailscanner.info] On Behalf Of Jerry Benton
> > > Sent: Saturday, February 21, 2015 5:54 AM
> > > To: MailScanner discussion
> > > Subject: Re: Filename Restrictions Not working
> > >
> > > I’m not pimping my product, but I would suggest you install a
> > Mailborder server for a comparison test. Check to see if it is working
> > correctly (the Mailborder server) and compare the configs on the
> > Mailborder server to yours. This will at least eliminate the
> > Mailscanner configuration variable from the equation.
> > >
> > > -
> > > Jerry Benton
> > > www.mailborder.com
> > >
> > >
> > >
> > >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
> > wrote:
> > >>
> > >> Sigh, built a brand new MailScanner box from scratch...once again,
> > everything works except filename checking. The only thing I changed
> > was to disallow zip files(just changed allow to deny in
> > filenames.rules.conf) and it still lets it all through.
> > >>
> > >> It just doesn't seem to want to work, with no errors to shed any
> > light.
> > >> --
> > >> MailScanner mailing list
> > >> ***@lists.mailscanner.info
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > >
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off

James Nelson

2015-02-23 20:37:58 UTC

Permalink

Sorry about that, I thought I set it to public. Try again :).

Jerry, I'm building a Mailborder server now to test.

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Monday, February 23, 2015 2:20 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

It said this "This is a private paste. If you created this paste, please login to view it." I couldn't see it.

If there's anything that needs to be munged (like your watermark), just edit that before posting and make it a public post.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of James Nelson
> Sent: Monday, February 23, 2015 10:52 AM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Kevin,
>
> Here's my complete MailScanner.conf:
>
> http://pastebin.com/ci9dz8iL
>
> Jerry:
>
> I changed default to *@* this morning in the course of my, "did that
> work? No, okay, how about this," but the result was the same regardless.
>
> I'm not applying any configuration via conf.d at the moment...if I
> were to do that, would it supersede anything in MailScanner.conf?
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> ***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 12:50 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Maybe you could post your MailScanner.conf to pastebin. I'm guessing
> something in there is wonky.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info
> > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
> > James Nelson
> > Sent: Monday, February 23, 2015 9:26 AM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > Well, an interesting update...
> >
> > I changed up my approach, and pointed the Deny Filenames = in
> > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> > follows:
> >
> > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
> > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
> > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
> > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
> > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
> > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
> >
> > When running MailScanner --lint now, it DOES detect eicar.com as a
> > blocked filetype. However, it's still allowing blocked filetypes
> > through ?
> >
> >
> >
> >
> > “a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.”
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info
> > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
> > Jerry Benton
> > Sent: Sunday, February 22, 2015 4:11 PM
> > To: MailScanner discussion
> > Subject: Re: Filename Restrictions Not working
> >
> > Its not beta anymore. (The RPM package.)
> >
> > -
> > Jerry Benton
> > www.mailborder.com
> >
> >
> >
> > > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
> > wrote:
> > >
> > > I will try that tomorrow...i'm about out of other ideas.
> > >
> > > I suppose I could also try the new MS beta, just to throw
> > > something
> > else at the wall...
> > >
> > >
> > >
> > >
> > > “a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.”
> > >
> > >
> > > -----Original Message-----
> > > From: mailscanner-***@lists.mailscanner.info
> > > [mailto:mailscanner-
> > ***@lists.mailscanner.info] On Behalf Of Jerry Benton
> > > Sent: Saturday, February 21, 2015 5:54 AM
> > > To: MailScanner discussion
> > > Subject: Re: Filename Restrictions Not working
> > >
> > > I’m not pimping my product, but I would suggest you install a
> > Mailborder server for a comparison test. Check to see if it is
> > working correctly (the Mailborder server) and compare the configs on
> > the Mailborder server to yours. This will at least eliminate the
> > Mailscanner configuration variable from the equation.
> > >
> > > -
> > > Jerry Benton
> > > www.mailborder.com
> > >
> > >
> > >
> > >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
> > wrote:
> > >>
> > >> Sigh, built a brand new MailScanner box from scratch...once
> > >> again,
> > everything works except filename checking. The only thing I changed
> > was to disallow zip files(just changed allow to deny in
> > filenames.rules.conf) and it still lets it all through.
> > >>
> > >> It just doesn't seem to want to work, with no errors to shed any
> > light.
> > >> --
> > >> MailScanner mailing list
> > >> ***@lists.mailscanner.info
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > >
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailS

Jerry Benton

2015-02-23 21:25:45 UTC

Permalink

Yeah I saw. I created you a 30 day commercial license so you can unlock more stuff for testing. Just download the new license file and replace your /mailborder/license.php.

-
Jerry Benton
www.mailborder.com

> On Feb 23, 2015, at 3:37 PM, James Nelson <***@vgt.net> wrote:
>
>
> Sorry about that, I thought I set it to public. Try again :).
>
> Jerry, I'm building a Mailborder server now to test.
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 2:20 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> It said this "This is a private paste. If you created this paste, please login to view it." I couldn't see it.
>
> If there's anything that needs to be munged (like your watermark), just edit that before posting and make it a public post.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
>
>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
>> ***@lists.mailscanner.info] On Behalf Of James Nelson
>> Sent: Monday, February 23, 2015 10:52 AM
>> To: MailScanner discussion
>> Subject: RE: Filename Restrictions Not working
>>
>> Kevin,
>>
>> Here's my complete MailScanner.conf:
>>
>> http://pastebin.com/ci9dz8iL
>>
>> Jerry:
>>
>> I changed default to *@* this morning in the course of my, "did that
>> work? No, okay, how about this," but the result was the same regardless.
>>
>> I'm not applying any configuration via conf.d at the moment...if I
>> were to do that, would it supersede anything in MailScanner.conf?
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man
>> contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
>> ***@lists.mailscanner.info] On Behalf Of Kevin Miller
>> Sent: Monday, February 23, 2015 12:50 PM
>> To: 'MailScanner discussion'
>> Subject: RE: Filename Restrictions Not working
>>
>> Maybe you could post your MailScanner.conf to pastebin. I'm guessing
>> something in there is wonky.
>>
>> ...Kevin
>> --
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> 307357
>>
>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>> James Nelson
>>> Sent: Monday, February 23, 2015 9:26 AM
>>> To: MailScanner discussion
>>> Subject: RE: Filename Restrictions Not working
>>>
>>> Well, an interesting update...
>>>
>>> I changed up my approach, and pointed the Deny Filenames = in
>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>>> follows:
>>>
>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
>>> \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>
>>> When running MailScanner --lint now, it DOES detect eicar.com as a
>>> blocked filetype. However, it's still allowing blocked filetypes
>>> through ?
>>>
>>>
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man
>>> contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>> Jerry Benton
>>> Sent: Sunday, February 22, 2015 4:11 PM
>>> To: MailScanner discussion
>>> Subject: Re: Filename Restrictions Not working
>>>
>>> Its not beta anymore. (The RPM package.)
>>>
>>> -
>>> Jerry Benton
>>> www.mailborder.com
>>>
>>>
>>>
>>>> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
>>> wrote:
>>>>
>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>
>>>> I suppose I could also try the new MS beta, just to throw
>>>> something
>>> else at the wall...
>>>>
>>>>
>>>>
>>>>
>>>> “a rockpile ceases to be a rockpile the moment a single man
>>> contemplates it, bearing within him the image of a cathedral.”
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner-
>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>> To: MailScanner discussion
>>>> Subject: Re: Filename Restrictions Not working
>>>>
>>>> I’m not pimping my product, but I would suggest you install a
>>> Mailborder server for a comparison test. Check to see if it is
>>> working correctly (the Mailborder server) and compare the configs on
>>> the Mailborder server to yours. This will at least eliminate the
>>> Mailscanner configuration variable from the equation.
>>>>
>>>> -
>>>> Jerry Benton
>>>> www.mailborder.com
>>>>
>>>>
>>>>
>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
>>> wrote:
>>>>>
>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>> again,
>>> everything works except filename checking. The only thing I changed
>>> was to disallow zip files(just changed allow to deny in
>>> filenames.rules.conf) and it still lets it all through.
>>>>>
>>>>> It just doesn't seem to want to work, with no errors to shed any
>>> light.
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development -

Glenn Steen

2015-02-24 09:18:03 UTC

Permalink

I see you have run as user/group set to postfix/apache... When you've done
your lint and debug runs, did you do them as postfix user or root?
My guess is that the rule file for filenames might not be readable to the
postfix user.

Cheers!
--
-- Glenn
Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:

>
> Sorry about that, I thought I set it to public. Try again :).
>
> Jerry, I'm building a Mailborder server now to test.
>
>
> âa rockpile ceases to be a rockpile the moment a single man contemplates
> it, bearing within him the image of a cathedral.â
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:
> mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 2:20 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> It said this "This is a private paste. If you created this paste, please
> login to view it." I couldn't see it.
>
> If there's anything that needs to be munged (like your watermark), just
> edit that before posting and make it a public post.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> > ***@lists.mailscanner.info] On Behalf Of James Nelson
> > Sent: Monday, February 23, 2015 10:52 AM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > Kevin,
> >
> > Here's my complete MailScanner.conf:
> >
> > http://pastebin.com/ci9dz8iL
> >
> > Jerry:
> >
> > I changed default to *@* this morning in the course of my, "did that
> > work? No, okay, how about this," but the result was the same regardless.
> >
> > I'm not applying any configuration via conf.d at the moment...if I
> > were to do that, would it supersede anything in MailScanner.conf?
> >
> >
> >
> > âa rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.â
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
> > ***@lists.mailscanner.info] On Behalf Of Kevin Miller
> > Sent: Monday, February 23, 2015 12:50 PM
> > To: 'MailScanner discussion'
> > Subject: RE: Filename Restrictions Not working
> >
> > Maybe you could post your MailScanner.conf to pastebin. I'm guessing
> > something in there is wonky.
> >
> > ...Kevin
> > --
> > Kevin Miller
> > Network/email Administrator, CBJ MIS Dept.
> > 155 South Seward Street
> > Juneau, Alaska 99801
> > Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
> > 307357
> >
> >
> > > -----Original Message-----
> > > From: mailscanner-***@lists.mailscanner.info
> > > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
> > > James Nelson
> > > Sent: Monday, February 23, 2015 9:26 AM
> > > To: MailScanner discussion
> > > Subject: RE: Filename Restrictions Not working
> > >
> > > Well, an interesting update...
> > >
> > > I changed up my approach, and pointed the Deny Filenames = in
> > > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> > > follows:
> > >
> > > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
> \.chm$
> > > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
> > > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
> > > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
> > > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
> > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
> > >
> > > When running MailScanner --lint now, it DOES detect eicar.com as a
> > > blocked filetype. However, it's still allowing blocked filetypes
> > > through ?
> > >
> > >
> > >
> > >
> > > âa rockpile ceases to be a rockpile the moment a single man
> > > contemplates it, bearing within him the image of a cathedral.â
> > >
> > >
> > > -----Original Message-----
> > > From: mailscanner-***@lists.mailscanner.info
> > > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
> > > Jerry Benton
> > > Sent: Sunday, February 22, 2015 4:11 PM
> > > To: MailScanner discussion
> > > Subject: Re: Filename Restrictions Not working
> > >
> > > Its not beta anymore. (The RPM package.)
> > >
> > > -
> > > Jerry Benton
> > > www.mailborder.com
> > >
> > >
> > >
> > > > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
> > > wrote:
> > > >
> > > > I will try that tomorrow...i'm about out of other ideas.
> > > >
> > > > I suppose I could also try the new MS beta, just to throw
> > > > something
> > > else at the wall...
> > > >
> > > >
> > > >
> > > >
> > > > âa rockpile ceases to be a rockpile the moment a single man
> > > contemplates it, bearing within him the image of a cathedral.â
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: mailscanner-***@lists.mailscanner.info
> > > > [mailto:mailscanner-
> > > ***@lists.mailscanner.info] On Behalf Of Jerry Benton
> > > > Sent: Saturday, February 21, 2015 5:54 AM
> > > > To: MailScanner discussion
> > > > Subject: Re: Filename Restrictions Not working
> > > >
> > > > Iâm not pimping my product, but I would suggest you install a
> > > Mailborder server for a comparison test. Check to see if it is
> > > working correctly (the Mailborder server) and compare the configs on
> > > the Mailborder server to yours. This will at least eliminate the
> > > Mailscanner configuration variable from the equation.
> > > >
> > > > -
> > > > Jerry Benton
> > > > www.mailborder.com
> > > >
> > > >
> > > >
> > > >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
> > > wrote:
> > > >>
> > > >> Sigh, built a brand new MailScanner box from scratch...once
> > > >> again,
> > > everything works except filename checking. The only thing I changed
> > > was to disallow zip files(just changed allow to deny in
> > > filenames.rules.conf) and it still lets it all through.
> > > >>
> > > >> It just doesn't seem to want to work, with no errors to shed any
> > > light.
> > > >> --
> > > >> MailScanner mailing list
> > > >> ***@lists.mailscanner.info
> > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > >>
> > > >> Before posting, read http://wiki.mailscanner.info/posting
> > > >>
> > > >> Support MailScanner development - buy the book off the website!
> > > >
> > > > --
> > > > MailScanner mailing list
> > > > ***@lists.mailscanner.info
> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > >
> > > > Before posting, read http://wiki.mailscanner.info/posting
> > > >
> > > > Support MailScanner development - buy the book off the website!
> > > > --
> > > > MailScanner mailing list
> > > > ***@lists.mailscanner.info
> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > >
> > > > Before posting, read http://wiki.mailscanner.info/posting
> > > >
> > > > Support MailScanner development - buy the book off the website!
> > >
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

Jason Ede

2015-02-24 09:44:04 UTC

Permalink

Shouldnât MailScanner âlint pick up permission problems such as that? I thought it still ran that as the correct user.

Jason

From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Glenn Steen
Sent: 24 February 2015 09:18
To: MailScanner discussion
Subject: RE: Filename Restrictions Not working

I see you have run as user/group set to postfix/apache... When you've done your lint and debug runs, did you do them as postfix user or root?
My guess is that the rule file for filenames might not be readable to the postfix user.

Cheers!
--
-- Glenn
Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net<mailto:***@vgt.net>>:

Sorry about that, I thought I set it to public. Try again :).

Jerry, I'm building a Mailborder server now to test.

âa rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.â

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>] On Behalf Of Kevin Miller
Sent: Monday, February 23, 2015 2:20 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

It said this "This is a private paste. If you created this paste, please login to view it." I couldn't see it.

If there's anything that needs to be munged (like your watermark), just edit that before posting and make it a public post.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500> Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-<mailto:mailscanner->
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of James Nelson
> Sent: Monday, February 23, 2015 10:52 AM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Kevin,
>
> Here's my complete MailScanner.conf:
>
> http://pastebin.com/ci9dz8iL
>
> Jerry:
>
> I changed default to *@* this morning in the course of my, "did that
> work? No, okay, how about this," but the result was the same regardless.
>
> I'm not applying any configuration via conf.d at the moment...if I
> were to do that, would it supersede anything in MailScanner.conf?
>
>
>
> âa rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral.â
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-<mailto:mailscanner->
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 12:50 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Maybe you could post your MailScanner.conf to pastebin. I'm guessing
> something in there is wonky.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500> Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > [mailto:mailscanner-<mailto:mailscanner-> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of
> > James Nelson
> > Sent: Monday, February 23, 2015 9:26 AM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > Well, an interesting update...
> >
> > I changed up my approach, and pointed the Deny Filenames = in
> > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> > follows:
> >
> > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
> > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
> > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
> > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
> > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
> > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
> >
> > When running MailScanner --lint now, it DOES detect eicar.com<http://eicar.com> as a
> > blocked filetype. However, it's still allowing blocked filetypes
> > through ?
> >
> >
> >
> >
> > âa rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.â
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > [mailto:mailscanner-<mailto:mailscanner-> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of
> > Jerry Benton
> > Sent: Sunday, February 22, 2015 4:11 PM
> > To: MailScanner discussion
> > Subject: Re: Filename Restrictions Not working
> >
> > Its not beta anymore. (The RPM package.)
> >
> > -
> > Jerry Benton
> > www.mailborder.com<http://www.mailborder.com>
> >
> >
> >
> > > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net<mailto:***@vgt.net>>
> > wrote:
> > >
> > > I will try that tomorrow...i'm about out of other ideas.
> > >
> > > I suppose I could also try the new MS beta, just to throw
> > > something
> > else at the wall...
> > >
> > >
> > >
> > >
> > > âa rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.â
> > >
> > >
> > > -----Original Message-----
> > > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > > [mailto:mailscanner-<mailto:mailscanner->
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of Jerry Benton
> > > Sent: Saturday, February 21, 2015 5:54 AM
> > > To: MailScanner discussion
> > > Subject: Re: Filename Restrictions Not working
> > >
> > > Iâm not pimping my product, but I would suggest you install a
> > Mailborder server for a comparison test. Check to see if it is
> > working correctly (the Mailborder server) and compare the configs on
> > the Mailborder server to yours. This will at least eliminate the
> > Mailscanner configuration variable from the equation.
> > >
> > > -
> > > Jerry Benton
> > > www.mailborder.com<http://www.mailborder.com>
> > >
> > >
> > >
> > >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net<mailto:***@vgt.net>>
> > wrote:
> > >>
> > >> Sigh, built a brand new MailScanner box from scratch...once
> > >> again,
> > everything works except filename checking. The only thing I changed
> > was to disallow zip files(just changed allow to deny in
> > filenames.rules.conf) and it still lets it all through.
> > >>
> > >> It just doesn't seem to want to work, with no errors to shed any
> > light.
> > >> --
> > >> MailScanner mailing list
> > >> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > >
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Glenn Steen

2015-02-24 15:39:33 UTC

Permalink

Sure, for lint at least. But it is, when coming to Postfix, always
good to doublechack that permissions pertaining to the postfix user
actually work, as the postfix user. Maybe wasn't that clear:-)

Cheers
--
-- Glenn

On 24 February 2015 at 10:44, Jason Ede <***@birchenallhowden.co.uk> wrote:
> Shouldn’t MailScanner –lint pick up permission problems such as that? I
> thought it still ran that as the correct user.
>
>
>
> Jason
>
>
>
> From: mailscanner-***@lists.mailscanner.info
> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: 24 February 2015 09:18
>
>
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
>
>
> I see you have run as user/group set to postfix/apache... When you've done
> your lint and debug runs, did you do them as postfix user or root?
> My guess is that the rule file for filenames might not be readable to the
> postfix user.
>
> Cheers!
> --
> -- Glenn
>
> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>
>
> Sorry about that, I thought I set it to public. Try again :).
>
> Jerry, I'm building a Mailborder server now to test.
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it,
> bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info
> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin
> Miller
> Sent: Monday, February 23, 2015 2:20 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> It said this "This is a private paste. If you created this paste, please
> login to view it." I couldn't see it.
>
> If there's anything that needs to be munged (like your watermark), just edit
> that before posting and make it a public post.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
>
>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
>> ***@lists.mailscanner.info] On Behalf Of James Nelson
>> Sent: Monday, February 23, 2015 10:52 AM
>> To: MailScanner discussion
>> Subject: RE: Filename Restrictions Not working
>>
>> Kevin,
>>
>> Here's my complete MailScanner.conf:
>>
>> http://pastebin.com/ci9dz8iL
>>
>> Jerry:
>>
>> I changed default to *@* this morning in the course of my, "did that
>> work? No, okay, how about this," but the result was the same regardless.
>>
>> I'm not applying any configuration via conf.d at the moment...if I
>> were to do that, would it supersede anything in MailScanner.conf?
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man
>> contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
>> ***@lists.mailscanner.info] On Behalf Of Kevin Miller
>> Sent: Monday, February 23, 2015 12:50 PM
>> To: 'MailScanner discussion'
>> Subject: RE: Filename Restrictions Not working
>>
>> Maybe you could post your MailScanner.conf to pastebin. I'm guessing
>> something in there is wonky.
>>
>> ...Kevin
>> --
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> 307357
>>
>>
>> > -----Original Message-----
>> > From: mailscanner-***@lists.mailscanner.info
>> > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>> > James Nelson
>> > Sent: Monday, February 23, 2015 9:26 AM
>> > To: MailScanner discussion
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Well, an interesting update...
>> >
>> > I changed up my approach, and pointed the Deny Filenames = in
>> > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>> > follows:
>> >
>> > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>> > \.chm$
>> > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>> > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>> > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
>> > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>> > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>> >
>> > When running MailScanner --lint now, it DOES detect eicar.com as a
>> > blocked filetype. However, it's still allowing blocked filetypes
>> > through ?
>> >
>> >
>> >
>> >
>> > “a rockpile ceases to be a rockpile the moment a single man
>> > contemplates it, bearing within him the image of a cathedral.”
>> >
>> >
>> > -----Original Message-----
>> > From: mailscanner-***@lists.mailscanner.info
>> > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>> > Jerry Benton
>> > Sent: Sunday, February 22, 2015 4:11 PM
>> > To: MailScanner discussion
>> > Subject: Re: Filename Restrictions Not working
>> >
>> > Its not beta anymore. (The RPM package.)
>> >
>> > -
>> > Jerry Benton
>> > www.mailborder.com
>> >
>> >
>> >
>> > > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
>> > wrote:
>> > >
>> > > I will try that tomorrow...i'm about out of other ideas.
>> > >
>> > > I suppose I could also try the new MS beta, just to throw
>> > > something
>> > else at the wall...
>> > >
>> > >
>> > >
>> > >
>> > > “a rockpile ceases to be a rockpile the moment a single man
>> > contemplates it, bearing within him the image of a cathedral.”
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: mailscanner-***@lists.mailscanner.info
>> > > [mailto:mailscanner-
>> > ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>> > > Sent: Saturday, February 21, 2015 5:54 AM
>> > > To: MailScanner discussion
>> > > Subject: Re: Filename Restrictions Not working
>> > >
>> > > I’m not pimping my product, but I would suggest you install a
>> > Mailborder server for a comparison test. Check to see if it is
>> > working correctly (the Mailborder server) and compare the configs on
>> > the Mailborder server to yours. This will at least eliminate the
>> > Mailscanner configuration variable from the equation.
>> > >
>> > > -
>> > > Jerry Benton
>> > > www.mailborder.com
>> > >
>> > >
>> > >
>> > >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
>> > wrote:
>> > >>
>> > >> Sigh, built a brand new MailScanner box from scratch...once
>> > >> again,
>> > everything works except filename checking. The only thing I changed
>> > was to disallow zip files(just changed allow to deny in
>> > filenames.rules.conf) and it still lets it all through.
>> > >>
>> > >> It just doesn't seem to want to work, with no errors to shed any
>> > light.
>> > >> --
>> > >> MailScanner mailing list
>> > >> ***@lists.mailscanner.info
>> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >>
>> > >> Before posting, read http://wiki.mailscanner.info/posting
>> > >>
>> > >> Support MailScanner development - buy the book off the website!
>> > >
>> > > --
>> > > MailScanner mailing list
>> > > ***@lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > > --
>> > > MailScanner mailing list
>> > > ***@lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> >
>> > --
>> > MailScanner mailing list
>> > ***@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > ***@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book o

James Nelson

2015-02-24 13:22:48 UTC

Permalink

Hi Glenn, I ran --lint as postfix and it does detect eicar.com<http://eicar.com> as a blocked filetype, it just doesn't do anything about it during mail scanning. I had the thought that my rules files had permissions problems, but I made them readable for everyone just to be sure.

I have the group as Apache as part of the configuration for MailWatch.

On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com<mailto:***@gmail.com>> wrote:

I see you have run as user/group set to postfix/apache... When you've done your lint and debug runs, did you do them as postfix user or root?
My guess is that the rule file for filenames might not be readable to the postfix user.

Cheers!
--
-- Glenn

Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net<mailto:***@vgt.net>>:

Sorry about that, I thought I set it to public. Try again :).

Jerry, I'm building a Mailborder server now to test.

a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>] On Behalf Of Kevin Miller
Sent: Monday, February 23, 2015 2:20 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

It said this "This is a private paste. If you created this paste, please login to view it." I couldn't see it.

If there's anything that needs to be munged (like your watermark), just edit that before posting and make it a public post.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500> Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-<mailto:mailscanner->
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of James Nelson
> Sent: Monday, February 23, 2015 10:52 AM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Kevin,
>
> Here's my complete MailScanner.conf:
>
> http://pastebin.com/ci9dz8iL
>
> Jerry:
>
> I changed default to *@* this morning in the course of my, "did that
> work? No, okay, how about this," but the result was the same regardless.
>
> I'm not applying any configuration via conf.d at the moment...if I
> were to do that, would it supersede anything in MailScanner.conf?
>
>
>
> a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral.
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-<mailto:mailscanner->
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 12:50 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Maybe you could post your MailScanner.conf to pastebin. I'm guessing
> something in there is wonky.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500> Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > [mailto:mailscanner-<mailto:mailscanner-> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of
> > James Nelson
> > Sent: Monday, February 23, 2015 9:26 AM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > Well, an interesting update...
> >
> > I changed up my approach, and pointed the Deny Filenames = in
> > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> > follows:
> >
> > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
> > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
> > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
> > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
> > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
> > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
> >
> > When running MailScanner --lint now, it DOES detect eicar.com<http://eicar.com> as a
> > blocked filetype. However, it's still allowing blocked filetypes
> > through ?
> >
> >
> >
> >
> > a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > [mailto:mailscanner-<mailto:mailscanner-> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of
> > Jerry Benton
> > Sent: Sunday, February 22, 2015 4:11 PM
> > To: MailScanner discussion
> > Subject: Re: Filename Restrictions Not working
> >
> > Its not beta anymore. (The RPM package.)
> >
> > -
> > Jerry Benton
> > www.mailborder.com<http://www.mailborder.com>
> >
> >
> >
> > > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net<mailto:***@vgt.net>>
> > wrote:
> > >
> > > I will try that tomorrow...i'm about out of other ideas.
> > >
> > > I suppose I could also try the new MS beta, just to throw
> > > something
> > else at the wall...
> > >
> > >
> > >
> > >
> > > a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral.
> > >
> > >
> > > -----Original Message-----
> > > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > > [mailto:mailscanner-<mailto:mailscanner->
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of Jerry Benton
> > > Sent: Saturday, February 21, 2015 5:54 AM
> > > To: MailScanner discussion
> > > Subject: Re: Filename Restrictions Not working
> > >
> > > Im not pimping my product, but I would suggest you install a
> > Mailborder server for a comparison test. Check to see if it is
> > working correctly (the Mailborder server) and compare the configs on
> > the Mailborder server to yours. This will at least eliminate the
> > Mailscanner configuration variable from the equation.
> > >
> > > -
> > > Jerry Benton
> > > www.mailborder.com<http://www.mailborder.com>
> > >
> > >
> > >
> > >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net<mailto:***@vgt.net>>
> > wrote:
> > >>
> > >> Sigh, built a brand new MailScanner box from scratch...once
> > >> again,
> > everything works except filename checking. The only thing I changed
> > was to disallow zip files(just changed allow to deny in
> > filenames.rules.conf) and it still lets it all through.
> > >>
> > >> It just doesn't seem to want to work, with no errors to shed any
> > light.
> > >> --
> > >> MailScanner mailing list
> > >> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > >
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Jason Ede

2015-02-24 13:35:57 UTC

Permalink

Have you checked your Virus Names Which Are Spam setting?

From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of James Nelson
Sent: 24 February 2015 13:23
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Hi Glenn, I ran --lint as postfix and it does detect eicar.com<http://eicar.com> as a blocked filetype, it just doesn't do anything about it during mail scanning. I had the thought that my rules files had permissions problems, but I made them readable for everyone just to be sure.

I have the group as Apache as part of the configuration for MailWatch.

On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com<mailto:***@gmail.com>> wrote:

I see you have run as user/group set to postfix/apache... When you've done your lint and debug runs, did you do them as postfix user or root?
My guess is that the rule file for filenames might not be readable to the postfix user.

Cheers!
--
-- Glenn
Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net<mailto:***@vgt.net>>:

Sorry about that, I thought I set it to public. Try again :).

Jerry, I'm building a Mailborder server now to test.

"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>] On Behalf Of Kevin Miller
Sent: Monday, February 23, 2015 2:20 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

It said this "This is a private paste. If you created this paste, please login to view it." I couldn't see it.

If there's anything that needs to be munged (like your watermark), just edit that before posting and make it a public post.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500> Registered Linux User No: 307357

> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-<mailto:mailscanner->
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of James Nelson
> Sent: Monday, February 23, 2015 10:52 AM
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
> Kevin,
>
> Here's my complete MailScanner.conf:
>
> http://pastebin.com/ci9dz8iL
>
> Jerry:
>
> I changed default to *@* this morning in the course of my, "did that
> work? No, okay, how about this," but the result was the same regardless.
>
> I'm not applying any configuration via conf.d at the moment...if I
> were to do that, would it supersede anything in MailScanner.conf?
>
>
>
> "a rockpile ceases to be a rockpile the moment a single man
> contemplates it, bearing within him the image of a cathedral."
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info> [mailto:mailscanner-<mailto:mailscanner->
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 12:50 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Maybe you could post your MailScanner.conf to pastebin. I'm guessing
> something in there is wonky.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242<tel:%28907%29%20586-0242>, Fax: (907) 586-4500<tel:%28907%29%20586-4500> Registered Linux User No:
> 307357
>
>
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > [mailto:mailscanner-<mailto:mailscanner-> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of
> > James Nelson
> > Sent: Monday, February 23, 2015 9:26 AM
> > To: MailScanner discussion
> > Subject: RE: Filename Restrictions Not working
> >
> > Well, an interesting update...
> >
> > I changed up my approach, and pointed the Deny Filenames = in
> > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
> > follows:
> >
> > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
> > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
> > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
> > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
> > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
> > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
> >
> > When running MailScanner --lint now, it DOES detect eicar.com<http://eicar.com> as a
> > blocked filetype. However, it's still allowing blocked filetypes
> > through ?
> >
> >
> >
> >
> > "a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral."
> >
> >
> > -----Original Message-----
> > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > [mailto:mailscanner-<mailto:mailscanner-> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of
> > Jerry Benton
> > Sent: Sunday, February 22, 2015 4:11 PM
> > To: MailScanner discussion
> > Subject: Re: Filename Restrictions Not working
> >
> > Its not beta anymore. (The RPM package.)
> >
> > -
> > Jerry Benton
> > www.mailborder.com<http://www.mailborder.com>
> >
> >
> >
> > > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net<mailto:***@vgt.net>>
> > wrote:
> > >
> > > I will try that tomorrow...i'm about out of other ideas.
> > >
> > > I suppose I could also try the new MS beta, just to throw
> > > something
> > else at the wall...
> > >
> > >
> > >
> > >
> > > "a rockpile ceases to be a rockpile the moment a single man
> > contemplates it, bearing within him the image of a cathedral."
> > >
> > >
> > > -----Original Message-----
> > > From: mailscanner-***@lists.mailscanner.info<mailto:mailscanner-***@lists.mailscanner.info>
> > > [mailto:mailscanner-<mailto:mailscanner->
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>] On Behalf Of Jerry Benton
> > > Sent: Saturday, February 21, 2015 5:54 AM
> > > To: MailScanner discussion
> > > Subject: Re: Filename Restrictions Not working
> > >
> > > I'm not pimping my product, but I would suggest you install a
> > Mailborder server for a comparison test. Check to see if it is
> > working correctly (the Mailborder server) and compare the configs on
> > the Mailborder server to yours. This will at least eliminate the
> > Mailscanner configuration variable from the equation.
> > >
> > > -
> > > Jerry Benton
> > > www.mailborder.com<http://www.mailborder.com>
> > >
> > >
> > >
> > >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net<mailto:***@vgt.net>>
> > wrote:
> > >>
> > >> Sigh, built a brand new MailScanner box from scratch...once
> > >> again,
> > everything works except filename checking. The only thing I changed
> > was to disallow zip files(just changed allow to deny in
> > filenames.rules.conf) and it still lets it all through.
> > >>
> > >> It just doesn't seem to want to work, with no errors to shed any
> > light.
> > >> --
> > >> MailScanner mailing list
> > >> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > >
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > > --
> > > MailScanner mailing list
> > > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info<mailto:***@lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Glenn Steen

2015-02-24 15:55:26 UTC

Permalink

Right, so at the postfix user, can you actually read the two files
(/etc/MailScanner/filename.rules.conf and
/etc/MailScanner/rules/filename.rules)?
Also, the default line (at least) for the
/etc/MailScanner/rules/filename.rules file should mention the
%etc-dir%/filename.rules.conf file, at least if you have
Filename Rules = %rules-dir%/filename.rules
in the /etc/mailScanner/MailScanner.conf file.

You can actually check the value with MailScanner itself (as the
Postfix user) by doing something like:
-bash-4.2$ MailScanner --value=filenamerules
--from=***@example.net --to=***@yourdomain.com
Looked up internal option name "filenamerules"
With sender = ***@example.net
recipient = ***@yourdomain.com
Client IP =
Virus =
Result is "/etc/MailScanner/filename.rules.conf"
-bash-4.2$

Check the syntax with "MailScanner --help".

Seems to me that the ruleset is borked, the actual filenames aren't
read, or there still resida a postfix instance that don't have the
correct HOLD thingy on your system... In decreasing order of
probability;-)

Cheers
--
-- Glenn

On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a blocked
> filetype, it just doesn't do anything about it during mail scanning. I had
> the thought that my rules files had permissions problems, but I made them
> readable for everyone just to be sure.
>
> I have the group as Apache as part of the configuration for MailWatch.
>
>
>
> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>
> I see you have run as user/group set to postfix/apache... When you've done
> your lint and debug runs, did you do them as postfix user or root?
> My guess is that the rule file for filenames might not be readable to the
> postfix user.
>
> Cheers!
> --
> -- Glenn
>
> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>
>>
>> Sorry about that, I thought I set it to public. Try again :).
>>
>> Jerry, I'm building a Mailborder server now to test.
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates
>> it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info
>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin
>> Miller
>> Sent: Monday, February 23, 2015 2:20 PM
>> To: 'MailScanner discussion'
>> Subject: RE: Filename Restrictions Not working
>>
>> It said this "This is a private paste. If you created this paste, please
>> login to view it." I couldn't see it.
>>
>> If there's anything that needs to be munged (like your watermark), just
>> edit that before posting and make it a public post.
>>
>> ...Kevin
>> --
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> 307357
>>
>>
>> > -----Original Message-----
>> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
>> > ***@lists.mailscanner.info] On Behalf Of James Nelson
>> > Sent: Monday, February 23, 2015 10:52 AM
>> > To: MailScanner discussion
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Kevin,
>> >
>> > Here's my complete MailScanner.conf:
>> >
>> > http://pastebin.com/ci9dz8iL
>> >
>> > Jerry:
>> >
>> > I changed default to *@* this morning in the course of my, "did that
>> > work? No, okay, how about this," but the result was the same regardless.
>> >
>> > I'm not applying any configuration via conf.d at the moment...if I
>> > were to do that, would it supersede anything in MailScanner.conf?
>> >
>> >
>> >
>> > “a rockpile ceases to be a rockpile the moment a single man
>> > contemplates it, bearing within him the image of a cathedral.”
>> >
>> >
>> > -----Original Message-----
>> > From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
>> > ***@lists.mailscanner.info] On Behalf Of Kevin Miller
>> > Sent: Monday, February 23, 2015 12:50 PM
>> > To: 'MailScanner discussion'
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Maybe you could post your MailScanner.conf to pastebin. I'm guessing
>> > something in there is wonky.
>> >
>> > ...Kevin
>> > --
>> > Kevin Miller
>> > Network/email Administrator, CBJ MIS Dept.
>> > 155 South Seward Street
>> > Juneau, Alaska 99801
>> > Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> > 307357
>> >
>> >
>> > > -----Original Message-----
>> > > From: mailscanner-***@lists.mailscanner.info
>> > > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>> > > James Nelson
>> > > Sent: Monday, February 23, 2015 9:26 AM
>> > > To: MailScanner discussion
>> > > Subject: RE: Filename Restrictions Not working
>> > >
>> > > Well, an interesting update...
>> > >
>> > > I changed up my approach, and pointed the Deny Filenames = in
>> > > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>> > > follows:
>> > >
>> > > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>> > > \.chm$
>> > > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>> > > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>> > > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
>> > > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>> > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>> > >
>> > > When running MailScanner --lint now, it DOES detect eicar.com as a
>> > > blocked filetype. However, it's still allowing blocked filetypes
>> > > through ?
>> > >
>> > >
>> > >
>> > >
>> > > “a rockpile ceases to be a rockpile the moment a single man
>> > > contemplates it, bearing within him the image of a cathedral.”
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: mailscanner-***@lists.mailscanner.info
>> > > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>> > > Jerry Benton
>> > > Sent: Sunday, February 22, 2015 4:11 PM
>> > > To: MailScanner discussion
>> > > Subject: Re: Filename Restrictions Not working
>> > >
>> > > Its not beta anymore. (The RPM package.)
>> > >
>> > > -
>> > > Jerry Benton
>> > > www.mailborder.com
>> > >
>> > >
>> > >
>> > > > On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
>> > > wrote:
>> > > >
>> > > > I will try that tomorrow...i'm about out of other ideas.
>> > > >
>> > > > I suppose I could also try the new MS beta, just to throw
>> > > > something
>> > > else at the wall...
>> > > >
>> > > >
>> > > >
>> > > >
>> > > > “a rockpile ceases to be a rockpile the moment a single man
>> > > contemplates it, bearing within him the image of a cathedral.”
>> > > >
>> > > >
>> > > > -----Original Message-----
>> > > > From: mailscanner-***@lists.mailscanner.info
>> > > > [mailto:mailscanner-
>> > > ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>> > > > Sent: Saturday, February 21, 2015 5:54 AM
>> > > > To: MailScanner discussion
>> > > > Subject: Re: Filename Restrictions Not working
>> > > >
>> > > > I’m not pimping my product, but I would suggest you install a
>> > > Mailborder server for a comparison test. Check to see if it is
>> > > working correctly (the Mailborder server) and compare the configs on
>> > > the Mailborder server to yours. This will at least eliminate the
>> > > Mailscanner configuration variable from the equation.
>> > > >
>> > > > -
>> > > > Jerry Benton
>> > > > www.mailborder.com
>> > > >
>> > > >
>> > > >
>> > > >> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
>> > > wrote:
>> > > >>
>> > > >> Sigh, built a brand new MailScanner box from scratch...once
>> > > >> again,
>> > > everything works except filename checking. The only thing I changed
>> > > was to disallow zip files(just changed allow to deny in
>> > > filenames.rules.conf) and it still lets it all through.
>> > > >>
>> > > >> It just doesn't seem to want to work, with no errors to shed any
>> > > light.
>> > > >> --
>> > > >> MailScanner mailing list
>> > > >> ***@lists.mailscanner.info
>> > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >>
>> > > >> Before posting, read http://wiki.mailscanner.info/posting
>> > > >>
>> > > >> Support MailScanner development - buy the book off the website!
>> > > >
>> > > > --
>> > > > MailScanner mailing list
>> > > > ***@lists.mailscanner.info
>> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >
>> > > > Before posting, read http://wiki.mailscanner.info/posting
>> > > >
>> > > > Support MailScanner development - buy the book off the website!
>> > > > --
>> > > > MailScanner mailing list
>> > > > ***@lists.mailscanner.info
>> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >
>> > > > Before posting, read http://wiki.mailscanner.info/posting
>> > > >
>> > > > Support MailScanner development - buy the book off the website!
>> > >
>> > > --
>> > > MailScanner mailing list
>> > > ***@lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > > --
>> > > MailScanner mailing list
>> > > ***@lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > ***@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > ***@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner develop

James Nelson

2015-02-24 16:28:31 UTC

Permalink

Hi Glenn,

I ran that test and got the exact result you did, which is either good or very bad, because it's still not working :)

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Glenn Steen
Sent: Tuesday, February 24, 2015 9:55 AM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.

You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
-bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
With sender = ***@example.net
recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
-bash-4.2$

Check the syntax with "MailScanner --help".

Seems to me that the ruleset is borked, the actual filenames aren't read, or there still resida a postfix instance that don't have the correct HOLD thingy on your system... In decreasing order of
probability;-)

Cheers
--
-- Glenn

On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
> blocked filetype, it just doesn't do anything about it during mail
> scanning. I had the thought that my rules files had permissions
> problems, but I made them readable for everyone just to be sure.
>
> I have the group as Apache as part of the configuration for MailWatch.
>
>
>
> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>
> I see you have run as user/group set to postfix/apache... When you've
> done your lint and debug runs, did you do them as postfix user or root?
> My guess is that the rule file for filenames might not be readable to
> the postfix user.
>
> Cheers!
> --
> -- Glenn
>
> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>
>>
>> Sorry about that, I thought I set it to public. Try again :).
>>
>> Jerry, I'm building a Mailborder server now to test.
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man
>> contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info
>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>> Kevin Miller
>> Sent: Monday, February 23, 2015 2:20 PM
>> To: 'MailScanner discussion'
>> Subject: RE: Filename Restrictions Not working
>>
>> It said this "This is a private paste. If you created this paste,
>> please login to view it." I couldn't see it.
>>
>> If there's anything that needs to be munged (like your watermark),
>> just edit that before posting and make it a public post.
>>
>> ...Kevin
>> --
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> 307357
>>
>>
>> > -----Original Message-----
>> > From: mailscanner-***@lists.mailscanner.info
>> > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>> > James Nelson
>> > Sent: Monday, February 23, 2015 10:52 AM
>> > To: MailScanner discussion
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Kevin,
>> >
>> > Here's my complete MailScanner.conf:
>> >
>> > http://pastebin.com/ci9dz8iL
>> >
>> > Jerry:
>> >
>> > I changed default to *@* this morning in the course of my, "did
>> > that work? No, okay, how about this," but the result was the same regardless.
>> >
>> > I'm not applying any configuration via conf.d at the moment...if I
>> > were to do that, would it supersede anything in MailScanner.conf?
>> >
>> >
>> >
>> > “a rockpile ceases to be a rockpile the moment a single man
>> > contemplates it, bearing within him the image of a cathedral.”
>> >
>> >
>> > -----Original Message-----
>> > From: mailscanner-***@lists.mailscanner.info
>> > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>> > Kevin Miller
>> > Sent: Monday, February 23, 2015 12:50 PM
>> > To: 'MailScanner discussion'
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Maybe you could post your MailScanner.conf to pastebin. I'm
>> > guessing something in there is wonky.
>> >
>> > ...Kevin
>> > --
>> > Kevin Miller
>> > Network/email Administrator, CBJ MIS Dept.
>> > 155 South Seward Street
>> > Juneau, Alaska 99801
>> > Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> > 307357
>> >
>> >
>> > > -----Original Message-----
>> > > From: mailscanner-***@lists.mailscanner.info
>> > > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>> > > James Nelson
>> > > Sent: Monday, February 23, 2015 9:26 AM
>> > > To: MailScanner discussion
>> > > Subject: RE: Filename Restrictions Not working
>> > >
>> > > Well, an interesting update...
>> > >
>> > > I changed up my approach, and pointed the Deny Filenames = in
>> > > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>> > > follows:
>> > >
>> > > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>> > > \.chm$
>> > > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>> > > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>> > > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$
>> > > \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>> > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>> > >
>> > > When running MailScanner --lint now, it DOES detect eicar.com as
>> > > a blocked filetype. However, it's still allowing blocked
>> > > filetypes through ?
>> > >
>> > >
>> > >
>> > >
>> > > “a rockpile ceases to be a rockpile the moment a single man
>> > > contemplates it, bearing within him the image of a cathedral.”
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: mailscanner-***@lists.mailscanner.info
>> > > [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>> > > Jerry Benton
>> > > Sent: Sunday, February 22, 2015 4:11 PM
>> > > To: MailScanner discussion
>> > > Subject: Re: Filename Restrictions Not working
>> > >
>> > > Its not beta anymore. (The RPM package.)
>> > >
>> > > -
>> > > Jerry Benton
>> > > www.mailborder.com
>> > >
>> > >
>> > >
>> > > > On Feb 22, 2015, at 4:33 PM, James Nelson
>> > > > <***@vgt.net>
>> > > wrote:
>> > > >
>> > > > I will try that tomorrow...i'm about out of other ideas.
>> > > >
>> > > > I suppose I could also try the new MS beta, just to throw
>> > > > something
>> > > else at the wall...
>> > > >
>> > > >
>> > > >
>> > > >
>> > > > “a rockpile ceases to be a rockpile the moment a single man
>> > > contemplates it, bearing within him the image of a cathedral.”
>> > > >
>> > > >
>> > > > -----Original Message-----
>> > > > From: mailscanner-***@lists.mailscanner.info
>> > > > [mailto:mailscanner-
>> > > ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>> > > > Sent: Saturday, February 21, 2015 5:54 AM
>> > > > To: MailScanner discussion
>> > > > Subject: Re: Filename Restrictions Not working
>> > > >
>> > > > I’m not pimping my product, but I would suggest you install a
>> > > Mailborder server for a comparison test. Check to see if it is
>> > > working correctly (the Mailborder server) and compare the configs
>> > > on the Mailborder server to yours. This will at least eliminate
>> > > the Mailscanner configuration variable from the equation.
>> > > >
>> > > > -
>> > > > Jerry Benton
>> > > > www.mailborder.com
>> > > >
>> > > >
>> > > >
>> > > >> On Feb 21, 2015, at 2:29 AM, James Nelson
>> > > >> <***@vgt.net>
>> > > wrote:
>> > > >>
>> > > >> Sigh, built a brand new MailScanner box from scratch...once
>> > > >> again,
>> > > everything works except filename checking. The only thing I
>> > > changed was to disallow zip files(just changed allow to deny in
>> > > filenames.rules.conf) and it still lets it all through.
>> > > >>
>> > > >> It just doesn't seem to want to work, with no errors to shed
>> > > >> any
>> > > light.
>> > > >> --
>> > > >> MailScanner mailing list
>> > > >> ***@lists.mailscanner.info
>> > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >>
>> > > >> Before posting, read http://wiki.mailscanner.info/posting
>> > > >>
>> > > >> Support MailScanner development - buy the book off the website!
>> > > >
>> > > > --
>> > > > MailScanner mailing list
>> > > > ***@lists.mailscanner.info
>> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >
>> > > > Before posting, read http://wiki.mailscanner.info/posting
>> > > >
>> > > > Support MailScanner development - buy the book off the website!
>> > > > --
>> > > > MailScanner mailing list
>> > > > ***@lists.mailscanner.info
>> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >
>> > > > Before posting, read http://wiki.mailscanner.info/posting
>> > > >
>> > > > Support MailScanner development - buy the book off the website!
>> > >
>> > > --
>> > > MailScanner mailing list
>> > > ***@lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > > --
>> > > MailScanner mailing list
>> > > ***@lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > ***@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > ***@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner develop

Jerry Benton

2015-02-24 17:13:30 UTC

Permalink

Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?

-
Jerry Benton
www.mailborder.com

> On Feb 24, 2015, at 11:28 AM, James Nelson <***@vgt.net> wrote:
>
> Hi Glenn,
>
> I ran that test and got the exact result you did, which is either good or very bad, because it's still not working :)
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: Tuesday, February 24, 2015 9:55 AM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>
> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
> -bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
> With sender = ***@example.net
> recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
> -bash-4.2$
>
>
> Check the syntax with "MailScanner --help".
>
> Seems to me that the ruleset is borked, the actual filenames aren't read, or there still resida a postfix instance that don't have the correct HOLD thingy on your system... In decreasing order of
> probability;-)
>
> Cheers
> --
> -- Glenn
>
> On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>> blocked filetype, it just doesn't do anything about it during mail
>> scanning. I had the thought that my rules files had permissions
>> problems, but I made them readable for everyone just to be sure.
>>
>> I have the group as Apache as part of the configuration for MailWatch.
>>
>>
>>
>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>>
>> I see you have run as user/group set to postfix/apache... When you've
>> done your lint and debug runs, did you do them as postfix user or root?
>> My guess is that the rule file for filenames might not be readable to
>> the postfix user.
>>
>> Cheers!
>> --
>> -- Glenn
>>
>> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>>
>>>
>>> Sorry about that, I thought I set it to public. Try again :).
>>>
>>> Jerry, I'm building a Mailborder server now to test.
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man
>>> contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>> Kevin Miller
>>> Sent: Monday, February 23, 2015 2:20 PM
>>> To: 'MailScanner discussion'
>>> Subject: RE: Filename Restrictions Not working
>>>
>>> It said this "This is a private paste. If you created this paste,
>>> please login to view it." I couldn't see it.
>>>
>>> If there's anything that needs to be munged (like your watermark),
>>> just edit that before posting and make it a public post.
>>>
>>> ...Kevin
>>> --
>>> Kevin Miller
>>> Network/email Administrator, CBJ MIS Dept.
>>> 155 South Seward Street
>>> Juneau, Alaska 99801
>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>> 307357
>>>
>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>> James Nelson
>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>> To: MailScanner discussion
>>>> Subject: RE: Filename Restrictions Not working
>>>>
>>>> Kevin,
>>>>
>>>> Here's my complete MailScanner.conf:
>>>>
>>>> http://pastebin.com/ci9dz8iL
>>>>
>>>> Jerry:
>>>>
>>>> I changed default to *@* this morning in the course of my, "did
>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>
>>>> I'm not applying any configuration via conf.d at the moment...if I
>>>> were to do that, would it supersede anything in MailScanner.conf?
>>>>
>>>>
>>>>
>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>> Kevin Miller
>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>> To: 'MailScanner discussion'
>>>> Subject: RE: Filename Restrictions Not working
>>>>
>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>> guessing something in there is wonky.
>>>>
>>>> ...Kevin
>>>> --
>>>> Kevin Miller
>>>> Network/email Administrator, CBJ MIS Dept.
>>>> 155 South Seward Street
>>>> Juneau, Alaska 99801
>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>> 307357
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>> James Nelson
>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>> To: MailScanner discussion
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> Well, an interesting update...
>>>>>
>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>>>>> follows:
>>>>>
>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>> \.chm$
>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$
>>>>> \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>
>>>>> When running MailScanner --lint now, it DOES detect eicar.com as
>>>>> a blocked filetype. However, it's still allowing blocked
>>>>> filetypes through ?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>> Jerry Benton
>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>> To: MailScanner discussion
>>>>> Subject: Re: Filename Restrictions Not working
>>>>>
>>>>> Its not beta anymore. (The RPM package.)
>>>>>
>>>>> -
>>>>> Jerry Benton
>>>>> www.mailborder.com
>>>>>
>>>>>
>>>>>
>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson
>>>>>> <***@vgt.net>
>>>>> wrote:
>>>>>>
>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>
>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>> something
>>>>> else at the wall...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner-
>>>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>> To: MailScanner discussion
>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>
>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>> working correctly (the Mailborder server) and compare the configs
>>>>> on the Mailborder server to yours. This will at least eliminate
>>>>> the Mailscanner configuration variable from the equation.
>>>>>>
>>>>>> -
>>>>>> Jerry Benton
>>>>>> www.mailborder.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>> <***@vgt.net>
>>>>> wrote:
>>>>>>>
>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>> again,
>>>>> everything works except filename checking. The only thing I
>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>
>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>> any
>>>>> light.
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development

James Nelson

2015-02-24 17:44:43 UTC

Permalink

It did, and I've tried copying over the filename\type rules (modifying the names and paths of course) and it doesn't work

Now...in the MailBorder configuration, it stated not to install WebMin...which I do have running on the original MailScanner server...could that be causing a problem? I didn't think it was since virus scanning, spam scoring, etc-- all work. Basically everything except attachment checking\blocking seems to be in good shape.

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Tuesday, February 24, 2015 11:14 AM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?

-
Jerry Benton
www.mailborder.com

> On Feb 24, 2015, at 11:28 AM, James Nelson <***@vgt.net> wrote:
>
> Hi Glenn,
>
> I ran that test and got the exact result you did, which is either good
> or very bad, because it's still not working :)
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info
> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Glenn
> Steen
> Sent: Tuesday, February 24, 2015 9:55 AM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>
> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
> -bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
> With sender = ***@example.net
> recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
> -bash-4.2$
>
>
> Check the syntax with "MailScanner --help".
>
> Seems to me that the ruleset is borked, the actual filenames aren't
> read, or there still resida a postfix instance that don't have the
> correct HOLD thingy on your system... In decreasing order of
> probability;-)
>
> Cheers
> --
> -- Glenn
>
> On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>> blocked filetype, it just doesn't do anything about it during mail
>> scanning. I had the thought that my rules files had permissions
>> problems, but I made them readable for everyone just to be sure.
>>
>> I have the group as Apache as part of the configuration for MailWatch.
>>
>>
>>
>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>>
>> I see you have run as user/group set to postfix/apache... When
>> you've done your lint and debug runs, did you do them as postfix user or root?
>> My guess is that the rule file for filenames might not be readable to
>> the postfix user.
>>
>> Cheers!
>> --
>> -- Glenn
>>
>> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>>
>>>
>>> Sorry about that, I thought I set it to public. Try again :).
>>>
>>> Jerry, I'm building a Mailborder server now to test.
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man
>>> contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>> Kevin Miller
>>> Sent: Monday, February 23, 2015 2:20 PM
>>> To: 'MailScanner discussion'
>>> Subject: RE: Filename Restrictions Not working
>>>
>>> It said this "This is a private paste. If you created this paste,
>>> please login to view it." I couldn't see it.
>>>
>>> If there's anything that needs to be munged (like your watermark),
>>> just edit that before posting and make it a public post.
>>>
>>> ...Kevin
>>> --
>>> Kevin Miller
>>> Network/email Administrator, CBJ MIS Dept.
>>> 155 South Seward Street
>>> Juneau, Alaska 99801
>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>> 307357
>>>
>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>> James Nelson
>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>> To: MailScanner discussion
>>>> Subject: RE: Filename Restrictions Not working
>>>>
>>>> Kevin,
>>>>
>>>> Here's my complete MailScanner.conf:
>>>>
>>>> http://pastebin.com/ci9dz8iL
>>>>
>>>> Jerry:
>>>>
>>>> I changed default to *@* this morning in the course of my, "did
>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>
>>>> I'm not applying any configuration via conf.d at the moment...if I
>>>> were to do that, would it supersede anything in MailScanner.conf?
>>>>
>>>>
>>>>
>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>> Kevin Miller
>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>> To: 'MailScanner discussion'
>>>> Subject: RE: Filename Restrictions Not working
>>>>
>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>> guessing something in there is wonky.
>>>>
>>>> ...Kevin
>>>> --
>>>> Kevin Miller
>>>> Network/email Administrator, CBJ MIS Dept.
>>>> 155 South Seward Street
>>>> Juneau, Alaska 99801
>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>> 307357
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>> James Nelson
>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>> To: MailScanner discussion
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> Well, an interesting update...
>>>>>
>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>>>>> follows:
>>>>>
>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>> \.chm$
>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
>>>>> \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>
>>>>> When running MailScanner --lint now, it DOES detect eicar.com as a
>>>>> blocked filetype. However, it's still allowing blocked filetypes
>>>>> through ?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>> Jerry Benton
>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>> To: MailScanner discussion
>>>>> Subject: Re: Filename Restrictions Not working
>>>>>
>>>>> Its not beta anymore. (The RPM package.)
>>>>>
>>>>> -
>>>>> Jerry Benton
>>>>> www.mailborder.com
>>>>>
>>>>>
>>>>>
>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
>>>>> wrote:
>>>>>>
>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>
>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>> something
>>>>> else at the wall...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner-
>>>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>> To: MailScanner discussion
>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>
>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>> working correctly (the Mailborder server) and compare the configs
>>>>> on the Mailborder server to yours. This will at least eliminate
>>>>> the Mailscanner configuration variable from the equation.
>>>>>>
>>>>>> -
>>>>>> Jerry Benton
>>>>>> www.mailborder.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>> <***@vgt.net>
>>>>> wrote:
>>>>>>>
>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>> again,
>>>>> everything works except filename checking. The only thing I
>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>
>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>> any
>>>>> light.
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support Mail

Jerry Benton

2015-02-24 18:21:25 UTC

Permalink

Webmin is not recommended in the event that it changes file permissions or modifies the firewall, which the Mailborder scripts handle. It will work, until webmin breaks it.

So you are saying the Mailborder install does not work for filename checking and blocking? If so, you are doing something wrong somewhere on both the vanilla MailScanner and Mailborder controlled MailScanner. The Mailborder controlled version should work on a default install.

-
Jerry Benton
www.mailborder.com

> On Feb 24, 2015, at 12:44 PM, James Nelson <***@vgt.net> wrote:
>
> It did, and I've tried copying over the filename\type rules (modifying the names and paths of course) and it doesn't work
>
> Now...in the MailBorder configuration, it stated not to install WebMin...which I do have running on the original MailScanner server...could that be causing a problem? I didn't think it was since virus scanning, spam scoring, etc-- all work. Basically everything except attachment checking\blocking seems to be in good shape.
>
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Tuesday, February 24, 2015 11:14 AM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 24, 2015, at 11:28 AM, James Nelson <***@vgt.net> wrote:
>>
>> Hi Glenn,
>>
>> I ran that test and got the exact result you did, which is either good
>> or very bad, because it's still not working :)
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info
>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Glenn
>> Steen
>> Sent: Tuesday, February 24, 2015 9:55 AM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
>> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>>
>> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
>> -bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
>> With sender = ***@example.net
>> recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
>> -bash-4.2$
>>
>>
>> Check the syntax with "MailScanner --help".
>>
>> Seems to me that the ruleset is borked, the actual filenames aren't
>> read, or there still resida a postfix instance that don't have the
>> correct HOLD thingy on your system... In decreasing order of
>> probability;-)
>>
>> Cheers
>> --
>> -- Glenn
>>
>> On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
>>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>>> blocked filetype, it just doesn't do anything about it during mail
>>> scanning. I had the thought that my rules files had permissions
>>> problems, but I made them readable for everyone just to be sure.
>>>
>>> I have the group as Apache as part of the configuration for MailWatch.
>>>
>>>
>>>
>>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>>>
>>> I see you have run as user/group set to postfix/apache... When
>>> you've done your lint and debug runs, did you do them as postfix user or root?
>>> My guess is that the rule file for filenames might not be readable to
>>> the postfix user.
>>>
>>> Cheers!
>>> --
>>> -- Glenn
>>>
>>> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>>>
>>>>
>>>> Sorry about that, I thought I set it to public. Try again :).
>>>>
>>>> Jerry, I'm building a Mailborder server now to test.
>>>>
>>>>
>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>> Kevin Miller
>>>> Sent: Monday, February 23, 2015 2:20 PM
>>>> To: 'MailScanner discussion'
>>>> Subject: RE: Filename Restrictions Not working
>>>>
>>>> It said this "This is a private paste. If you created this paste,
>>>> please login to view it." I couldn't see it.
>>>>
>>>> If there's anything that needs to be munged (like your watermark),
>>>> just edit that before posting and make it a public post.
>>>>
>>>> ...Kevin
>>>> --
>>>> Kevin Miller
>>>> Network/email Administrator, CBJ MIS Dept.
>>>> 155 South Seward Street
>>>> Juneau, Alaska 99801
>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>> 307357
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>> James Nelson
>>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>>> To: MailScanner discussion
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> Kevin,
>>>>>
>>>>> Here's my complete MailScanner.conf:
>>>>>
>>>>> http://pastebin.com/ci9dz8iL
>>>>>
>>>>> Jerry:
>>>>>
>>>>> I changed default to *@* this morning in the course of my, "did
>>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>>
>>>>> I'm not applying any configuration via conf.d at the moment...if I
>>>>> were to do that, would it supersede anything in MailScanner.conf?
>>>>>
>>>>>
>>>>>
>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>> Kevin Miller
>>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>>> To: 'MailScanner discussion'
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>>> guessing something in there is wonky.
>>>>>
>>>>> ...Kevin
>>>>> --
>>>>> Kevin Miller
>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>> 155 South Seward Street
>>>>> Juneau, Alaska 99801
>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>> 307357
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>> James Nelson
>>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>>> To: MailScanner discussion
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> Well, an interesting update...
>>>>>>
>>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>>>>>> follows:
>>>>>>
>>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>>> \.chm$
>>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
>>>>>> \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>>
>>>>>> When running MailScanner --lint now, it DOES detect eicar.com as a
>>>>>> blocked filetype. However, it's still allowing blocked filetypes
>>>>>> through ?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>> Jerry Benton
>>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>>> To: MailScanner discussion
>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>
>>>>>> Its not beta anymore. (The RPM package.)
>>>>>>
>>>>>> -
>>>>>> Jerry Benton
>>>>>> www.mailborder.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
>>>>>> wrote:
>>>>>>>
>>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>>
>>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>>> something
>>>>>> else at the wall...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner-
>>>>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>
>>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>>> working correctly (the Mailborder server) and compare the configs
>>>>>> on the Mailborder server to yours. This will at least eliminate
>>>>>> the Mailscanner configuration variable from the equation.
>>>>>>>
>>>>>>> -
>>>>>>> Jerry Benton
>>>>>>> www.mailborder.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>>> <***@vgt.net>
>>>>>> wrote:
>>>>>>>>
>>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>>> again,
>>>>>> everything works except filename checking. The only thing I
>>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>>
>>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>>> any
>>>>>> light.
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>>
>>
>> --
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the webs

James Nelson

2015-02-24 18:45:17 UTC

Permalink

Webmin is installed on MailScanner server...which doesn't work. It's not installed on the MailBorder server, however, which DOES work.

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Tuesday, February 24, 2015 12:21 PM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Webmin is not recommended in the event that it changes file permissions or modifies the firewall, which the Mailborder scripts handle. It will work, until webmin breaks it.

So you are saying the Mailborder install does not work for filename checking and blocking? If so, you are doing something wrong somewhere on both the vanilla MailScanner and Mailborder controlled MailScanner. The Mailborder controlled version should work on a default install.

-
Jerry Benton
www.mailborder.com

> On Feb 24, 2015, at 12:44 PM, James Nelson <***@vgt.net> wrote:
>
> It did, and I've tried copying over the filename\type rules (modifying
> the names and paths of course) and it doesn't work
>
> Now...in the MailBorder configuration, it stated not to install WebMin...which I do have running on the original MailScanner server...could that be causing a problem? I didn't think it was since virus scanning, spam scoring, etc-- all work. Basically everything except attachment checking\blocking seems to be in good shape.
>
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info
> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry
> Benton
> Sent: Tuesday, February 24, 2015 11:14 AM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 24, 2015, at 11:28 AM, James Nelson <***@vgt.net> wrote:
>>
>> Hi Glenn,
>>
>> I ran that test and got the exact result you did, which is either
>> good or very bad, because it's still not working :)
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info
>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>> Glenn Steen
>> Sent: Tuesday, February 24, 2015 9:55 AM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
>> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>>
>> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
>> -bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
>> With sender = ***@example.net
>> recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
>> -bash-4.2$
>>
>>
>> Check the syntax with "MailScanner --help".
>>
>> Seems to me that the ruleset is borked, the actual filenames aren't
>> read, or there still resida a postfix instance that don't have the
>> correct HOLD thingy on your system... In decreasing order of
>> probability;-)
>>
>> Cheers
>> --
>> -- Glenn
>>
>> On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
>>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>>> blocked filetype, it just doesn't do anything about it during mail
>>> scanning. I had the thought that my rules files had permissions
>>> problems, but I made them readable for everyone just to be sure.
>>>
>>> I have the group as Apache as part of the configuration for MailWatch.
>>>
>>>
>>>
>>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>>>
>>> I see you have run as user/group set to postfix/apache... When
>>> you've done your lint and debug runs, did you do them as postfix user or root?
>>> My guess is that the rule file for filenames might not be readable
>>> to the postfix user.
>>>
>>> Cheers!
>>> --
>>> -- Glenn
>>>
>>> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>>>
>>>>
>>>> Sorry about that, I thought I set it to public. Try again :).
>>>>
>>>> Jerry, I'm building a Mailborder server now to test.
>>>>
>>>>
>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>> Kevin Miller
>>>> Sent: Monday, February 23, 2015 2:20 PM
>>>> To: 'MailScanner discussion'
>>>> Subject: RE: Filename Restrictions Not working
>>>>
>>>> It said this "This is a private paste. If you created this paste,
>>>> please login to view it." I couldn't see it.
>>>>
>>>> If there's anything that needs to be munged (like your watermark),
>>>> just edit that before posting and make it a public post.
>>>>
>>>> ...Kevin
>>>> --
>>>> Kevin Miller
>>>> Network/email Administrator, CBJ MIS Dept.
>>>> 155 South Seward Street
>>>> Juneau, Alaska 99801
>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>> 307357
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>> James Nelson
>>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>>> To: MailScanner discussion
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> Kevin,
>>>>>
>>>>> Here's my complete MailScanner.conf:
>>>>>
>>>>> http://pastebin.com/ci9dz8iL
>>>>>
>>>>> Jerry:
>>>>>
>>>>> I changed default to *@* this morning in the course of my, "did
>>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>>
>>>>> I'm not applying any configuration via conf.d at the moment...if I
>>>>> were to do that, would it supersede anything in MailScanner.conf?
>>>>>
>>>>>
>>>>>
>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>> Kevin Miller
>>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>>> To: 'MailScanner discussion'
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>>> guessing something in there is wonky.
>>>>>
>>>>> ...Kevin
>>>>> --
>>>>> Kevin Miller
>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>> 155 South Seward Street
>>>>> Juneau, Alaska 99801
>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>> 307357
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>> James Nelson
>>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>>> To: MailScanner discussion
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> Well, an interesting update...
>>>>>>
>>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>>>>>> follows:
>>>>>>
>>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>>> \.chm$
>>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$
>>>>>> \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>>
>>>>>> When running MailScanner --lint now, it DOES detect eicar.com as
>>>>>> a blocked filetype. However, it's still allowing blocked
>>>>>> filetypes through ?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>> Jerry Benton
>>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>>> To: MailScanner discussion
>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>
>>>>>> Its not beta anymore. (The RPM package.)
>>>>>>
>>>>>> -
>>>>>> Jerry Benton
>>>>>> www.mailborder.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
>>>>>> wrote:
>>>>>>>
>>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>>
>>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>>> something
>>>>>> else at the wall...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner-
>>>>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>
>>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>>> working correctly (the Mailborder server) and compare the configs
>>>>>> on the Mailborder server to yours. This will at least eliminate
>>>>>> the Mailscanner configuration variable from the equation.
>>>>>>>
>>>>>>> -
>>>>>>> Jerry Benton
>>>>>>> www.mailborder.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>>> <***@vgt.net>
>>>>>> wrote:
>>>>>>>>
>>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>>> again,
>>>>>> everything works except filename checking. The only thing I
>>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>>
>>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>>> any
>>>>>> light.
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>>
>>
>> --
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner devel

Jerry Benton

2015-02-24 19:24:47 UTC

Permalink

That doesn’t necessarily mean webmin is causing the problem on you vanilla MailScanner server. I would compare the configs between the two servers. Or just use the Mailborder server. Hell of a lot easier to manage.

-
Jerry Benton
www.mailborder.com

> On Feb 24, 2015, at 1:45 PM, James Nelson <***@vgt.net> wrote:
>
> Webmin is installed on MailScanner server...which doesn't work. It's not installed on the MailBorder server, however, which DOES work.
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Tuesday, February 24, 2015 12:21 PM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Webmin is not recommended in the event that it changes file permissions or modifies the firewall, which the Mailborder scripts handle. It will work, until webmin breaks it.
>
> So you are saying the Mailborder install does not work for filename checking and blocking? If so, you are doing something wrong somewhere on both the vanilla MailScanner and Mailborder controlled MailScanner. The Mailborder controlled version should work on a default install.
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 24, 2015, at 12:44 PM, James Nelson <***@vgt.net> wrote:
>>
>> It did, and I've tried copying over the filename\type rules (modifying
>> the names and paths of course) and it doesn't work
>>
>> Now...in the MailBorder configuration, it stated not to install WebMin...which I do have running on the original MailScanner server...could that be causing a problem? I didn't think it was since virus scanning, spam scoring, etc-- all work. Basically everything except attachment checking\blocking seems to be in good shape.
>>
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info
>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry
>> Benton
>> Sent: Tuesday, February 24, 2015 11:14 AM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>>
>>
>>
>>> On Feb 24, 2015, at 11:28 AM, James Nelson <***@vgt.net> wrote:
>>>
>>> Hi Glenn,
>>>
>>> I ran that test and got the exact result you did, which is either
>>> good or very bad, because it's still not working :)
>>>
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>> Glenn Steen
>>> Sent: Tuesday, February 24, 2015 9:55 AM
>>> To: MailScanner discussion
>>> Subject: Re: Filename Restrictions Not working
>>>
>>> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
>>> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>>>
>>> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
>>> -bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
>>> With sender = ***@example.net
>>> recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
>>> -bash-4.2$
>>>
>>>
>>> Check the syntax with "MailScanner --help".
>>>
>>> Seems to me that the ruleset is borked, the actual filenames aren't
>>> read, or there still resida a postfix instance that don't have the
>>> correct HOLD thingy on your system... In decreasing order of
>>> probability;-)
>>>
>>> Cheers
>>> --
>>> -- Glenn
>>>
>>> On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
>>>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>>>> blocked filetype, it just doesn't do anything about it during mail
>>>> scanning. I had the thought that my rules files had permissions
>>>> problems, but I made them readable for everyone just to be sure.
>>>>
>>>> I have the group as Apache as part of the configuration for MailWatch.
>>>>
>>>>
>>>>
>>>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>>>>
>>>> I see you have run as user/group set to postfix/apache... When
>>>> you've done your lint and debug runs, did you do them as postfix user or root?
>>>> My guess is that the rule file for filenames might not be readable
>>>> to the postfix user.
>>>>
>>>> Cheers!
>>>> --
>>>> -- Glenn
>>>>
>>>> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>>>>
>>>>>
>>>>> Sorry about that, I thought I set it to public. Try again :).
>>>>>
>>>>> Jerry, I'm building a Mailborder server now to test.
>>>>>
>>>>>
>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>>> Kevin Miller
>>>>> Sent: Monday, February 23, 2015 2:20 PM
>>>>> To: 'MailScanner discussion'
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> It said this "This is a private paste. If you created this paste,
>>>>> please login to view it." I couldn't see it.
>>>>>
>>>>> If there's anything that needs to be munged (like your watermark),
>>>>> just edit that before posting and make it a public post.
>>>>>
>>>>> ...Kevin
>>>>> --
>>>>> Kevin Miller
>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>> 155 South Seward Street
>>>>> Juneau, Alaska 99801
>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>> 307357
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>> James Nelson
>>>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>>>> To: MailScanner discussion
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> Kevin,
>>>>>>
>>>>>> Here's my complete MailScanner.conf:
>>>>>>
>>>>>> http://pastebin.com/ci9dz8iL
>>>>>>
>>>>>> Jerry:
>>>>>>
>>>>>> I changed default to *@* this morning in the course of my, "did
>>>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>>>
>>>>>> I'm not applying any configuration via conf.d at the moment...if I
>>>>>> were to do that, would it supersede anything in MailScanner.conf?
>>>>>>
>>>>>>
>>>>>>
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>> Kevin Miller
>>>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>>>> To: 'MailScanner discussion'
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>>>> guessing something in there is wonky.
>>>>>>
>>>>>> ...Kevin
>>>>>> --
>>>>>> Kevin Miller
>>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>>> 155 South Seward Street
>>>>>> Juneau, Alaska 99801
>>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>>> 307357
>>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>>> James Nelson
>>>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>
>>>>>>> Well, an interesting update...
>>>>>>>
>>>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>>>>>>> follows:
>>>>>>>
>>>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>>>> \.chm$
>>>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$
>>>>>>> \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>>>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>>>
>>>>>>> When running MailScanner --lint now, it DOES detect eicar.com as
>>>>>>> a blocked filetype. However, it's still allowing blocked
>>>>>>> filetypes through ?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>>> Jerry Benton
>>>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>
>>>>>>> Its not beta anymore. (The RPM package.)
>>>>>>>
>>>>>>> -
>>>>>>> Jerry Benton
>>>>>>> www.mailborder.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>>>
>>>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>>>> something
>>>>>>> else at the wall...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>> [mailto:mailscanner-
>>>>>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>>
>>>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>>>> working correctly (the Mailborder server) and compare the configs
>>>>>>> on the Mailborder server to yours. This will at least eliminate
>>>>>>> the Mailscanner configuration variable from the equation.
>>>>>>>>
>>>>>>>> -
>>>>>>>> Jerry Benton
>>>>>>>> www.mailborder.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>>>> <***@vgt.net>
>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>>>> again,
>>>>>>> everything works except filename checking. The only thing I
>>>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>>>
>>>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>>>> any
>>>>>>> light.
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>>
>>>
>>> --
>>> -- Glenn
>>> email: glenn < dot > steen < at > gmail < dot > com
>>> work: glenn < dot > steen < at > ap1 < dot > se
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner de

James Nelson

2015-02-24 21:32:22 UTC

Permalink

That's what we are now doing...I've put enough time into it, I have to admit defeat. If anyone thinks of anything else, I can give it a shot...but for now it is MailBorder.

Jerry, I noticed that when I signed up for the "community" license, it had a 6 month limit...is that a "trial" period?

“a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Tuesday, February 24, 2015 1:25 PM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

That doesn’t necessarily mean webmin is causing the problem on you vanilla MailScanner server. I would compare the configs between the two servers. Or just use the Mailborder server. Hell of a lot easier to manage.

-
Jerry Benton
www.mailborder.com

> On Feb 24, 2015, at 1:45 PM, James Nelson <***@vgt.net> wrote:
>
> Webmin is installed on MailScanner server...which doesn't work. It's not installed on the MailBorder server, however, which DOES work.
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info
> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry
> Benton
> Sent: Tuesday, February 24, 2015 12:21 PM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Webmin is not recommended in the event that it changes file permissions or modifies the firewall, which the Mailborder scripts handle. It will work, until webmin breaks it.
>
> So you are saying the Mailborder install does not work for filename checking and blocking? If so, you are doing something wrong somewhere on both the vanilla MailScanner and Mailborder controlled MailScanner. The Mailborder controlled version should work on a default install.
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 24, 2015, at 12:44 PM, James Nelson <***@vgt.net> wrote:
>>
>> It did, and I've tried copying over the filename\type rules
>> (modifying the names and paths of course) and it doesn't work
>>
>> Now...in the MailBorder configuration, it stated not to install WebMin...which I do have running on the original MailScanner server...could that be causing a problem? I didn't think it was since virus scanning, spam scoring, etc-- all work. Basically everything except attachment checking\blocking seems to be in good shape.
>>
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info
>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>> Jerry Benton
>> Sent: Tuesday, February 24, 2015 11:14 AM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>>
>>
>>
>>> On Feb 24, 2015, at 11:28 AM, James Nelson <***@vgt.net> wrote:
>>>
>>> Hi Glenn,
>>>
>>> I ran that test and got the exact result you did, which is either
>>> good or very bad, because it's still not working :)
>>>
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>> Glenn Steen
>>> Sent: Tuesday, February 24, 2015 9:55 AM
>>> To: MailScanner discussion
>>> Subject: Re: Filename Restrictions Not working
>>>
>>> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
>>> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>>>
>>> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
>>> -bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
>>> With sender = ***@example.net
>>> recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
>>> -bash-4.2$
>>>
>>>
>>> Check the syntax with "MailScanner --help".
>>>
>>> Seems to me that the ruleset is borked, the actual filenames aren't
>>> read, or there still resida a postfix instance that don't have the
>>> correct HOLD thingy on your system... In decreasing order of
>>> probability;-)
>>>
>>> Cheers
>>> --
>>> -- Glenn
>>>
>>> On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
>>>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>>>> blocked filetype, it just doesn't do anything about it during mail
>>>> scanning. I had the thought that my rules files had permissions
>>>> problems, but I made them readable for everyone just to be sure.
>>>>
>>>> I have the group as Apache as part of the configuration for MailWatch.
>>>>
>>>>
>>>>
>>>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>>>>
>>>> I see you have run as user/group set to postfix/apache... When
>>>> you've done your lint and debug runs, did you do them as postfix user or root?
>>>> My guess is that the rule file for filenames might not be readable
>>>> to the postfix user.
>>>>
>>>> Cheers!
>>>> --
>>>> -- Glenn
>>>>
>>>> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>>>>
>>>>>
>>>>> Sorry about that, I thought I set it to public. Try again :).
>>>>>
>>>>> Jerry, I'm building a Mailborder server now to test.
>>>>>
>>>>>
>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>>> Kevin Miller
>>>>> Sent: Monday, February 23, 2015 2:20 PM
>>>>> To: 'MailScanner discussion'
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> It said this "This is a private paste. If you created this paste,
>>>>> please login to view it." I couldn't see it.
>>>>>
>>>>> If there's anything that needs to be munged (like your watermark),
>>>>> just edit that before posting and make it a public post.
>>>>>
>>>>> ...Kevin
>>>>> --
>>>>> Kevin Miller
>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>> 155 South Seward Street
>>>>> Juneau, Alaska 99801
>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>> 307357
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>> James Nelson
>>>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>>>> To: MailScanner discussion
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> Kevin,
>>>>>>
>>>>>> Here's my complete MailScanner.conf:
>>>>>>
>>>>>> http://pastebin.com/ci9dz8iL
>>>>>>
>>>>>> Jerry:
>>>>>>
>>>>>> I changed default to *@* this morning in the course of my, "did
>>>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>>>
>>>>>> I'm not applying any configuration via conf.d at the moment...if
>>>>>> I were to do that, would it supersede anything in MailScanner.conf?
>>>>>>
>>>>>>
>>>>>>
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>> Kevin Miller
>>>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>>>> To: 'MailScanner discussion'
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>>>> guessing something in there is wonky.
>>>>>>
>>>>>> ...Kevin
>>>>>> --
>>>>>> Kevin Miller
>>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>>> 155 South Seward Street
>>>>>> Juneau, Alaska 99801
>>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>>> 307357
>>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf
>>>>>>> Of James Nelson
>>>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>
>>>>>>> Well, an interesting update...
>>>>>>>
>>>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is
>>>>>>> as
>>>>>>> follows:
>>>>>>>
>>>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>>>> \.chm$
>>>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$
>>>>>>> \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$
>>>>>>> \.s{10,}
>>>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>>>
>>>>>>> When running MailScanner --lint now, it DOES detect eicar.com as
>>>>>>> a blocked filetype. However, it's still allowing blocked
>>>>>>> filetypes through ?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf
>>>>>>> Of Jerry Benton
>>>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>
>>>>>>> Its not beta anymore. (The RPM package.)
>>>>>>>
>>>>>>> -
>>>>>>> Jerry Benton
>>>>>>> www.mailborder.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson
>>>>>>>> <***@vgt.net>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>>>
>>>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>>>> something
>>>>>>> else at the wall...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>> [mailto:mailscanner-
>>>>>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>>
>>>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>>>> working correctly (the Mailborder server) and compare the
>>>>>>> configs on the Mailborder server to yours. This will at least
>>>>>>> eliminate the Mailscanner configuration variable from the equation.
>>>>>>>>
>>>>>>>> -
>>>>>>>> Jerry Benton
>>>>>>>> www.mailborder.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>>>> <***@vgt.net>
>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>>>> again,
>>>>>>> everything works except filename checking. The only thing I
>>>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>>>
>>>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>>>> any
>>>>>>> light.
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>>
>>>
>>> --
>>> -- Glenn
>>> email: glenn < dot > steen < at > gmail < dot > com
>>> work: glenn < dot > steen < at > ap1 < dot > se
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the

Jerry Benton

2015-02-24 22:21:55 UTC

Permalink

No. When v5 comes out in a month or so you won't need a license for the community edition. if it does expire before I get v5 out, you can renew it for free.

-
Jerry Benton
www.mailborder.com
Sent from my iPhone

> On Feb 24, 2015, at 16:32, James Nelson <***@vgt.net> wrote:
>
> That's what we are now doing...I've put enough time into it, I have to admit defeat. If anyone thinks of anything else, I can give it a shot...but for now it is MailBorder.
>
> Jerry, I noticed that when I signed up for the "community" license, it had a 6 month limit...is that a "trial" period?
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Tuesday, February 24, 2015 1:25 PM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> That doesn’t necessarily mean webmin is causing the problem on you vanilla MailScanner server. I would compare the configs between the two servers. Or just use the Mailborder server. Hell of a lot easier to manage.
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 24, 2015, at 1:45 PM, James Nelson <***@vgt.net> wrote:
>>
>> Webmin is installed on MailScanner server...which doesn't work. It's not installed on the MailBorder server, however, which DOES work.
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info
>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry
>> Benton
>> Sent: Tuesday, February 24, 2015 12:21 PM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> Webmin is not recommended in the event that it changes file permissions or modifies the firewall, which the Mailborder scripts handle. It will work, until webmin breaks it.
>>
>> So you are saying the Mailborder install does not work for filename checking and blocking? If so, you are doing something wrong somewhere on both the vanilla MailScanner and Mailborder controlled MailScanner. The Mailborder controlled version should work on a default install.
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>>
>>
>>
>>> On Feb 24, 2015, at 12:44 PM, James Nelson <***@vgt.net> wrote:
>>>
>>> It did, and I've tried copying over the filename\type rules
>>> (modifying the names and paths of course) and it doesn't work
>>>
>>> Now...in the MailBorder configuration, it stated not to install WebMin...which I do have running on the original MailScanner server...could that be causing a problem? I didn't think it was since virus scanning, spam scoring, etc-- all work. Basically everything except attachment checking\blocking seems to be in good shape.
>>>
>>>
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>> Jerry Benton
>>> Sent: Tuesday, February 24, 2015 11:14 AM
>>> To: MailScanner discussion
>>> Subject: Re: Filename Restrictions Not working
>>>
>>> Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?
>>>
>>> -
>>> Jerry Benton
>>> www.mailborder.com
>>>
>>>
>>>
>>>> On Feb 24, 2015, at 11:28 AM, James Nelson <***@vgt.net> wrote:
>>>>
>>>> Hi Glenn,
>>>>
>>>> I ran that test and got the exact result you did, which is either
>>>> good or very bad, because it's still not working :)
>>>>
>>>>
>>>>
>>>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>> Glenn Steen
>>>> Sent: Tuesday, February 24, 2015 9:55 AM
>>>> To: MailScanner discussion
>>>> Subject: Re: Filename Restrictions Not working
>>>>
>>>> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
>>>> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>>>>
>>>> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
>>>> -bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
>>>> With sender = ***@example.net
>>>> recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
>>>> -bash-4.2$
>>>>
>>>>
>>>> Check the syntax with "MailScanner --help".
>>>>
>>>> Seems to me that the ruleset is borked, the actual filenames aren't
>>>> read, or there still resida a postfix instance that don't have the
>>>> correct HOLD thingy on your system... In decreasing order of
>>>> probability;-)
>>>>
>>>> Cheers
>>>> --
>>>> -- Glenn
>>>>
>>>>> On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
>>>>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>>>>> blocked filetype, it just doesn't do anything about it during mail
>>>>> scanning. I had the thought that my rules files had permissions
>>>>> problems, but I made them readable for everyone just to be sure.
>>>>>
>>>>> I have the group as Apache as part of the configuration for MailWatch.
>>>>>
>>>>>
>>>>>
>>>>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>>>>>
>>>>> I see you have run as user/group set to postfix/apache... When
>>>>> you've done your lint and debug runs, did you do them as postfix user or root?
>>>>> My guess is that the rule file for filenames might not be readable
>>>>> to the postfix user.
>>>>>
>>>>> Cheers!
>>>>> --
>>>>> -- Glenn
>>>>>
>>>>> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>>>>>
>>>>>>
>>>>>> Sorry about that, I thought I set it to public. Try again :).
>>>>>>
>>>>>> Jerry, I'm building a Mailborder server now to test.
>>>>>>
>>>>>>
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>>>> Kevin Miller
>>>>>> Sent: Monday, February 23, 2015 2:20 PM
>>>>>> To: 'MailScanner discussion'
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> It said this "This is a private paste. If you created this paste,
>>>>>> please login to view it." I couldn't see it.
>>>>>>
>>>>>> If there's anything that needs to be munged (like your watermark),
>>>>>> just edit that before posting and make it a public post.
>>>>>>
>>>>>> ...Kevin
>>>>>> --
>>>>>> Kevin Miller
>>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>>> 155 South Seward Street
>>>>>> Juneau, Alaska 99801
>>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>>> 307357
>>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>>> James Nelson
>>>>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>
>>>>>>> Kevin,
>>>>>>>
>>>>>>> Here's my complete MailScanner.conf:
>>>>>>>
>>>>>>> http://pastebin.com/ci9dz8iL
>>>>>>>
>>>>>>> Jerry:
>>>>>>>
>>>>>>> I changed default to *@* this morning in the course of my, "did
>>>>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>>>>
>>>>>>> I'm not applying any configuration via conf.d at the moment...if
>>>>>>> I were to do that, would it supersede anything in MailScanner.conf?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>>> Kevin Miller
>>>>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>>>>> To: 'MailScanner discussion'
>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>
>>>>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>>>>> guessing something in there is wonky.
>>>>>>>
>>>>>>> ...Kevin
>>>>>>> --
>>>>>>> Kevin Miller
>>>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>>>> 155 South Seward Street
>>>>>>> Juneau, Alaska 99801
>>>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>>>> 307357
>>>>>>>
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf
>>>>>>>> Of James Nelson
>>>>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>>
>>>>>>>> Well, an interesting update...
>>>>>>>>
>>>>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is
>>>>>>>> as
>>>>>>>> follows:
>>>>>>>>
>>>>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>>>>> \.chm$
>>>>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$
>>>>>>>> \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$
>>>>>>>> \.s{10,}
>>>>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>>>>
>>>>>>>> When running MailScanner --lint now, it DOES detect eicar.com as
>>>>>>>> a blocked filetype. However, it's still allowing blocked
>>>>>>>> filetypes through ?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf
>>>>>>>> Of Jerry Benton
>>>>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>>
>>>>>>>> Its not beta anymore. (The RPM package.)
>>>>>>>>
>>>>>>>> -
>>>>>>>> Jerry Benton
>>>>>>>> www.mailborder.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson
>>>>>>>>> <***@vgt.net>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>>>>
>>>>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>>>>> something
>>>>>>>> else at the wall...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>>> [mailto:mailscanner-
>>>>>>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>>>>> To: MailScanner discussion
>>>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>>>
>>>>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>>>>> working correctly (the Mailborder server) and compare the
>>>>>>>> configs on the Mailborder server to yours. This will at least
>>>>>>>> eliminate the Mailscanner configuration variable from the equation.
>>>>>>>>>
>>>>>>>>> -
>>>>>>>>> Jerry Benton
>>>>>>>>> www.mailborder.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>>>>> <***@vgt.net>
>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>>>>> again,
>>>>>>>> everything works except filename checking. The only thing I
>>>>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>>>>
>>>>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>>>>> any
>>>>>>>> light.
>>>>>>>>>> --
>>>>>>>>>> MailScanner mailing list
>>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>>
>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>>
>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>>
>>>> --
>>>> -- Glenn
>>>> email: glenn < dot > steen < at > gmail < dot > com
>>>> work: glenn < dot > steen < at > ap1 < dot > se
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy

Glenn Steen

2015-02-25 08:45:21 UTC

Permalink

just a quick question about WebMin... Did you install the MailScanner
webmin thing? That is, to my knowledge, hideously out of date and
shouldn't be used. Webmin as such, as long as it doesn't futz with
postfix or MailScanner should be ok...
If you like, and trust us enough, we could have a look at the actual
machine (via SSH or somesuch). I've done that a few times, and I know
Jules did so rather more frequently... I'd understand if you'd find
that approach less than interresting:-)

Cheers!

On 24 February 2015 at 23:21, Jerry Benton <***@mailborder.com> wrote:
> No. When v5 comes out in a month or so you won't need a license for the community edition. if it does expire before I get v5 out, you can renew it for free.
>
> -
> Jerry Benton
> www.mailborder.com
> Sent from my iPhone
>
>> On Feb 24, 2015, at 16:32, James Nelson <***@vgt.net> wrote:
>>
>> That's what we are now doing...I've put enough time into it, I have to admit defeat. If anyone thinks of anything else, I can give it a shot...but for now it is MailBorder.
>>
>> Jerry, I noticed that when I signed up for the "community" license, it had a 6 month limit...is that a "trial" period?
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
>> Sent: Tuesday, February 24, 2015 1:25 PM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> That doesn’t necessarily mean webmin is causing the problem on you vanilla MailScanner server. I would compare the configs between the two servers. Or just use the Mailborder server. Hell of a lot easier to manage.
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>>
>>
>>
>>> On Feb 24, 2015, at 1:45 PM, James Nelson <***@vgt.net> wrote:
>>>
>>> Webmin is installed on MailScanner server...which doesn't work. It's not installed on the MailBorder server, however, which DOES work.
>>>
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry
>>> Benton
>>> Sent: Tuesday, February 24, 2015 12:21 PM
>>> To: MailScanner discussion
>>> Subject: Re: Filename Restrictions Not working
>>>
>>> Webmin is not recommended in the event that it changes file permissions or modifies the firewall, which the Mailborder scripts handle. It will work, until webmin breaks it.
>>>
>>> So you are saying the Mailborder install does not work for filename checking and blocking? If so, you are doing something wrong somewhere on both the vanilla MailScanner and Mailborder controlled MailScanner. The Mailborder controlled version should work on a default install.
>>>
>>> -
>>> Jerry Benton
>>> www.mailborder.com
>>>
>>>
>>>
>>>> On Feb 24, 2015, at 12:44 PM, James Nelson <***@vgt.net> wrote:
>>>>
>>>> It did, and I've tried copying over the filename\type rules
>>>> (modifying the names and paths of course) and it doesn't work
>>>>
>>>> Now...in the MailBorder configuration, it stated not to install WebMin...which I do have running on the original MailScanner server...could that be causing a problem? I didn't think it was since virus scanning, spam scoring, etc-- all work. Basically everything except attachment checking\blocking seems to be in good shape.
>>>>
>>>>
>>>>
>>>>
>>>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: mailscanner-***@lists.mailscanner.info
>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>> Jerry Benton
>>>> Sent: Tuesday, February 24, 2015 11:14 AM
>>>> To: MailScanner discussion
>>>> Subject: Re: Filename Restrictions Not working
>>>>
>>>> Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?
>>>>
>>>> -
>>>> Jerry Benton
>>>> www.mailborder.com
>>>>
>>>>
>>>>
>>>>> On Feb 24, 2015, at 11:28 AM, James Nelson <***@vgt.net> wrote:
>>>>>
>>>>> Hi Glenn,
>>>>>
>>>>> I ran that test and got the exact result you did, which is either
>>>>> good or very bad, because it's still not working :)
>>>>>
>>>>>
>>>>>
>>>>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>>> Glenn Steen
>>>>> Sent: Tuesday, February 24, 2015 9:55 AM
>>>>> To: MailScanner discussion
>>>>> Subject: Re: Filename Restrictions Not working
>>>>>
>>>>> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
>>>>> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>>>>>
>>>>> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
>>>>> -bash-4.2$ MailScanner --value=filenamerules --from=***@example.net --to=***@yourdomain.com Looked up internal option name "filenamerules"
>>>>> With sender = ***@example.net
>>>>> recipient = ***@yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
>>>>> -bash-4.2$
>>>>>
>>>>>
>>>>> Check the syntax with "MailScanner --help".
>>>>>
>>>>> Seems to me that the ruleset is borked, the actual filenames aren't
>>>>> read, or there still resida a postfix instance that don't have the
>>>>> correct HOLD thingy on your system... In decreasing order of
>>>>> probability;-)
>>>>>
>>>>> Cheers
>>>>> --
>>>>> -- Glenn
>>>>>
>>>>>> On 24 February 2015 at 14:22, James Nelson <***@vgt.net> wrote:
>>>>>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>>>>>> blocked filetype, it just doesn't do anything about it during mail
>>>>>> scanning. I had the thought that my rules files had permissions
>>>>>> problems, but I made them readable for everyone just to be sure.
>>>>>>
>>>>>> I have the group as Apache as part of the configuration for MailWatch.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <***@gmail.com> wrote:
>>>>>>
>>>>>> I see you have run as user/group set to postfix/apache... When
>>>>>> you've done your lint and debug runs, did you do them as postfix user or root?
>>>>>> My guess is that the rule file for filenames might not be readable
>>>>>> to the postfix user.
>>>>>>
>>>>>> Cheers!
>>>>>> --
>>>>>> -- Glenn
>>>>>>
>>>>>> Den 23 feb 2015 22:09 skrev "James Nelson" <***@vgt.net>:
>>>>>>>
>>>>>>>
>>>>>>> Sorry about that, I thought I set it to public. Try again :).
>>>>>>>
>>>>>>> Jerry, I'm building a Mailborder server now to test.
>>>>>>>
>>>>>>>
>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>> [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of
>>>>>>> Kevin Miller
>>>>>>> Sent: Monday, February 23, 2015 2:20 PM
>>>>>>> To: 'MailScanner discussion'
>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>
>>>>>>> It said this "This is a private paste. If you created this paste,
>>>>>>> please login to view it." I couldn't see it.
>>>>>>>
>>>>>>> If there's anything that needs to be munged (like your watermark),
>>>>>>> just edit that before posting and make it a public post.
>>>>>>>
>>>>>>> ...Kevin
>>>>>>> --
>>>>>>> Kevin Miller
>>>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>>>> 155 South Seward Street
>>>>>>> Juneau, Alaska 99801
>>>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>>>> 307357
>>>>>>>
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>>>> James Nelson
>>>>>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>>
>>>>>>>> Kevin,
>>>>>>>>
>>>>>>>> Here's my complete MailScanner.conf:
>>>>>>>>
>>>>>>>> http://pastebin.com/ci9dz8iL
>>>>>>>>
>>>>>>>> Jerry:
>>>>>>>>
>>>>>>>> I changed default to *@* this morning in the course of my, "did
>>>>>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>>>>>
>>>>>>>> I'm not applying any configuration via conf.d at the moment...if
>>>>>>>> I were to do that, would it supersede anything in MailScanner.conf?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf Of
>>>>>>>> Kevin Miller
>>>>>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>>>>>> To: 'MailScanner discussion'
>>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>>
>>>>>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>>>>>> guessing something in there is wonky.
>>>>>>>>
>>>>>>>> ...Kevin
>>>>>>>> --
>>>>>>>> Kevin Miller
>>>>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>>>>> 155 South Seward Street
>>>>>>>> Juneau, Alaska 99801
>>>>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>>>>> 307357
>>>>>>>>
>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf
>>>>>>>>> Of James Nelson
>>>>>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>>>>>> To: MailScanner discussion
>>>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>>>
>>>>>>>>> Well, an interesting update...
>>>>>>>>>
>>>>>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is
>>>>>>>>> as
>>>>>>>>> follows:
>>>>>>>>>
>>>>>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>>>>>> \.chm$
>>>>>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$
>>>>>>>>> \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$
>>>>>>>>> \.s{10,}
>>>>>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>>>>>
>>>>>>>>> When running MailScanner --lint now, it DOES detect eicar.com as
>>>>>>>>> a blocked filetype. However, it's still allowing blocked
>>>>>>>>> filetypes through ?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>>> [mailto:mailscanner- ***@lists.mailscanner.info] On Behalf
>>>>>>>>> Of Jerry Benton
>>>>>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>>>>>> To: MailScanner discussion
>>>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>>>
>>>>>>>>> Its not beta anymore. (The RPM package.)
>>>>>>>>>
>>>>>>>>> -
>>>>>>>>> Jerry Benton
>>>>>>>>> www.mailborder.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson
>>>>>>>>>> <***@vgt.net>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>>>>>
>>>>>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>>>>>> something
>>>>>>>>> else at the wall...
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> -----Original Message-----
>>>>>>>>>> From: mailscanner-***@lists.mailscanner.info
>>>>>>>>>> [mailto:mailscanner-
>>>>>>>>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>>>>>> To: MailScanner discussion
>>>>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>>>>
>>>>>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>>>>>> working correctly (the Mailborder server) and compare the
>>>>>>>>> configs on the Mailborder server to yours. This will at least
>>>>>>>>> eliminate the Mailscanner configuration variable from the equation.
>>>>>>>>>>
>>>>>>>>>> -
>>>>>>>>>> Jerry Benton
>>>>>>>>>> www.mailborder.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>>>>>> <***@vgt.net>
>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>>>>>> again,
>>>>>>>>> everything works except filename checking. The only thing I
>>>>>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>>>>>
>>>>>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>>>>>> any
>>>>>>>>> light.
>>>>>>>>>>> --
>>>>>>>>>>> MailScanner mailing list
>>>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>>>
>>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>>>
>>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> MailScanner mailing list
>>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>>
>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>>
>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>> --
>>>>>>>>>> MailScanner mailing list
>>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>>
>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>>
>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> ***@lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> ***@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> ***@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> ***@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> -- Glenn
>>>>> email: glenn < dot > steen < at > gmail < dot > com
>>>>> work: glenn < dot > steen < at > ap1 < dot > se
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> ***@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the b

Jeremy McSpadden

2015-02-23 20:20:38 UTC

Permalink

pastebin message is set to private

--
Jeremy McSpadden
Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions
Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955

On Feb 23, 2015, at 1:51 PM, James Nelson <***@vgt.net<mailto:***@vgt.net>> wrote:

Kevin,

Here's my complete MailScanner.conf:

http://pastebin.com/ci9dz8iL

Jerry:

I changed default to *@* this morning in the course of my, "did that work? No, okay, how about this," but the result was the same regardless.

I'm not applying any configuration via conf.d at the moment...if I were to do that, would it supersede anything in MailScanner.conf?

âa rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.â

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Monday, February 23, 2015 12:50 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Maybe you could post your MailScanner.conf to pastebin. I'm guessing something in there is wonky.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
***@lists.mailscanner.info] On Behalf Of James Nelson
Sent: Monday, February 23, 2015 9:26 AM
To: MailScanner discussion
Subject: RE: Filename Restrictions Not working

Well, an interesting update...

I changed up my approach, and pointed the Deny Filenames = in
MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
follows:

To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
\.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ \.sct$
\.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ \.mau$
\.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$ \.com$
\.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
\.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$

When running MailScanner --lint now, it DOES detect eicar.com as a
blocked filetype. However, it's still allowing blocked filetypes
through ?

âa rockpile ceases to be a rockpile the moment a single man
contemplates it, bearing within him the image of a cathedral.â

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
***@lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Sunday, February 22, 2015 4:11 PM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Its not beta anymore. (The RPM package.)

-
Jerry Benton
www.mailborder.com

On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
wrote:

I will try that tomorrow...i'm about out of other ideas.

I suppose I could also try the new MS beta, just to throw something
else at the wall...

âa rockpile ceases to be a rockpile the moment a single man
contemplates it, bearing within him the image of a cathedral.â

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info
[mailto:mailscanner-
***@lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Saturday, February 21, 2015 5:54 AM
To: MailScanner discussion
Subject: Re: Filename Restrictions Not working

Iâm not pimping my product, but I would suggest you install a
Mailborder server for a comparison test. Check to see if it is working
correctly (the Mailborder server) and compare the configs on the
Mailborder server to yours. This will at least eliminate the
Mailscanner configuration variable from the equation.

-
Jerry Benton
www.mailborder.com

On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
wrote:

Sigh, built a brand new MailScanner box from scratch...once again,
everything works except filename checking. The only thing I changed
was to disallow zip files(just changed allow to deny in
filenames.rules.conf) and it still lets it all through.

It just doesn't seem to want to work, with no errors to shed any
light.
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Jerry Benton

2015-02-23 20:28:02 UTC

Permalink

Yes, you do not have to edit MailScanner.conf directly at all. You can put your settings in a con file in the ./conf.d directory.

-
Jerry Benton
www.mailborder.com

> On Feb 23, 2015, at 2:51 PM, James Nelson <***@vgt.net> wrote:
>
> Kevin,
>
> Here's my complete MailScanner.conf:
>
> http://pastebin.com/ci9dz8iL
>
> Jerry:
>
> I changed default to *@* this morning in the course of my, "did that work? No, okay, how about this," but the result was the same regardless.
>
> I'm not applying any configuration via conf.d at the moment...if I were to do that, would it supersede anything in MailScanner.conf?
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
> Sent: Monday, February 23, 2015 12:50 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> Maybe you could post your MailScanner.conf to pastebin. I'm guessing something in there is wonky.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
>
>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
>> ***@lists.mailscanner.info] On Behalf Of James Nelson
>> Sent: Monday, February 23, 2015 9:26 AM
>> To: MailScanner discussion
>> Subject: RE: Filename Restrictions Not working
>>
>> Well, an interesting update...
>>
>> I changed up my approach, and pointed the Deny Filenames = in
>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>> follows:
>>
>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$
>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ \.sct$
>> \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ \.mau$
>> \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$ \.com$
>> \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>
>> When running MailScanner --lint now, it DOES detect eicar.com as a
>> blocked filetype. However, it's still allowing blocked filetypes
>> through ?
>>
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man
>> contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-
>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>> Sent: Sunday, February 22, 2015 4:11 PM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> Its not beta anymore. (The RPM package.)
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>>
>>
>>
>>> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net>
>> wrote:
>>>
>>> I will try that tomorrow...i'm about out of other ideas.
>>>
>>> I suppose I could also try the new MS beta, just to throw something
>> else at the wall...
>>>
>>>
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man
>> contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-***@lists.mailscanner.info
>>> [mailto:mailscanner-
>> ***@lists.mailscanner.info] On Behalf Of Jerry Benton
>>> Sent: Saturday, February 21, 2015 5:54 AM
>>> To: MailScanner discussion
>>> Subject: Re: Filename Restrictions Not working
>>>
>>> I’m not pimping my product, but I would suggest you install a
>> Mailborder server for a comparison test. Check to see if it is working
>> correctly (the Mailborder server) and compare the configs on the
>> Mailborder server to yours. This will at least eliminate the
>> Mailscanner configuration variable from the equation.
>>>
>>> -
>>> Jerry Benton
>>> www.mailborder.com
>>>
>>>
>>>
>>>> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net>
>> wrote:
>>>>
>>>> Sigh, built a brand new MailScanner box from scratch...once again,
>> everything works except filename checking. The only thing I changed
>> was to disallow zip files(just changed allow to deny in
>> filenames.rules.conf) and it still lets it all through.
>>>>
>>>> It just doesn't seem to want to work, with no errors to shed any
>> light.
>>>> --
>>>> MailScanner mailing list
>>>> ***@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScan

Jerry Benton

2015-02-23 19:18:05 UTC

Permalink

I mentioned Mailborder earlier because after I wrote everything I kind of forgot about it, but here is an example using one domain and a default ruleset. Keep in mind this isn’t using MailScanner default file names. This is how rulesets should be used.

The MailScanner.conf reads the custom configuration file ./conf.d/mailborder.conf which then defines this file: /etc/MailScanner/frules/filename.rules for Filename rules which contains this:

# Domain Policies
FromOrTo: linuxref.com /etc/MailScanner/frules/linuxref.com.fn.conf
FromOrTo: default /etc/MailScanner/frules/default.fn.rules.conf

The default.fn.rules.conf contains this, which I am truncating for brevity:

deny \.bak$ - -
allow \.bz2$ - -
deny \{[a-hA-H0-9-]{25,}\} - -
allow \.Z$ - -
deny \s{10,} - -
deny \.fdf$ - -
allow \.(mon|tue|wed|thu|fri|sat|sun)\.[a-z0-9]{3}$ - -
allow \.x\d+\.rel$ - -

So, it looks like your use of *@* is incorrect and should be “default”.

-
Jerry Benton
www.mailborder.com

> On Feb 23, 2015, at 1:26 PM, James Nelson <***@vgt.net> wrote:
>
> Well, an interesting update...
>
> I changed up my approach, and pointed the Deny Filenames = in MailScanner.conf to %rules-dir%/filename_deny.rules , which is as follows:
>
> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$ \.chm$ \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,} \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$
>
> When running MailScanner --lint now, it DOES detect eicar.com as a blocked filetype. However, it's still allowing blocked filetypes through ?
>
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Sunday, February 22, 2015 4:11 PM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Its not beta anymore. (The RPM package.)
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 22, 2015, at 4:33 PM, James Nelson <***@vgt.net> wrote:
>>
>> I will try that tomorrow...i'm about out of other ideas.
>>
>> I suppose I could also try the new MS beta, just to throw something else at the wall...
>>
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Jerry Benton
>> Sent: Saturday, February 21, 2015 5:54 AM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> I’m not pimping my product, but I would suggest you install a Mailborder server for a comparison test. Check to see if it is working correctly (the Mailborder server) and compare the configs on the Mailborder server to yours. This will at least eliminate the Mailscanner configuration variable from the equation.
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>>
>>
>>
>>> On Feb 21, 2015, at 2:29 AM, James Nelson <***@vgt.net> wrote:
>>>
>>> Sigh, built a brand new MailScanner box from scratch...once again, everything works except filename checking. The only thing I changed was to disallow zip files(just changed allow to deny in filenames.rules.conf) and it still lets it all through.
>>>
>>> It just doesn't seem to want to work, with no errors to shed any light.
>>> --
>>> MailScanner mailing list
>>> ***@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> ***@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> ***@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off th

Denis Beauchemin

2015-02-20 13:53:13 UTC

Permalink

My MailScanner --lint returns:
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
===========================================================================
Filename Checks: Fichiers COM dangereux (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED::Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

I'm running version 4.84.5 on RHEL 6.6 with a lot of Perl stuff not up to date because I put exclude=perl* in /etc/yum.conf just to make sure an update does not cause trouble.

Denis

-----Message d'origine-----
De : mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] De la part de James Nelson
Envoyé : 19 février 2015 16:19
À : MailScanner discussion
Objet : RE: Filename Restrictions Not working

One thing of note...maybe, maybe not...is that when I run MailScanner --lint , I notice this:

Filename Checks: Windows/DOS Executable (1 eicar.com) Filetype Checks: Allowing 1 eicar.com (no match found)

If my filename\type checks were working, shouldn't it be denying that type, given that I have excecutables configured (as default) to deny in my filetype.rules.conf?

"a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral."

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info [mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Wednesday, February 18, 2015 6:21 PM
To: 'MailScanner discussion'
Subject: RE: Filename Restrictions Not working

Do you have filename.rules and filetype.rules files or did you edit MailScanner.conf?

Here's my filename/type rules. They're the default. I presume they match yours.

/etc/MailScanner # cat filename.rules
From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf

/etc/MailScanner # cat filetype.rules
From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo: default /etc/MailScanner/filetype.rules.conf

/etc/MailScanner # cat filename.rules.allowall.conf
allow .* - -

A while back I was having an issue where an Office365 Word doc was getting flagged as an executable and blocked. I tried using the "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. The notes in there said that I'd have to an entry for both name and type. I set "Allow Filetypes = \.exe$" and "Allow Filenames = /[0-9a-f]{4}\.dat$/I". (I was trying to allow .dat files with a four character name composed of hexadecimal characters. Specifically 0000.dat but not limited to it.) The notes said the exception would have to match both rules to pass. It didn't. It had the odd effect of letting any .exe file through regardless of the name.

Have you tried reverting the filename.rules and filetype.rules back to the stock setting and mucking around in filename.rules.conf or filetype.rules.conf instead?

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanne