From: Joel N. <jn...@pe...> - 2005-07-26 15:33:43
|
It would appear that MYNETS isn't working either because I have bypass_banned_checks_maps => [1] in $policy_bank{'MYNETS'} and the email log below is indicating CF/MYNETS (note: CF has bypass_banned_checks_maps => [1] as well). $policy_bank{'MYNETS'} = { # mail originating from @mynetworks bypass_spam_checks_maps => [1], # Turn off spam checking for locally originated emails bypass_banned_checks_maps => [1], # Turn off banned checking for locally originated emails }; $policy_bank{'CF'} = { bypass_spam_checks_maps => [1], # Turn off spam checking for locally originated emails bypass_banned_checks_maps => [1], # Turn off banned checking for locally originated emails forward_method => 'smtp:[127.0.0.1]:10226', # forward checked mail to postfix instance that handles ContentFiltering/MailSafe notify_method => 'smtp:[127.0.0.1]:10225', # submit notifications through the usual smtp path }; Joel Nimety wrote: > Hello -- I've just upgrade to amavis-2.3.2. I'm using LDAP lookups for > per domain/user maps. I have a user who has BypassBannedChecks=TRUE set > in LDAP yet he still is having attachments blocked. I've turned up > logging for myself using $debug_sender_acl and I've sent the user an > .exe file. Here's the log. Notice that amavis successfully looks-up > BypassBannedChecks=TRUE but still performs the banned blocking. Is this > a bug? Please let me know if more information is required. Thanks. > > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP< RCPT > TO:<rc...@rc...>\r\n > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) query_keys: > rc...@rc..., rcpt@, rcptdomain.com, .rcptdomain.com, .com, . > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) > lookup_hash(rc...@rc...), no matches > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup (local_domains) > => undef, "rc...@rc..." does not match > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) query_keys: > rc...@rc..., @rcptdomain.com, @.rcptdomain.com, @.com, @. > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup_ldap > "rc...@rc...", query keys: "rc...@rc...", > "@rcptdomain.com", "@.rcptdomain.com", "@.com", "@.", base: o=na, > filter: (&(objectclass=amavisaccount)(cybalternatedomain=%m)) > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup_ldap: searching > base="o=na", scope="sub", > filter="(&(objectclass=amavisaccount)(|(cybalternatedomain=rc...@rc...)(cybalternatedomain=@rcptdomain.com)(cybalternatedomain=@.rcptdomain.com)(cybalternatedomain=@.com)(cybalternatedomain=@.)))" > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) > lookup_ldap(rc...@rc...) matches, > result=(cybalternatedomain=>"@rcptdomain.com", > amavisbypassbannedchecks=>"TRUE", amavisbypassspamchecks=>"TRUE", > amavisspamlover=>"TRUE", amavisbypassviruschecks=>"TRUE") > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) > lookup_ldap_attr(amavismessagesizelimit), no attribute, > "rc...@rc..." result=undef > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup > (message_size_limit) => undef, "rc...@rc..." does not match > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP> 250 2.1.5 > Recipient rc...@rc... OK > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP::10026 > /var/amavis/tmp/amavis-20050726T102756-32392: <se...@pe...> > -> <rc...@rc...> Received: SIZE=1685477 from > mail06.perimeterco.com ([127.0.0.1]) by localhost > (mail06.perimeterco.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP > id 32392-04 for <rc...@rc...>; Tue, 26 Jul 2005 10:29:38 -0400 (EDT) > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) Checking: EPI2-DPhWQFz > CF/MYNETS [63.76.208.2] <se...@pe...> -> <rc...@rc...> > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) > lookup_ldap_attr(amavisbypassviruschecks) "rc...@rc..." result=(1) > Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup > (bypass_virus_checks) => true, "rc...@rc..." matches, > result="1", matching_key="/cached/" > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_ldap_attr(amavisbypassheaderchecks), no attribute, > "rc...@rc..." result=undef > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) query_keys: > rc...@rc..., rcpt@, rcptdomain.com, .rcptdomain.com, .com, . > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_hash(rc...@rc...), no matches > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup > (bypass_header_checks) => undef, "rc...@rc..." does not match > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup => true, > "rc...@rc..." matches, result="1", matching_key="(constant:1)" > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) p.path > rc...@rc...: "P=p003,L=1,M=multipart/mixed | > P=p001,L=1/1,M=text/plain,T=asc" > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) p.path BANNED:1 > rc...@rc...: "P=p003,L=1,M=multipart/mixed | > P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms,N=dcom98.exe", > matching_key="(?mix-s:(?# BLOCK COMMON NAME EXENSIONS )\n ^ (.*\t)? > N= [^\t\n]* \\. > (pif|exe|cpl|swf|vbs|bat|cmd|com|dll|hta|js|jse|lnk|msi|ocx|reg|shs|vb|vbe|wsf|scr) > (\t.*)? $)" > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_ldap_attr(amavisbannedfileslover), no attribute, > "rc...@rc..." result=undef > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) query_keys: > rc...@rc..., rcpt@, rcptdomain.com, .rcptdomain.com, .com, . > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_hash(rc...@rc...), no matches > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup > (banned_files_lovers) => undef, "rc...@rc..." does not match > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_ldap_attr(amavisbannedquarantineto), no attribute, > "rc...@rc..." result=undef > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup > (banned_quarantine_to) => undef, "rc...@rc..." does not match > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_ldap_attr(amavisbannedadmin), no attribute, "rc...@rc..." > result=undef > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_acl(rc...@rc...), no match > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup (banned_admin) > => undef, "rc...@rc..." does not match > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_ldap_attr(amavislocal), no attribute, "rc...@rc..." result=1 > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup (local_domains) > => true, "rc...@rc..." matches, result="1", matching_key="/cached/" > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > lookup_ldap_attr(amaviswarnbannedrecip), no attribute, > "rc...@rc..." result=undef > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup > (warnbannedrecip) => true, "rc...@rc..." matches, result="1", > matching_key="(constant:1)" > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) string_to_mime_entity > To: <rc...@rc...> > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) (about to connect to > [127.0.0.1]:10225) SEND via SMTP: <pos...@pe...> -> > <rc...@rc...>Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) > response to RCPT TO for <rc...@rc...>: "250 Ok" > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) SEND via SMTP: > <pos...@pe...> -> <rc...@rc...>, 250 2.6.0 Ok, > id=32392-04, from MTA([127.0.0.1]:10225): 250 Ok: queued as 83BFC3A84A3 > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) parse_received: for = > <rc...@rc...>/<rc...@rc...>// > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) parse_received: for = > <rc...@rc...>/<rc...@rc...>// > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) Blocked BANNED > (P=p003,L=1,M=multipart/mixed | > P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms,N=dcom98.exe), > CF/MYNETS LOCAL [63.76.208.2] [63.76.208.2] <se...@pe...> -> > <rc...@rc...>, Message-ID: <42E...@pe...>, > mail_id: EPI2-DPhWQFz, Hits: -, 1490 ms > Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) sending LMTP response > for <rc...@rc...>: "250 2.5.0 Ok rc...@rc..., DSN sent > (550 5.7.1 Message content rejected, id=32392-04 - BANNED: > P=p003,L=1,M=multipart/mixed | > P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...)"Jul 26 > 10:29:39 mail06 amavis[32392]: (32392-04) LMTP> 250 2.5.0 Ok > rc...@rc..., DSN sent (550 5.7.1 Message content rejected, > id=32392-04 - BANNED: P=p003,L=1,M=multipart/mixed | > P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...) > Jul 26 10:29:39 mail06 postfix/lmtp[644]: C75993A8246: > to=<rc...@rc...>, relay=127.0.0.1[127.0.0.1], delay=5, > status=sent (250 2.5.0 Ok rc...@rc..., DSN sent (550 5.7.1 > Message content rejected, id=32392-04 - BANNED: > P=p003,L=1,M=multipart/mixed | > P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...)) > > > -- Joel Nimety Perimeter Internetworking Corp. 203.541.3416 |