Menu
▾
▴
Re: [AMaViS-user] LDAP amavisBypassBannedChecks not working
|
From: Joel N. <jn...@pe...> - 2005-07-26 15:33:43
|
It would appear that MYNETS isn't working either because I have
bypass_banned_checks_maps => [1] in $policy_bank{'MYNETS'} and the email
log below is indicating CF/MYNETS (note: CF has
bypass_banned_checks_maps => [1] as well).
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
bypass_spam_checks_maps => [1], # Turn off spam checking for
locally originated emails
bypass_banned_checks_maps => [1], # Turn off banned checking for
locally originated emails
};
$policy_bank{'CF'} = {
bypass_spam_checks_maps => [1], # Turn off spam checking
for locally originated emails
bypass_banned_checks_maps => [1], # Turn off banned
checking for locally originated emails
forward_method => 'smtp:[127.0.0.1]:10226', #
forward checked mail to postfix instance that handles
ContentFiltering/MailSafe
notify_method => 'smtp:[127.0.0.1]:10225', #
submit notifications through the usual smtp path
};
Joel Nimety wrote:
> Hello -- I've just upgrade to amavis-2.3.2. I'm using LDAP lookups for
> per domain/user maps. I have a user who has BypassBannedChecks=TRUE set
> in LDAP yet he still is having attachments blocked. I've turned up
> logging for myself using $debug_sender_acl and I've sent the user an
> .exe file. Here's the log. Notice that amavis successfully looks-up
> BypassBannedChecks=TRUE but still performs the banned blocking. Is this
> a bug? Please let me know if more information is required. Thanks.
>
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP< RCPT
> TO:<rc...@rc...>\r\n
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) query_keys:
> rc...@rc..., rcpt@, rcptdomain.com, .rcptdomain.com, .com, .
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04)
> lookup_hash(rc...@rc...), no matches
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup (local_domains)
> => undef, "rc...@rc..." does not match
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) query_keys:
> rc...@rc..., @rcptdomain.com, @.rcptdomain.com, @.com, @.
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup_ldap
> "rc...@rc...", query keys: "rc...@rc...",
> "@rcptdomain.com", "@.rcptdomain.com", "@.com", "@.", base: o=na,
> filter: (&(objectclass=amavisaccount)(cybalternatedomain=%m))
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup_ldap: searching
> base="o=na", scope="sub",
> filter="(&(objectclass=amavisaccount)(|(cybalternatedomain=rc...@rc...)(cybalternatedomain=@rcptdomain.com)(cybalternatedomain=@.rcptdomain.com)(cybalternatedomain=@.com)(cybalternatedomain=@.)))"
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04)
> lookup_ldap(rc...@rc...) matches,
> result=(cybalternatedomain=>"@rcptdomain.com",
> amavisbypassbannedchecks=>"TRUE", amavisbypassspamchecks=>"TRUE",
> amavisspamlover=>"TRUE", amavisbypassviruschecks=>"TRUE")
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavismessagesizelimit), no attribute,
> "rc...@rc..." result=undef
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup
> (message_size_limit) => undef, "rc...@rc..." does not match
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP> 250 2.1.5
> Recipient rc...@rc... OK
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) LMTP::10026
> /var/amavis/tmp/amavis-20050726T102756-32392: <se...@pe...>
> -> <rc...@rc...> Received: SIZE=1685477 from
> mail06.perimeterco.com ([127.0.0.1]) by localhost
> (mail06.perimeterco.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP
> id 32392-04 for <rc...@rc...>; Tue, 26 Jul 2005 10:29:38 -0400 (EDT)
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) Checking: EPI2-DPhWQFz
> CF/MYNETS [63.76.208.2] <se...@pe...> -> <rc...@rc...>
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbypassviruschecks) "rc...@rc..." result=(1)
> Jul 26 10:29:38 mail06 amavis[32392]: (32392-04) lookup
> (bypass_virus_checks) => true, "rc...@rc..." matches,
> result="1", matching_key="/cached/"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbypassheaderchecks), no attribute,
> "rc...@rc..." result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) query_keys:
> rc...@rc..., rcpt@, rcptdomain.com, .rcptdomain.com, .com, .
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_hash(rc...@rc...), no matches
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup
> (bypass_header_checks) => undef, "rc...@rc..." does not match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup => true,
> "rc...@rc..." matches, result="1", matching_key="(constant:1)"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) p.path
> rc...@rc...: "P=p003,L=1,M=multipart/mixed |
> P=p001,L=1/1,M=text/plain,T=asc"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) p.path BANNED:1
> rc...@rc...: "P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms,N=dcom98.exe",
> matching_key="(?mix-s:(?# BLOCK COMMON NAME EXENSIONS )\n ^ (.*\t)?
> N= [^\t\n]* \\.
> (pif|exe|cpl|swf|vbs|bat|cmd|com|dll|hta|js|jse|lnk|msi|ocx|reg|shs|vb|vbe|wsf|scr)
> (\t.*)? $)"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbannedfileslover), no attribute,
> "rc...@rc..." result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) query_keys:
> rc...@rc..., rcpt@, rcptdomain.com, .rcptdomain.com, .com, .
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_hash(rc...@rc...), no matches
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup
> (banned_files_lovers) => undef, "rc...@rc..." does not match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbannedquarantineto), no attribute,
> "rc...@rc..." result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup
> (banned_quarantine_to) => undef, "rc...@rc..." does not match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavisbannedadmin), no attribute, "rc...@rc..."
> result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_acl(rc...@rc...), no match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup (banned_admin)
> => undef, "rc...@rc..." does not match
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amavislocal), no attribute, "rc...@rc..." result=1
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup (local_domains)
> => true, "rc...@rc..." matches, result="1", matching_key="/cached/"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> lookup_ldap_attr(amaviswarnbannedrecip), no attribute,
> "rc...@rc..." result=undef
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) lookup
> (warnbannedrecip) => true, "rc...@rc..." matches, result="1",
> matching_key="(constant:1)"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) string_to_mime_entity
> To: <rc...@rc...>
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) (about to connect to
> [127.0.0.1]:10225) SEND via SMTP: <pos...@pe...> ->
> <rc...@rc...>Jul 26 10:29:39 mail06 amavis[32392]: (32392-04)
> response to RCPT TO for <rc...@rc...>: "250 Ok"
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) SEND via SMTP:
> <pos...@pe...> -> <rc...@rc...>, 250 2.6.0 Ok,
> id=32392-04, from MTA([127.0.0.1]:10225): 250 Ok: queued as 83BFC3A84A3
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) parse_received: for =
> <rc...@rc...>/<rc...@rc...>//
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) parse_received: for =
> <rc...@rc...>/<rc...@rc...>//
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) Blocked BANNED
> (P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms,N=dcom98.exe),
> CF/MYNETS LOCAL [63.76.208.2] [63.76.208.2] <se...@pe...> ->
> <rc...@rc...>, Message-ID: <42E...@pe...>,
> mail_id: EPI2-DPhWQFz, Hits: -, 1490 ms
> Jul 26 10:29:39 mail06 amavis[32392]: (32392-04) sending LMTP response
> for <rc...@rc...>: "250 2.5.0 Ok rc...@rc..., DSN sent
> (550 5.7.1 Message content rejected, id=32392-04 - BANNED:
> P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...)"Jul 26
> 10:29:39 mail06 amavis[32392]: (32392-04) LMTP> 250 2.5.0 Ok
> rc...@rc..., DSN sent (550 5.7.1 Message content rejected,
> id=32392-04 - BANNED: P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...)
> Jul 26 10:29:39 mail06 postfix/lmtp[644]: C75993A8246:
> to=<rc...@rc...>, relay=127.0.0.1[127.0.0.1], delay=5,
> status=sent (250 2.5.0 Ok rc...@rc..., DSN sent (550 5.7.1
> Message content rejected, id=32392-04 - BANNED:
> P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/x-ms-dos-executable,T=exe,T=exe-ms...))
>
>
>
--
Joel Nimety
Perimeter Internetworking Corp.
203.541.3416
|