Centos Postfix no Notice Signature and exe's delivered

Chris Twinn chris at twinn.co.uk
Tue Mar 11 14:55:11 GMT 2014 

Hi,

Hopefully I'm in the right place and someone can help, sorry if not its 
my first message.

I have installed CentOS 6.5 using Minimal, installed the prerequisite 
rpm's via yum,
installed 4.84.6-1 for RedHat/CentOS via rpm. I am using clam for AV and 
SpamAssassin.

Have decided to go with Postfix as MTA and this all works, mail comes in,
eicar virus detected and stopped(clam).
But sending in exe as an exe is allowed through. Exe hidden in Zip is 
allowed through.
Normal emails just seem to bypass MailScanner even though the logs show 
MailScanner operating.

I also notice that the Notice Signature is not being added to the bottom 
of emails on clean messages,
BUT in I am getting the following in the headers:

X-tttttcouk-MailScanner-Information: Please contact the ISP for more information
X-tttttcouk-MailScanner-ID: BAF6FC104F.A0BC6
X-tttttcouk-MailScanner: Found to be clean
X-tttttcouk-MailScanner-From: mailscanner-bounces at lists.mailscanner.info

I have compared the configuration files to my previous server that ran MailScanner
fine and everything is the same, except that one used Sendmail rather than Postfix

Audit.log does not show any issues (SELinux is enabled, same problem if permissive).

MailScanner --lint does not show any issues.

I have turned on all the Log options, even tried setting debug = true and seeing what turns up
in the maillog, not a lot :-(

Mar 11 14:22:28 centos65 MailScanner[3651]: New Batch: Found 3 messages waiting
Mar 11 14:22:28 centos65 MailScanner[3651]: New Batch: Scanning 1 messages, 156910 bytes
Mar 11 14:22:28 centos65 MailScanner[3651]: Virus and Content Scanning: Starting
Mar 11 14:22:37 centos65 MailScanner[3651]: Virus Scanning completed at 16770 bytes per second
Mar 11 14:22:37 centos65 MailScanner[3651]: Spam Checks: Starting
Mar 11 14:22:37 centos65 MailScanner[3651]: Message 4A318C10B0.A72CD from 127.0.0.1 (root at centos65.localdomain) to centos65 is not spam, SpamAssassin (not cached, score=1.804, required 6, ALL_TRUSTED -1.00, DKIM_ADSP_NXDOMAIN 0.80, NO_DNS_FOR_FROM 0.38, SUBJ_ALL_CAPS 1.62)
Mar 11 14:22:37 centos65 MailScanner[3651]: Delivery of nonspam: message 4A318C10B0.A72CD from root at centos65.localdomain to chris at centos65 with subject TEST EMAIL
Mar 11 14:22:37 centos65 MailScanner[3651]: Spam Checks completed at 284783 bytes per second
Mar 11 14:22:38 centos65 MailScanner[3651]: Requeue: 4A318C10B0.A72CD to C10EEC105F
Mar 11 14:22:38 centos65 MailScanner[3651]: Uninfected: Delivered 1 messages
Mar 11 14:22:38 centos65 postfix/qmgr[2783]: C10EEC105F: from=<root at centos65.localdomain>, size=156672, nrcpt=1 (queue active)
Mar 11 14:22:38 centos65 MailScanner[3651]: Deleted 1 messages from processing-database
Mar 11 14:22:38 centos65 MailScanner[3651]: Batch completed at 15603 bytes per second (156910 / 10)
Mar 11 14:22:38 centos65 MailScanner[3651]: Batch (1 message) processed in 10.06 seconds
Mar 11 14:22:38 centos65 postfix/local[3897]: C10EEC105F: to=<chris at centos65.localdomain>, orig_to=<chris at centos65>, relay=local, delay=11, delays=11/0.03/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Mar 11 14:22:38 centos65 postfix/qmgr[2783]: C10EEC105F: removed

All the .conf are out of the box only other modded file is rules/spam.whitelist.rules
From:           CUUSIIKKJEMEe at MWKEIEM.co.uk      yes
From:           AAAAs at mILKKKK.co.uk       yes
From:           oIIIIIe at IIRKKE.co.uk      yes
From:           *@MMMMMay.co.uk          yes
From:           *@KKKKKe.com            yes
From:           *@EEEDFFy.com         yes
FromOrTo:       default         no


======= MailScanner.conf [edited]

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
MTA = postfix
Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail

Allow Filenames =
Deny Filenames =
Filename Rules = %etc-dir%/filename.rules.conf
Allow Filetypes =
Allow File MIME Types =
Deny Filetypes =
Deny File MIME Types =
Filetype Rules = %etc-dir%/filetype.rules.conf
Archives: Allow Filenames =
Archives: Deny Filenames =
Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Allow Filetypes =
Archives: Allow File MIME Types =
Archives: Deny Filetypes =
Archives: Deny File MIME Types =
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf

Hostname = the %org-name% ($HOSTNAME) MailScanner

Sign Messages Already Processed = no
Sign Clean Messages = yes
Mark Infected Messages = yes
Mark Unscanned Messages = yes
Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info

Log Speed = yes
Log Spam = yes
Log Non Spam = yes
Log Delivery And Non-Delivery = yes
Log Permitted Filenames = yes
Log Permitted Filetypes = yes
Log Permitted File MIME Types = yes
Log Silent Viruses = yes
Log Dangerous HTML Tags = yes
Log SpamAssassin Rule Actions = yes
======= END MailScanner.conf

Many apologies for the length and hopefully someone is able to point me in the right direction.


Many Thanks,


Chris.









-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140311/df2058e7/attachment.html

More information about the MailScanner mailing list