Filename Restrictions Not working
Glenn Steen
glenn.steen at gmail.com
Tue Feb 24 15:39:33 GMT 2015
Sure, for lint at least. But it is, when coming to Postfix, always
good to doublechack that permissions pertaining to the postfix user
actually work, as the postfix user. Maybe wasn't that clear:-)
Cheers
--
-- Glenn
On 24 February 2015 at 10:44, Jason Ede <J.Ede at birchenallhowden.co.uk> wrote:
> Shouldn’t MailScanner –lint pick up permission problems such as that? I
> thought it still ran that as the correct user.
>
>
>
> Jason
>
>
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: 24 February 2015 09:18
>
>
> To: MailScanner discussion
> Subject: RE: Filename Restrictions Not working
>
>
>
> I see you have run as user/group set to postfix/apache... When you've done
> your lint and debug runs, did you do them as postfix user or root?
> My guess is that the rule file for filenames might not be readable to the
> postfix user.
>
> Cheers!
> --
> -- Glenn
>
> Den 23 feb 2015 22:09 skrev "James Nelson" <James.Nelson at vgt.net>:
>
>
> Sorry about that, I thought I set it to public. Try again :).
>
> Jerry, I'm building a Mailborder server now to test.
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it,
> bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin
> Miller
> Sent: Monday, February 23, 2015 2:20 PM
> To: 'MailScanner discussion'
> Subject: RE: Filename Restrictions Not working
>
> It said this "This is a private paste. If you created this paste, please
> login to view it." I couldn't see it.
>
> If there's anything that needs to be munged (like your watermark), just edit
> that before posting and make it a public post.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
>
>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of James Nelson
>> Sent: Monday, February 23, 2015 10:52 AM
>> To: MailScanner discussion
>> Subject: RE: Filename Restrictions Not working
>>
>> Kevin,
>>
>> Here's my complete MailScanner.conf:
>>
>> http://pastebin.com/ci9dz8iL
>>
>> Jerry:
>>
>> I changed default to *@* this morning in the course of my, "did that
>> work? No, okay, how about this," but the result was the same regardless.
>>
>> I'm not applying any configuration via conf.d at the moment...if I
>> were to do that, would it supersede anything in MailScanner.conf?
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man
>> contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
>> Sent: Monday, February 23, 2015 12:50 PM
>> To: 'MailScanner discussion'
>> Subject: RE: Filename Restrictions Not working
>>
>> Maybe you could post your MailScanner.conf to pastebin. I'm guessing
>> something in there is wonky.
>>
>> ...Kevin
>> --
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> 307357
>>
>>
>> > -----Original Message-----
>> > From: mailscanner-bounces at lists.mailscanner.info
>> > [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of
>> > James Nelson
>> > Sent: Monday, February 23, 2015 9:26 AM
>> > To: MailScanner discussion
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Well, an interesting update...
>> >
>> > I changed up my approach, and pointed the Deny Filenames = in
>> > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>> > follows:
>> >
>> > To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>> > \.chm$
>> > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>> > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>> > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
>> > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>> > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>> >
>> > When running MailScanner --lint now, it DOES detect eicar.com as a
>> > blocked filetype. However, it's still allowing blocked filetypes
>> > through ?
>> >
>> >
>> >
>> >
>> > “a rockpile ceases to be a rockpile the moment a single man
>> > contemplates it, bearing within him the image of a cathedral.”
>> >
>> >
>> > -----Original Message-----
>> > From: mailscanner-bounces at lists.mailscanner.info
>> > [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of
>> > Jerry Benton
>> > Sent: Sunday, February 22, 2015 4:11 PM
>> > To: MailScanner discussion
>> > Subject: Re: Filename Restrictions Not working
>> >
>> > Its not beta anymore. (The RPM package.)
>> >
>> > -
>> > Jerry Benton
>> > www.mailborder.com
>> >
>> >
>> >
>> > > On Feb 22, 2015, at 4:33 PM, James Nelson <James.Nelson at vgt.net>
>> > wrote:
>> > >
>> > > I will try that tomorrow...i'm about out of other ideas.
>> > >
>> > > I suppose I could also try the new MS beta, just to throw
>> > > something
>> > else at the wall...
>> > >
>> > >
>> > >
>> > >
>> > > “a rockpile ceases to be a rockpile the moment a single man
>> > contemplates it, bearing within him the image of a cathedral.”
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: mailscanner-bounces at lists.mailscanner.info
>> > > [mailto:mailscanner-
>> > bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
>> > > Sent: Saturday, February 21, 2015 5:54 AM
>> > > To: MailScanner discussion
>> > > Subject: Re: Filename Restrictions Not working
>> > >
>> > > I’m not pimping my product, but I would suggest you install a
>> > Mailborder server for a comparison test. Check to see if it is
>> > working correctly (the Mailborder server) and compare the configs on
>> > the Mailborder server to yours. This will at least eliminate the
>> > Mailscanner configuration variable from the equation.
>> > >
>> > > -
>> > > Jerry Benton
>> > > www.mailborder.com
>> > >
>> > >
>> > >
>> > >> On Feb 21, 2015, at 2:29 AM, James Nelson <James.Nelson at vgt.net>
>> > wrote:
>> > >>
>> > >> Sigh, built a brand new MailScanner box from scratch...once
>> > >> again,
>> > everything works except filename checking. The only thing I changed
>> > was to disallow zip files(just changed allow to deny in
>> > filenames.rules.conf) and it still lets it all through.
>> > >>
>> > >> It just doesn't seem to want to work, with no errors to shed any
>> > light.
>> > >> --
>> > >> MailScanner mailing list
>> > >> mailscanner at lists.mailscanner.info
>> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >>
>> > >> Before posting, read http://wiki.mailscanner.info/posting
>> > >>
>> > >> Support MailScanner development - buy the book off the website!
>> > >
>> > > --
>> > > MailScanner mailing list
>> > > mailscanner at lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > > --
>> > > MailScanner mailing list
>> > > mailscanner at lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> >
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list