Filename Restrictions Not working

Glenn Steen glenn.steen at gmail.com
Tue Feb 24 15:55:26 GMT 2015


Right, so at the postfix user, can you actually read the two files
(/etc/MailScanner/filename.rules.conf and
/etc/MailScanner/rules/filename.rules)?
Also, the default line (at least) for the
/etc/MailScanner/rules/filename.rules file should mention the
%etc-dir%/filename.rules.conf file, at least if you have
Filename Rules = %rules-dir%/filename.rules
in the /etc/mailScanner/MailScanner.conf file.

You can actually check the value with MailScanner itself (as the
Postfix user) by doing something like:
-bash-4.2$ MailScanner --value=filenamerules
--from=someone at example.net --to=someoneelse at yourdomain.com
Looked up internal option name "filenamerules"
With sender = someone at example.net
  recipient = someoneelse at yourdomain.com
Client IP =
Virus =
Result is "/etc/MailScanner/filename.rules.conf"
-bash-4.2$


Check the syntax with "MailScanner --help".

Seems to me that the ruleset is borked, the actual filenames aren't
read, or there still resida a postfix instance that don't have the
correct HOLD thingy on your system... In decreasing order of
probability;-)

Cheers
-- 
-- Glenn

On 24 February 2015 at 14:22, James Nelson <James.Nelson at vgt.net> wrote:
> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a blocked
> filetype, it just doesn't do anything about it during mail scanning.  I had
> the thought that my rules files had permissions problems, but I made them
> readable for everyone just to be sure.
>
> I have the group as Apache as part of the configuration for MailWatch.
>
>
>
> On Feb 24, 2015, at 3:37 AM, Glenn Steen <glenn.steen at gmail.com> wrote:
>
> I see you have run as user/group set to postfix/apache...  When you've done
> your lint and debug runs, did you do them as postfix user or root?
> My guess is that the rule file for filenames might not be readable to the
> postfix user.
>
> Cheers!
> --
> -- Glenn
>
> Den 23 feb 2015 22:09 skrev "James Nelson" <James.Nelson at vgt.net>:
>>
>>
>> Sorry about that, I thought I set it to public. Try again :).
>>
>> Jerry, I'm building a Mailborder server now to test.
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates
>> it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin
>> Miller
>> Sent: Monday, February 23, 2015 2:20 PM
>> To: 'MailScanner discussion'
>> Subject: RE: Filename Restrictions Not working
>>
>> It said this "This is a private paste. If you created this paste, please
>> login to view it."  I couldn't see it.
>>
>> If there's anything that needs to be munged (like your watermark), just
>> edit that before posting and make it a public post.
>>
>> ...Kevin
>> --
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> 307357
>>
>>
>> > -----Original Message-----
>> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> > bounces at lists.mailscanner.info] On Behalf Of James Nelson
>> > Sent: Monday, February 23, 2015 10:52 AM
>> > To: MailScanner discussion
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Kevin,
>> >
>> > Here's my complete MailScanner.conf:
>> >
>> > http://pastebin.com/ci9dz8iL
>> >
>> > Jerry:
>> >
>> > I changed default to *@* this morning in the course of my, "did that
>> > work? No, okay, how about this," but the result was the same regardless.
>> >
>> > I'm not applying any configuration via conf.d at the moment...if I
>> > were to do that, would it supersede anything in MailScanner.conf?
>> >
>> >
>> >
>> > “a rockpile ceases to be a rockpile the moment a single man
>> > contemplates it, bearing within him the image of a cathedral.”
>> >
>> >
>> > -----Original Message-----
>> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> > bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
>> > Sent: Monday, February 23, 2015 12:50 PM
>> > To: 'MailScanner discussion'
>> > Subject: RE: Filename Restrictions Not working
>> >
>> > Maybe you could post your MailScanner.conf to pastebin.  I'm guessing
>> > something in there is wonky.
>> >
>> > ...Kevin
>> > --
>> > Kevin Miller
>> > Network/email Administrator, CBJ MIS Dept.
>> > 155 South Seward Street
>> > Juneau, Alaska 99801
>> > Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>> > 307357
>> >
>> >
>> > > -----Original Message-----
>> > > From: mailscanner-bounces at lists.mailscanner.info
>> > > [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of
>> > > James Nelson
>> > > Sent: Monday, February 23, 2015 9:26 AM
>> > > To: MailScanner discussion
>> > > Subject: RE: Filename Restrictions Not working
>> > >
>> > > Well, an interesting update...
>> > >
>> > > I changed up my approach, and pointed the Deny Filenames = in
>> > > MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>> > > follows:
>> > >
>> > > To: *@*     \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>> > > \.chm$
>> > > \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>> > > \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>> > > \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ \.ws$
>> > > \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>> > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>> > >
>> > > When running MailScanner --lint now, it DOES detect eicar.com as a
>> > > blocked filetype.  However, it's still allowing blocked filetypes
>> > > through ?
>> > >
>> > >
>> > >
>> > >
>> > > “a rockpile ceases to be a rockpile the moment a single man
>> > > contemplates it, bearing within him the image of a cathedral.”
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: mailscanner-bounces at lists.mailscanner.info
>> > > [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of
>> > > Jerry Benton
>> > > Sent: Sunday, February 22, 2015 4:11 PM
>> > > To: MailScanner discussion
>> > > Subject: Re: Filename Restrictions Not working
>> > >
>> > > Its not beta anymore. (The RPM package.)
>> > >
>> > > -
>> > > Jerry Benton
>> > > www.mailborder.com
>> > >
>> > >
>> > >
>> > > > On Feb 22, 2015, at 4:33 PM, James Nelson <James.Nelson at vgt.net>
>> > > wrote:
>> > > >
>> > > > I will try that tomorrow...i'm about out of other ideas.
>> > > >
>> > > > I suppose I could also try the new MS beta, just to throw
>> > > > something
>> > > else at the wall...
>> > > >
>> > > >
>> > > >
>> > > >
>> > > > “a rockpile ceases to be a rockpile the moment a single man
>> > > contemplates it, bearing within him the image of a cathedral.”
>> > > >
>> > > >
>> > > > -----Original Message-----
>> > > > From: mailscanner-bounces at lists.mailscanner.info
>> > > > [mailto:mailscanner-
>> > > bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
>> > > > Sent: Saturday, February 21, 2015 5:54 AM
>> > > > To: MailScanner discussion
>> > > > Subject: Re: Filename Restrictions Not working
>> > > >
>> > > > I’m not pimping my product, but I would suggest you install a
>> > > Mailborder server for a comparison test. Check to see if it is
>> > > working correctly (the Mailborder server) and compare the configs on
>> > > the Mailborder server to yours. This will at least eliminate the
>> > > Mailscanner configuration variable from the equation.
>> > > >
>> > > > -
>> > > > Jerry Benton
>> > > > www.mailborder.com
>> > > >
>> > > >
>> > > >
>> > > >> On Feb 21, 2015, at 2:29 AM, James Nelson <James.Nelson at vgt.net>
>> > > wrote:
>> > > >>
>> > > >> Sigh, built a brand new MailScanner box from scratch...once
>> > > >> again,
>> > > everything works except filename checking. The only thing I changed
>> > > was to disallow zip files(just changed allow to deny in
>> > > filenames.rules.conf) and it still lets it all through.
>> > > >>
>> > > >> It just doesn't seem to want to work, with no errors to shed any
>> > > light.
>> > > >> --
>> > > >> MailScanner mailing list
>> > > >> mailscanner at lists.mailscanner.info
>> > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >>
>> > > >> Before posting, read http://wiki.mailscanner.info/posting
>> > > >>
>> > > >> Support MailScanner development - buy the book off the website!
>> > > >
>> > > > --
>> > > > MailScanner mailing list
>> > > > mailscanner at lists.mailscanner.info
>> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >
>> > > > Before posting, read http://wiki.mailscanner.info/posting
>> > > >
>> > > > Support MailScanner development - buy the book off the website!
>> > > > --
>> > > > MailScanner mailing list
>> > > > mailscanner at lists.mailscanner.info
>> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > > >
>> > > > Before posting, read http://wiki.mailscanner.info/posting
>> > > >
>> > > > Support MailScanner development - buy the book off the website!
>> > >
>> > > --
>> > > MailScanner mailing list
>> > > mailscanner at lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > > --
>> > > MailScanner mailing list
>> > > mailscanner at lists.mailscanner.info
>> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> > >
>> > > Before posting, read http://wiki.mailscanner.info/posting
>> > >
>> > > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list