Filename Restrictions Not working

Jerry Benton jerry.benton at mailborder.com
Tue Feb 24 17:13:30 GMT 2015 

Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?

-
Jerry Benton
www.mailborder.com



> On Feb 24, 2015, at 11:28 AM, James Nelson <James.Nelson at vgt.net> wrote:
> 
> Hi Glenn,
> 
> I ran that test and got the exact result you did, which is either good or very bad, because it's still not working :)
> 
> 
> 
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
> 
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: Tuesday, February 24, 2015 9:55 AM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
> 
> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
> 
> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
> -bash-4.2$ MailScanner --value=filenamerules --from=someone at example.net --to=someoneelse at yourdomain.com Looked up internal option name "filenamerules"
> With sender = someone at example.net
>  recipient = someoneelse at yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
> -bash-4.2$
> 
> 
> Check the syntax with "MailScanner --help".
> 
> Seems to me that the ruleset is borked, the actual filenames aren't read, or there still resida a postfix instance that don't have the correct HOLD thingy on your system... In decreasing order of
> probability;-)
> 
> Cheers
> --
> -- Glenn
> 
> On 24 February 2015 at 14:22, James Nelson <James.Nelson at vgt.net> wrote:
>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a 
>> blocked filetype, it just doesn't do anything about it during mail 
>> scanning.  I had the thought that my rules files had permissions 
>> problems, but I made them readable for everyone just to be sure.
>> 
>> I have the group as Apache as part of the configuration for MailWatch.
>> 
>> 
>> 
>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <glenn.steen at gmail.com> wrote:
>> 
>> I see you have run as user/group set to postfix/apache...  When you've 
>> done your lint and debug runs, did you do them as postfix user or root?
>> My guess is that the rule file for filenames might not be readable to 
>> the postfix user.
>> 
>> Cheers!
>> --
>> -- Glenn
>> 
>> Den 23 feb 2015 22:09 skrev "James Nelson" <James.Nelson at vgt.net>:
>>> 
>>> 
>>> Sorry about that, I thought I set it to public. Try again :).
>>> 
>>> Jerry, I'm building a Mailborder server now to test.
>>> 
>>> 
>>> “a rockpile ceases to be a rockpile the moment a single man 
>>> contemplates it, bearing within him the image of a cathedral.”
>>> 
>>> 
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
>>> Kevin Miller
>>> Sent: Monday, February 23, 2015 2:20 PM
>>> To: 'MailScanner discussion'
>>> Subject: RE: Filename Restrictions Not working
>>> 
>>> It said this "This is a private paste. If you created this paste, 
>>> please login to view it."  I couldn't see it.
>>> 
>>> If there's anything that needs to be munged (like your watermark), 
>>> just edit that before posting and make it a public post.
>>> 
>>> ...Kevin
>>> --
>>> Kevin Miller
>>> Network/email Administrator, CBJ MIS Dept.
>>> 155 South Seward Street
>>> Juneau, Alaska 99801
>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>> 307357
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: mailscanner-bounces at lists.mailscanner.info 
>>>> [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of 
>>>> James Nelson
>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>> To: MailScanner discussion
>>>> Subject: RE: Filename Restrictions Not working
>>>> 
>>>> Kevin,
>>>> 
>>>> Here's my complete MailScanner.conf:
>>>> 
>>>> http://pastebin.com/ci9dz8iL
>>>> 
>>>> Jerry:
>>>> 
>>>> I changed default to *@* this morning in the course of my, "did 
>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>> 
>>>> I'm not applying any configuration via conf.d at the moment...if I 
>>>> were to do that, would it supersede anything in MailScanner.conf?
>>>> 
>>>> 
>>>> 
>>>> “a rockpile ceases to be a rockpile the moment a single man 
>>>> contemplates it, bearing within him the image of a cathedral.”
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: mailscanner-bounces at lists.mailscanner.info 
>>>> [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of 
>>>> Kevin Miller
>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>> To: 'MailScanner discussion'
>>>> Subject: RE: Filename Restrictions Not working
>>>> 
>>>> Maybe you could post your MailScanner.conf to pastebin.  I'm 
>>>> guessing something in there is wonky.
>>>> 
>>>> ...Kevin
>>>> --
>>>> Kevin Miller
>>>> Network/email Administrator, CBJ MIS Dept.
>>>> 155 South Seward Street
>>>> Juneau, Alaska 99801
>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>> 307357
>>>> 
>>>> 
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>> [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of 
>>>>> James Nelson
>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>> To: MailScanner discussion
>>>>> Subject: RE: Filename Restrictions Not working
>>>>> 
>>>>> Well, an interesting update...
>>>>> 
>>>>> I changed up my approach, and pointed the Deny Filenames = in 
>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>>>>> follows:
>>>>> 
>>>>> To: *@*     \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>> \.chm$
>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$ 
>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$ 
>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$ 
>>>>> \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>> 
>>>>> When running MailScanner --lint now, it DOES detect eicar.com as 
>>>>> a blocked filetype.  However, it's still allowing blocked 
>>>>> filetypes through ?
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> “a rockpile ceases to be a rockpile the moment a single man 
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>> 
>>>>> 
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>> [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of 
>>>>> Jerry Benton
>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>> To: MailScanner discussion
>>>>> Subject: Re: Filename Restrictions Not working
>>>>> 
>>>>> Its not beta anymore. (The RPM package.)
>>>>> 
>>>>> -
>>>>> Jerry Benton
>>>>> www.mailborder.com
>>>>> 
>>>>> 
>>>>> 
>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson 
>>>>>> <James.Nelson at vgt.net>
>>>>> wrote:
>>>>>> 
>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>> 
>>>>>> I suppose I could also try the new MS beta, just to throw 
>>>>>> something
>>>>> else at the wall...
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>> 
>>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>>> [mailto:mailscanner-
>>>>> bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>> To: MailScanner discussion
>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>> 
>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>> Mailborder server for a comparison test. Check to see if it is 
>>>>> working correctly (the Mailborder server) and compare the configs 
>>>>> on the Mailborder server to yours. This will at least eliminate 
>>>>> the Mailscanner configuration variable from the equation.
>>>>>> 
>>>>>> -
>>>>>> Jerry Benton
>>>>>> www.mailborder.com
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson 
>>>>>>> <James.Nelson at vgt.net>
>>>>> wrote:
>>>>>>> 
>>>>>>> Sigh, built a brand new MailScanner box from scratch...once 
>>>>>>> again,
>>>>> everything works except filename checking. The only thing I 
>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>> 
>>>>>>> It just doesn't seem to want to work, with no errors to shed 
>>>>>>> any
>>>>> light.
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>> 
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>> 
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> 
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner at lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>> 
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>> 
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner at lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>> 
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>> 
>>>>>> Support MailScanner development - buy the book off the website!
>>>>> 
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>> 
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>> 
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>> 
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>> 
>>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>> 
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>> 
>>>> Support MailScanner development - buy the book off the website!
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>> 
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>> 
>>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website!
>> 
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!
>> 
>> 
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!
>> 
> 
> 
> 
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list