Filename Restrictions Not working
Jerry Benton
jerry.benton at mailborder.com
Tue Feb 24 19:24:47 GMT 2015
That doesn’t necessarily mean webmin is causing the problem on you vanilla MailScanner server. I would compare the configs between the two servers. Or just use the Mailborder server. Hell of a lot easier to manage.
-
Jerry Benton
www.mailborder.com
> On Feb 24, 2015, at 1:45 PM, James Nelson <James.Nelson at vgt.net> wrote:
>
> Webmin is installed on MailScanner server...which doesn't work. It's not installed on the MailBorder server, however, which DOES work.
>
>
>
> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Tuesday, February 24, 2015 12:21 PM
> To: MailScanner discussion
> Subject: Re: Filename Restrictions Not working
>
> Webmin is not recommended in the event that it changes file permissions or modifies the firewall, which the Mailborder scripts handle. It will work, until webmin breaks it.
>
> So you are saying the Mailborder install does not work for filename checking and blocking? If so, you are doing something wrong somewhere on both the vanilla MailScanner and Mailborder controlled MailScanner. The Mailborder controlled version should work on a default install.
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
>> On Feb 24, 2015, at 12:44 PM, James Nelson <James.Nelson at vgt.net> wrote:
>>
>> It did, and I've tried copying over the filename\type rules (modifying
>> the names and paths of course) and it doesn't work
>>
>> Now...in the MailBorder configuration, it stated not to install WebMin...which I do have running on the original MailScanner server...could that be causing a problem? I didn't think it was since virus scanning, spam scoring, etc-- all work. Basically everything except attachment checking\blocking seems to be in good shape.
>>
>>
>>
>>
>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry
>> Benton
>> Sent: Tuesday, February 24, 2015 11:14 AM
>> To: MailScanner discussion
>> Subject: Re: Filename Restrictions Not working
>>
>> Crazy question: Did the Mailborder server you setup work? If so, use it to create your configs and copy them?
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>>
>>
>>
>>> On Feb 24, 2015, at 11:28 AM, James Nelson <James.Nelson at vgt.net> wrote:
>>>
>>> Hi Glenn,
>>>
>>> I ran that test and got the exact result you did, which is either
>>> good or very bad, because it's still not working :)
>>>
>>>
>>>
>>> “a rockpile ceases to be a rockpile the moment a single man contemplates it, bearing within him the image of a cathedral.”
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>>> Glenn Steen
>>> Sent: Tuesday, February 24, 2015 9:55 AM
>>> To: MailScanner discussion
>>> Subject: Re: Filename Restrictions Not working
>>>
>>> Right, so at the postfix user, can you actually read the two files (/etc/MailScanner/filename.rules.conf and /etc/MailScanner/rules/filename.rules)?
>>> Also, the default line (at least) for the /etc/MailScanner/rules/filename.rules file should mention the %etc-dir%/filename.rules.conf file, at least if you have Filename Rules = %rules-dir%/filename.rules in the /etc/mailScanner/MailScanner.conf file.
>>>
>>> You can actually check the value with MailScanner itself (as the Postfix user) by doing something like:
>>> -bash-4.2$ MailScanner --value=filenamerules --from=someone at example.net --to=someoneelse at yourdomain.com Looked up internal option name "filenamerules"
>>> With sender = someone at example.net
>>> recipient = someoneelse at yourdomain.com Client IP = Virus = Result is "/etc/MailScanner/filename.rules.conf"
>>> -bash-4.2$
>>>
>>>
>>> Check the syntax with "MailScanner --help".
>>>
>>> Seems to me that the ruleset is borked, the actual filenames aren't
>>> read, or there still resida a postfix instance that don't have the
>>> correct HOLD thingy on your system... In decreasing order of
>>> probability;-)
>>>
>>> Cheers
>>> --
>>> -- Glenn
>>>
>>> On 24 February 2015 at 14:22, James Nelson <James.Nelson at vgt.net> wrote:
>>>> Hi Glenn, I ran --lint as postfix and it does detect eicar.com as a
>>>> blocked filetype, it just doesn't do anything about it during mail
>>>> scanning. I had the thought that my rules files had permissions
>>>> problems, but I made them readable for everyone just to be sure.
>>>>
>>>> I have the group as Apache as part of the configuration for MailWatch.
>>>>
>>>>
>>>>
>>>> On Feb 24, 2015, at 3:37 AM, Glenn Steen <glenn.steen at gmail.com> wrote:
>>>>
>>>> I see you have run as user/group set to postfix/apache... When
>>>> you've done your lint and debug runs, did you do them as postfix user or root?
>>>> My guess is that the rule file for filenames might not be readable
>>>> to the postfix user.
>>>>
>>>> Cheers!
>>>> --
>>>> -- Glenn
>>>>
>>>> Den 23 feb 2015 22:09 skrev "James Nelson" <James.Nelson at vgt.net>:
>>>>>
>>>>>
>>>>> Sorry about that, I thought I set it to public. Try again :).
>>>>>
>>>>> Jerry, I'm building a Mailborder server now to test.
>>>>>
>>>>>
>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>>>>> Kevin Miller
>>>>> Sent: Monday, February 23, 2015 2:20 PM
>>>>> To: 'MailScanner discussion'
>>>>> Subject: RE: Filename Restrictions Not working
>>>>>
>>>>> It said this "This is a private paste. If you created this paste,
>>>>> please login to view it." I couldn't see it.
>>>>>
>>>>> If there's anything that needs to be munged (like your watermark),
>>>>> just edit that before posting and make it a public post.
>>>>>
>>>>> ...Kevin
>>>>> --
>>>>> Kevin Miller
>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>> 155 South Seward Street
>>>>> Juneau, Alaska 99801
>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>> 307357
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>>> [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of
>>>>>> James Nelson
>>>>>> Sent: Monday, February 23, 2015 10:52 AM
>>>>>> To: MailScanner discussion
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> Kevin,
>>>>>>
>>>>>> Here's my complete MailScanner.conf:
>>>>>>
>>>>>> http://pastebin.com/ci9dz8iL
>>>>>>
>>>>>> Jerry:
>>>>>>
>>>>>> I changed default to *@* this morning in the course of my, "did
>>>>>> that work? No, okay, how about this," but the result was the same regardless.
>>>>>>
>>>>>> I'm not applying any configuration via conf.d at the moment...if I
>>>>>> were to do that, would it supersede anything in MailScanner.conf?
>>>>>>
>>>>>>
>>>>>>
>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>>> [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of
>>>>>> Kevin Miller
>>>>>> Sent: Monday, February 23, 2015 12:50 PM
>>>>>> To: 'MailScanner discussion'
>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>
>>>>>> Maybe you could post your MailScanner.conf to pastebin. I'm
>>>>>> guessing something in there is wonky.
>>>>>>
>>>>>> ...Kevin
>>>>>> --
>>>>>> Kevin Miller
>>>>>> Network/email Administrator, CBJ MIS Dept.
>>>>>> 155 South Seward Street
>>>>>> Juneau, Alaska 99801
>>>>>> Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No:
>>>>>> 307357
>>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>>>> [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of
>>>>>>> James Nelson
>>>>>>> Sent: Monday, February 23, 2015 9:26 AM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: RE: Filename Restrictions Not working
>>>>>>>
>>>>>>> Well, an interesting update...
>>>>>>>
>>>>>>> I changed up my approach, and pointed the Deny Filenames = in
>>>>>>> MailScanner.conf to %rules-dir%/filename_deny.rules , which is as
>>>>>>> follows:
>>>>>>>
>>>>>>> To: *@* \.ico$ \.ani \.cur$ \.hlp$ \.zip$ \.ceo$ \.cab$ \.reg$
>>>>>>> \.chm$
>>>>>>> \.cnf$ \.hta$ \.ins$ \.jse?$ \.job$ \.lnk$ \.mat$ \.pif$ \.scf$
>>>>>>> \.sct$ \.shs$ \.shb$ \.vb[es]$ \.ws[cfh]$ \.xnk$ \.cer$ \.its$
>>>>>>> \.mau$ \.md[az]$ \.prf$ \.pst$ \.tmp$ \.vsmacros$ \.vs[stw]$
>>>>>>> \.ws$ \.com$ \.exe$ \.scr$ \.bat$ \.cmd$ \.cpl$ \.mhtml$ \.s{10,}
>>>>>>> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0- 9]{3}$
>>>>>>>
>>>>>>> When running MailScanner --lint now, it DOES detect eicar.com as
>>>>>>> a blocked filetype. However, it's still allowing blocked
>>>>>>> filetypes through ?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>>>> [mailto:mailscanner- bounces at lists.mailscanner.info] On Behalf Of
>>>>>>> Jerry Benton
>>>>>>> Sent: Sunday, February 22, 2015 4:11 PM
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>
>>>>>>> Its not beta anymore. (The RPM package.)
>>>>>>>
>>>>>>> -
>>>>>>> Jerry Benton
>>>>>>> www.mailborder.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Feb 22, 2015, at 4:33 PM, James Nelson <James.Nelson at vgt.net>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> I will try that tomorrow...i'm about out of other ideas.
>>>>>>>>
>>>>>>>> I suppose I could also try the new MS beta, just to throw
>>>>>>>> something
>>>>>>> else at the wall...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> “a rockpile ceases to be a rockpile the moment a single man
>>>>>>> contemplates it, bearing within him the image of a cathedral.”
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>>>>> [mailto:mailscanner-
>>>>>>> bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
>>>>>>>> Sent: Saturday, February 21, 2015 5:54 AM
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: Re: Filename Restrictions Not working
>>>>>>>>
>>>>>>>> I’m not pimping my product, but I would suggest you install a
>>>>>>> Mailborder server for a comparison test. Check to see if it is
>>>>>>> working correctly (the Mailborder server) and compare the configs
>>>>>>> on the Mailborder server to yours. This will at least eliminate
>>>>>>> the Mailscanner configuration variable from the equation.
>>>>>>>>
>>>>>>>> -
>>>>>>>> Jerry Benton
>>>>>>>> www.mailborder.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Feb 21, 2015, at 2:29 AM, James Nelson
>>>>>>>>> <James.Nelson at vgt.net>
>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Sigh, built a brand new MailScanner box from scratch...once
>>>>>>>>> again,
>>>>>>> everything works except filename checking. The only thing I
>>>>>>> changed was to disallow zip files(just changed allow to deny in
>>>>>>> filenames.rules.conf) and it still lets it all through.
>>>>>>>>>
>>>>>>>>> It just doesn't seem to want to work, with no errors to shed
>>>>>>>>> any
>>>>>>> light.
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner at lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner at lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>>
>>>
>>> --
>>> -- Glenn
>>> email: glenn < dot > steen < at > gmail < dot > com
>>> work: glenn < dot > steen < at > ap1 < dot > se
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list