[Postfixbuch-users] mime_header_checks will nicht (immer)
Ralf Ebeling
r.ebeling at hagrid.posteule.com
Di Feb 1 22:39:06 CET 2005
Hi,
auf einer meiner Postfix-Boxen wollen irgendwie die mime_header_checks
nicht immer. Unten ein Beispiel, welches eigentlich die Checks nicht
passieren sollte.
Wenn ich selber eine Mail mit einem passenden Attachment sende wird es
aber zurückgewiesen - wie gewünscht.
In /etc/postfix/mime_header_checks sind die Beispiele von Ralf eingetragen,
welche bisher auch funktioniert haben.
Hat wer eine Idee warum die Checks bei der Mail unten nicht funktioniert
haben?
Hier noch ein anderes Beispiel, welche von den beiden letzten Expressions
nicht erfasst wird:
--- schnipp ---
Content-Type: application/octet-stream;
name="text01_5.60502.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="text01_5.60502.zip"
--- schnapp ---
Ralf
# cat /etc/postfix/mime_header_checks
/name=\"?(.*)\.(386|bat|bin|chm|cmd|com|cpl|do|exe|hpl|hta|jse|lnk|msi|ocx|ole)\"$/
REJECT Attachment <$1.$2> rejected. We do not accept attachments of
type <$2> (1)
/name=\"?(.*)\.(pif|reg|rm|scr|shb|shm|shs|sys|vb[esx]|vxd|xl|xsl)\"$/
REJECT Attachment <$1.$2> rejected. We do not accept attachments of
type <$2> (2)
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(386|bat|bin|chm|cmd|com|cpl|dll|do|exe|hpl|hta|jse|lnk|msi))"?\s*$/
REJECT Attachment type not allowed. File "$2" has the unacceptable
extension "$3" (3)
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(ocx|ole|pif|reg|rm|scr|shb|shm|shs|sys|vb[esx]|vxd|xl|xsl))"?\s*$/
REJECT Attachment type not allowed. File "$2" has the unacceptable
extension "$3" (4)
--- schnipp ---
Return-Path: <>
Delivered-To: virus-quarantine
X-Envelope-To: <sales at sr.mydomain.tld>
X-Envelope-From: <>
X-Quarantine-id: <virus-20050131-111915-01533-02>
Received: from dns.alejaja.pl (dns.alejaja.pl [66.199.253.74])
by luna.mydomain.tld (MTA) with ESMTP id 8A19F2D9D3
for <sales at mydomain.tld>; Mon, 31 Jan 2005 11:19:07 +0100 (CET)
Received: from mail by dns.alejaja.pl with local (Exim 4.43)
id 1CvYT3-0003CI-BM
for sales at mydomain.tld; Mon, 31 Jan 2005 05:07:37 -0500
X-Failed-Recipients: alejaja at alejaja.pl
Auto-Submitted: auto-generated
From: Mail Delivery System <Mailer-Daemon at dns.alejaja.pl>
To: sales at mydomain.tld
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1CvYT3-0003CI-BM at dns.alejaja.pl>
Date: Mon, 31 Jan 2005 05:07:37 -0500
X-Amavis-Alert: INFECTED, message contains virus: W32/Bagle.bk at MM,
W32/Bagle.bk at MM
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
alejaja at alejaja.pl
This message has been rejected because it has
a potentially executable attachment
wsd01.scr
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <sales at mydomain.tld>
Received: from xdsl-7226.wroclaw.dialog.net.pl ([84.40.137.58]
helo=wroclaw.net)
by dns.alejaja.pl with smtp (Exim 4.43)
id 1CvYT2-00032c-4Y
for alejaja at alejaja.pl; Mon, 31 Jan 2005 05:07:37 -0500
Date: Mon, 31 Jan 2005 11:23:30 +0100
To: "Alejaja" <alejaja at alejaja.pl>
From: "Sales" <sales at mydomain.tld>
Subject: You are made active
Message-ID: <dmglnedutdvmlbupdwo at alejaja.pl>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------nrkvhduzulhirlnogstd"
----------nrkvhduzulhirlnogstd
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
<html><body>
Before use read the help
<br>
</body></html>
----------nrkvhduzulhirlnogstd
Content-Type: application/octet-stream; name="wsd01.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="wsd01.scr"
DIEDATEIHIER
----------nrkvhduzulhirlnogstd--
--- schnapp ---
Mehr Informationen über die Mailingliste Postfixbuch-users