Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page E-Mail with JPEG attachment banned??

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
Page 2 of 2 < 1 2
 
LinkBack Thread Tools Search this Thread Display Modes
  #11 (permalink)  
Old 02-25-2010, 08:45 AM
Special Member
  
Posts: 103
Default
As per /opt/zimbra/conf/amavisd.conf

Code:
# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(
  # banned extension - basic
  qr'.\.(zip|bat|com|exe|dll|pif|scr|vbs|chm|hta|shs)$'i,
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
And per /opt/zimbra/conf/amavisd.conf.in

Code:
# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample

$banned_filename_re = new_RE(
  # banned extension - basic
  %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list VAR:zimbraMtaBlockedExtension |%%)$'i,
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
Restarting amavis as suggested, for the heck of it:

Code:
zimbra@cottontail:~/conf$ zmamavisdctl stop
Stopping amavisd... done.
zimbra@cottontail:~/conf$ zmamavisdctl status
amavisd is not running.
zimbra@cottontail:~/conf$ zmamavisdctl start
Starting amavisd...done.
zimbra@cottontail:~/conf$ zmamavisdctl status
amavisd is running.
zimbra@cottontail:~/conf$
Reply With Quote
  #12 (permalink)  
Old 02-25-2010, 08:51 AM
Special Member
  
Posts: 103
Default
This one is from yesterday, and it was one of our users sending a Word document to an external address:

Code:
No viruses were found.

Banned name: .doc,EM Unit 6 Plans.doc
Content type: Banned
Internal reference code for the message is 21510-16/JwX2lA3o31p4

First upstream SMTP client IP address: [10.10.45.90] unknown
According to a 'Received:' trace, the message apparently originated at:
  [10.10.45.90], [10.10.45.90] unknown [10.10.45.90]

Return-Path: <sender@ourserver.org>
From: Heidi Sender <sender@ourserver.org>
Message-ID: <4B855E32.7070005@ourserver.org>
Subject: everyday smart
The message has been quarantined as: banned-JwX2lA3o31p4

The message WAS NOT relayed to:
<recipient@earthlink.net>:
   554 5.7.0 Reject, id=21510-16 - BANNED: .doc,EM Unit 6 Plans.doc
Headers:

Code:
Return-Path: <sender@ourserver.org>
Received: from [10.10.45.90] (unknown [10.10.45.90])
	by cottontail.ourserver.org (Postfix) with ESMTP id 13223CD0006
	for <recipient@earthlink.net>; Wed, 24 Feb 2010 09:13:27 -0800 (PST)
Message-ID: <4B855E32.7070005@ourserver.org>
Date: Wed, 24 Feb 2010 09:13:22 -0800
From: Heidi Sender <sender@ourserver.org>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: The Recipient <recipient@earthlink.net>
Subject: everyday smart
Content-Type: multipart/mixed;
 boundary="------------000805010207040504090601"
Reply With Quote
  #13 (permalink)  
Old 03-02-2010, 07:11 AM
Special Member
  
Posts: 103
Default
Another example as of yesterday:

Code:
No viruses were found.

Banned name: .pdf,video/G1-4-G1-5-CR.pdf
Content type: Banned
Internal reference code for the message is 05489-06/VY8I2fu3KaRP

First upstream SMTP client IP address: [64.182.101.209] mr19.SENDER.com
According to a 'Received:' trace, the message apparently originated at:
  [69.42.11.120], mx1.SENDER.local [192.168.0.240]

Return-Path: <julie@SENDER.com>
From: Julie Sender <julie@SENDER.com>
Message-ID: <884A1F00F3D7A14992B33C4EC31F1B0E012D0605933F@mx1.SENDER.local>
Subject: FW: hillview user group PDFs
The message has been quarantined as: banned-VY8I2fu3KaRP

The message WAS NOT relayed to:
<recipient1@OURDOMAIN.org>:
   554 5.7.0 Reject, id=05489-06 - BANNED: .pdf,video/G1-4-G1-5-CR.pdf
<recipient2@OURDOMAIN.org>:
   554 5.7.0 Reject, id=05489-06 - BANNED: .pdf,video/G1-4-G1-5-CR.pdf
Headers:

Code:
Return-Path: <julie@SENDER.com>
Received: from box7.911domain.com (mr19.netdorm.com [64.182.101.209])
	by cottontail.OURDOMAIN.org (Postfix) with ESMTPS id 9D8F7CD000D;
	Mon,  1 Mar 2010 11:57:42 -0800 (PST)
Received: from ssl.SENDER.com (astound-69-42-11-120.ca.astound.net [69.42.11.120])
	by box7.911domain.com (8.13.8/8.13.8) with ESMTP id o21JwQxc001950
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK);
	Mon, 1 Mar 2010 14:58:27 -0500
X-Complaints-To: abuse@dnsExit.com
X-SPAM:        Please report Spam to abuse@dnsExit.com
        By service at http://www.dnsExit.com/Direct.sv?cmd=mailRelay
        Accounts will be suspended immediately if convicted Spam
Received: from mx1.SENDER.local ([192.168.0.240]) by mx1.SENDER.local
 ([192.168.0.240]) with mapi; Mon, 1 Mar 2010 11:57:37 -0800
From: Julie Sender <julie@SENDER.com>
To: Recipient 1 <recipient1@OURSERVER.org>,
        "recipient2@OURSERVER.org"
	<recipient2@OURSERVER.org>
CC: Brenda Recipient <brenda@SENDER.com>
Date: Mon, 1 Mar 2010 11:56:43 -0800
Subject: FW: hillview user group PDFs
Thread-Topic: hillview user group PDFs
Thread-Index: Acq5eN24cnNeA8aPSuSGhfH5YaCtjQAAF77g
Message-ID: <884A1F00F3D7A14992B33C4EC31F1B0E012D0605933F@mx1.SENDER.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/mixed;
	boundary="_004_884A1F00F3D7A14992B33C4EC31F1B0E012D0605933Fmx1SENDERlocal_"
MIME-Version: 1.0
Any ideas?
Reply With Quote
Reply
Page 2 of 2 < 1 2

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.