NoPaste

Amavis

von Anonymous

SNIPPET_TEXT:
  1. BANNED CONTENTS ALERT
  2.  
  3. Our content checker found
  4.     banned name: multipart/mixed |
  5.       application/x-ms-dos-executable,.exe,.exe-ms,TeamViewer_Setup_de.exe
  6.  
  7. in email presumably from you <user@gmx.de>
  8. to the following recipient:
  9. -> user@transtec3.mpiz-koeln.mpg.de
  10.  
  11. Our internal reference code for your message is 21450-01/DrO1OfHiUChl
  12.  
  13. First upstream SMTP client IP address: [213.165.64.20] mail.gmx.net
  14. According to a 'Received:' trace, the message originated at: [193.174.239.38],
  15.   193.174.239.38
  16.  
  17. Return-Path: <Email-Adresse>
  18. Message-ID: <20080716073815.29910@gmx.net>
  19. Subject: test anhang
  20.  
  21. Delivery of the email was stopped!
  22.  
  23. The message has been blocked because it contains a component
  24. (as a MIME part or nested within) with declared name
  25. or MIME type or contents type violating our access policy.
  26.  
  27. To transfer contents that may be considered risky or unwanted
  28. by site policies, or simply too large for mailing, please consider
  29. publishing your content on the web, and only sending an URL of the
  30. document to the recipient.
  31.  
  32. Depending on the recipient and sender site policies, with a little
  33. effort it might still be possible to send any contents (including
  34. viruses) using one of the following methods:
  35.  
  36. - encrypted using pgp, gpg or other encryption methods;
  37.  
  38. - wrapped in a password-protected or scrambled container or archive
  39.   (e.g.: zip -e, arj -g, arc g, rar -p, or other methods)
  40.  
  41. Note that if the contents is not intended to be secret, the
  42. encryption key or password may be included in the same message
  43. for recipient's convenience.
  44.  
  45. We are sorry for inconvenience if the contents was not malicious.
  46.  
  47. The purpose of these restrictions is to cut the most common propagation
  48. methods used by viruses and other malware. These often exploit automatic
  49. mechanisms and security holes in more popular mail readers (Microsoft
  50. mail readers and browsers are a common target). By requiring an explicit
  51. and decisive action from the recipient to decode mail, the danger of
  52. automatic malware propagation is largely reduced.[/code]
  53.  
  54. und ich bekomme folgende rückmeldung :-(
  55.  
  56. Kann mit bitte jemand erklären was ich falsch mache
  57. Habe extra noch einen Testserver aufgesetzt habe aber beim meinem Produktiv System sowie beim Testserver das gleiche Problem :-(
  58.  
  59.  
  60. Hier nochmal die komplette conf habe quasi alles was mit exe zutun hat freigegben (denke ich zumindest)
  61. auch vorher packen brachte leider nix
  62.  
  63.  
  64. [code]use strict;
  65.  
  66. # ADMINISTRATORS:
  67. # Debian suggests that any changes you need to do that should never
  68. # be "updated" by the Debian package should be made in another file,
  69. # overriding the settings in this file.
  70. #
  71. # The package will *not* overwrite your settings, but by keeping
  72. # them separate, you will make the task of merging changes on these
  73. # configuration files much simpler...
  74.  
  75. #   see /usr/share/doc/amavisd-new/examples/amavisd.conf-default for
  76. #       a list of all variables with their defaults;
  77. #   see /usr/share/doc/amavisd-new/examples/amavisd.conf-sample for
  78. #       a traditional-style commented file  
  79. #   [note: the above files were not converted to Debian settings!]
  80. #
  81. #   for more details see documentation in /usr/share/doc/amavisd-new
  82. #   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
  83.  
  84. $QUARANTINEDIR = "$MYHOME/virusmails";
  85. $quarantine_subdir_levels = 1; # enable quarantine dir hashing
  86.  
  87. $log_recip_templ = undef;    # disable by-recipient level-0 log entries
  88. $DO_SYSLOG = 1;              # log via syslogd (preferred)
  89. $syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
  90. $syslog_facility = 'mail';
  91. $syslog_priority = 'debug';  # switch to info to drop debug output, etc
  92.  
  93. $enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
  94. $enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
  95.  
  96. $inet_socket_port = 10024;   # default listening socket
  97.  
  98. $sa_spam_subject_tag = '*****SPAM***** ';
  99. $sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
  100. $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
  101. $sa_kill_level_deflt = 6.31; # triggers spam evasive actions
  102. $sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
  103.  
  104. $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
  105. $sa_local_tests_only = 0;    # only tests which do not require internet access?
  106.  
  107. # Quota limits to avoid bombs (like 42.zip)
  108.  
  109. $MAXLEVELS = 14;
  110. $MAXFILES = 1500;
  111. $MIN_EXPANSION_QUOTA =      100*1024;  # bytes
  112. $MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes
  113.  
  114. # You should:
  115. #   Use D_DISCARD to discard data (viruses)
  116. #   Use D_BOUNCE to generate local bounces by amavisd-new
  117. #   Use D_REJECT to generate local or remote bounces by the calling MTA
  118. #   Use D_PASS to deliver the message
  119. #
  120. # Whatever you do, *NEVER* use D_REJECT if you have other MTAs *forwarding*
  121. # mail to your account.  Use D_BOUNCE instead, otherwise you are delegating
  122. # the bounce work to your friendly forwarders, which might not like it at all.
  123. #
  124. # On dual-MTA setups, one can often D_REJECT, as this just makes your own
  125. # MTA generate the bounce message.  Test it first.
  126. #
  127. # Bouncing viruses is stupid, always discard them after you are sure the AV
  128. # is working correctly.  Bouncing real SPAM is also useless, if you cannot
  129. # D_REJECT it (and don't D_REJECT mail coming from your forwarders!).
  130.  
  131. $final_virus_destiny      = D_BOUNCE;  # (data not lost, see virus quarantine)
  132. $final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
  133. $final_spam_destiny       = D_PASS;
  134. $final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)
  135.  
  136. $virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
  137.  
  138. # Set to empty ("") to add no header
  139. $X_HEADER_LINE = "Debian $myproduct_name at $mydomain";
  140.  
  141. # REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS
  142.  
  143. #
  144. # DO NOT SEND VIRUS NOTIFICATIONS TO OUTSIDE OF YOUR DOMAIN. EVER.
  145. #
  146. # These days, almost all viruses fake the envelope sender and mail headers.
  147. # Therefore, "virus notifications" became nothing but undesired, aggravating
  148. # SPAM.  This holds true even inside one's domain.  We disable them all by
  149. # default, except for the EICAR test pattern.
  150. #
  151.  
  152. @viruses_that_fake_sender_maps = (new_RE(
  153.   [qr'\bEICAR\b'i => 0],            # av test pattern name
  154.  [qr/.*/ => 1],  # true for everything else
  155. ));
  156.  
  157. @keep_decoded_original_maps = (new_RE(
  158. # qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  159.  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  160.  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
  161. # qr'^Zip archive data',     # don't trust Archive::Zip
  162. ));
  163.  
  164.  
  165. # for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample
  166.  
  167. $banned_filename_re = new_RE(
  168. # qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
  169.  
  170.   # block certain double extensions anywhere in the base name
  171. #  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
  172.  
  173.   qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict
  174.  
  175. #  qr'^application/x-msdownload$'i,                  # block these MIME types
  176. #  qr'^application/x-msdos-program$'i,
  177. #  qr'^application/hta$'i,
  178.  
  179. # qr'^application/x-msmetafile$'i,      # Windows Metafile MIME type
  180. # qr'^\.wmf$',                          # Windows Metafile file(1) type
  181.  
  182. # qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types
  183.  
  184.  [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed
  185. [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
  186. [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives
  187.  
  188. #  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
  189. # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
  190. #        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
  191. #        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
  192. #        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long
  193.  
  194. # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
  195.  
  196. #  qr'^\.(exe-ms)$',                       # banned file(1) types
  197. # qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
  198. );
  199. # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
  200. # and http://www.cknow.com/vtutor/vtextensions.htm
  201.  
  202.  
  203. # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
  204.  
  205. @score_sender_maps = ({ # a by-recipient hash lookup table,
  206.                        # results from all matching recipient tables are summed
  207.  
  208. # ## per-recipient personal tables  (NOTE: positive: black, negative: white)
  209. # 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
  210. # 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
  211. # 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
  212. #                           '.cleargreen.com'           => -5.0}],
  213.  
  214.   ## site-wide opinions about senders (the '.' matches any recipient)
  215.  '.' => [  # the _first_ matching sender determines the score boost
  216.  
  217.    new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
  218.    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
  219.     [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
  220.     [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
  221.     [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
  222.     [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
  223.     [qr'^(your_friend|greatoffers)@'i                                => 5.0],
  224.     [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
  225.    ),
  226.  
  227. #  read_hash("/var/amavis/sender_scores_sitewide"),
  228.  
  229.    { # a hash-type lookup table (associative array)
  230.     'nobody@cert.org'                        => -3.0,
  231.      'cert-advisory@us-cert.gov'              => -3.0,
  232.      'owner-alert@iss.net'                    => -3.0,
  233.      'slashdot@slashdot.org'                  => -3.0,
  234.      'securityfocus.com'                      => -3.0,
  235.      'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
  236.      'security-alerts@linuxsecurity.com'      => -3.0,
  237.      'mailman-announce-admin@python.org'      => -3.0,
  238.      'amavis-user-admin@lists.sourceforge.net'=> -3.0,
  239.      'amavis-user-bounces@lists.sourceforge.net' => -3.0,
  240.      'spamassassin.apache.org'                => -3.0,
  241.      'notification-return@lists.sophos.com'   => -3.0,
  242.      'owner-postfix-users@postfix.org'        => -3.0,
  243.      'owner-postfix-announce@postfix.org'     => -3.0,
  244.      'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
  245.      'sendmail-announce-request@lists.sendmail.org' => -3.0,
  246.      'donotreply@sendmail.org'                => -3.0,
  247.      'ca+envelope@sendmail.org'               => -3.0,
  248.      'noreply@freshmeat.net'                  => -3.0,
  249.      'owner-technews@postel.acm.org'          => -3.0,
  250.      'ietf-123-owner@loki.ietf.org'           => -3.0,
  251.      'cvs-commits-list-admin@gnome.org'       => -3.0,
  252.      'rt-users-admin@lists.fsck.com'          => -3.0,
  253.      'clp-request@comp.nus.edu.sg'            => -3.0,
  254.      'surveys-errors@lists.nua.ie'            => -3.0,
  255.      'emailnews@genomeweb.com'                => -5.0,
  256.      'yahoo-dev-null@yahoo-inc.com'           => -3.0,
  257.      'returns.groups.yahoo.com'               => -3.0,
  258.      'clusternews@linuxnetworx.com'           => -3.0,
  259.      lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
  260.      lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
  261.  
  262.      # soft-blacklisting (positive score)
  263.     'sender@example.net'                     =>  3.0,
  264.      '.example.net'                           =>  1.0,
  265.  
  266.    },
  267.   ],  # end of site-wide tables
  268. });
  269.  
  270. 1;  # ensure a defined return

Quellcode

Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN

Verlinken

URL: alles markieren
https://nopaste.debianforum.de/9636

BBCode: alles markieren
[NP]9636[/NP]

LATEST_SNIPPETS