Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 09 December 2024, 01:04:48 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Banned files destination
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Banned files destination  (Read 31046 times)
pwizard
Full Member
***
Offline Offline

Posts: 29


« on: Friday 05 June 2009, 05:36:45 pm »

I use endian 2.2 and set proxy -> smtp -> file extensions -> Banned files destination: bounce

when i received email that show


A banned name (multipart/mixed | application/octet-stream,.doc,=?ISO-2022-JP?B?GyRCQTQ8UkUqJEpGYkl0RX1AKRsoQg==?= =?ISO-2022-JP?B?GyRCNEY6OklUSHc7djlgJE5JPhsoQg==?= =?ISO-2022-JP?B?GyRCMkEhShsoQkFZVBskQiFLGyhCLg==?= =?ISO-2022-JP?B?eGxz?=,$BA4<RE*$JFbItE}@)(B$B4F::ITHw;v9`$NI>(B$B2A!J(BAYT$B!K(B.xls) was found.


The mail originated from: <xxxx@xxxx>

According to the 'Received:' trace, the message originated at:
   CH2046.shdnsm

The message WILL NOT BE delivered to:
<zzz@abc.com>:
   554 5.7.0 Reject, id=15610-08 - BANNED: multipart/mixed | application/octet-stream,.doc,=?ISO-2022-JP?B?GyRCQTQ8UkUqJEpGYkl0RX1AKRso...

How can i get attached file for this mail ? (where path of endian to keep mail)

Many thank
pwizard
Logged
Steve
Sr. Member
****
Offline Offline

Posts: 108



WWW
« Reply #1 on: Friday 05 June 2009, 10:35:08 pm »

Endian doesn't keep the email, it's a proxy so it just passes it on.
In your case you selected 'Banned files destination: bounce' - this means that the proxy will delete the email but send a message to the sender that the mail was not delivered.


Here is an example of what the sender would receive:


BANNED FILENAME ALERT

Our content checker found
    banned name: multipart/mixed | text/plain,.vb
in email presumably from you (<sender@senderdomain>), to the following recipient:
-> recepient@recepientdomain

Delivery of the email was stopped!

The message has been blocked because it contains a component
(as a MIME part or nested within) with declared name
or MIME type or contents type violating our access policy.
..... more info ....



Logged

                          
pwizard
Full Member
***
Offline Offline

Posts: 29


« Reply #2 on: Monday 08 June 2009, 06:00:04 pm »

Endian doesn't keep the email, it's a proxy so it just passes it on.
In your case you selected 'Banned files destination: bounce' - this means that the proxy will delete the email but send a message to the sender that the mail was not delivered.


Here is an example of what the sender would receive:


BANNED FILENAME ALERT

Our content checker found
    banned name: multipart/mixed | text/plain,.vb
in email presumably from you (<sender@senderdomain>), to the following recipient:
-> recepient@recepientdomain

Delivery of the email was stopped!

The message has been blocked because it contains a component
(as a MIME part or nested within) with declared name
or MIME type or contents type violating our access policy.
..... more info ....





Thank you so much.

how to keep file extension at endian firewall ? What option i can set ?
Logged
Steve
Sr. Member
****
Offline Offline

Posts: 108



WWW
« Reply #3 on: Monday 08 June 2009, 07:34:54 pm »

You have 3 options:
DISCARD: if you choose this mode the email will be deleted
BOUNCE: if you choose this mode the email will not be delivered but bounced back to the sender in form of a non-delivery notification
P: if you choose this mode the email will be delivered normally


If you set the field 'Banned files quarantine:' to spam-quarantine the messages should be sent to this directory: /var/amavis/virusmails

I have not tested it, but this is from the Endian documentation.



Logged

                          
pwizard
Full Member
***
Offline Offline

Posts: 29


« Reply #4 on: Friday 11 September 2009, 12:37:02 pm »

You have 3 options:
DISCARD: if you choose this mode the email will be deleted
BOUNCE: if you choose this mode the email will not be delivered but bounced back to the sender in form of a non-delivery notification
P: if you choose this mode the email will be delivered normally


If you set the field 'Banned files quarantine:' to spam-quarantine the messages should be sent to this directory: /var/amavis/virusmails

I have not tested it, but this is from the Endian doentation.


How to extract file in folder /var/amavis/virusmails ?

Thank you.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com