Title: Banned files destination
Post by: pwizard on Friday 05 June 2009, 05:36:45 pm
I use endian 2.2 and set proxy -> smtp -> file extensions -> Banned files destination: bounce
when i received email that show
A banned name (multipart/mixed | application/octet-stream,.doc,=?ISO-2022-JP?B?GyRCQTQ8UkUqJEpGYkl0RX1AKRsoQg==?= =?ISO-2022-JP?B?GyRCNEY6OklUSHc7djlgJE5JPhsoQg==?= =?ISO-2022-JP?B?GyRCMkEhShsoQkFZVBskQiFLGyhCLg==?= =?ISO-2022-JP?B?eGxz?=,�$BA4<RE*$JFbItE}@)�(B�$B4F::ITHw;v9`$NI>�(B�$B2A!J�(BAYT�$B!K�(B.xls) was found.
The mail originated from: <xxxx@xxxx>
According to the 'Received:' trace, the message originated at:
CH2046.shdnsm
The message WILL NOT BE delivered to:
<zzz@abc.com>:
554 5.7.0 Reject, id=15610-08 - BANNED: multipart/mixed | application/octet-stream,.doc,=?ISO-2022-JP?B?GyRCQTQ8UkUqJEpGYkl0RX1AKRso...
How can i get attached file for this mail ? (where path of endian to keep mail)
Many thank
pwizard
Title: Re: Banned files destination
Post by: Steve on Friday 05 June 2009, 10:35:08 pm
Endian doesn't keep the email, it's a proxy so it just passes it on.
In your case you selected 'Banned files destination: bounce' - this means that the proxy will delete the email but send a message to the sender that the mail was not delivered.
Here is an example of what the sender would receive:
BANNED FILENAME ALERT
Our content checker found
banned name: multipart/mixed | text/plain,.vb
in email presumably from you (<sender@senderdomain>), to the following recipient:
-> recepient@recepientdomain
Delivery of the email was stopped!
The message has been blocked because it contains a component
(as a MIME part or nested within) with declared name
or MIME type or contents type violating our access policy.
..... more info ....
Title: Re: Banned files destination
Post by: pwizard on Monday 08 June 2009, 06:00:04 pm
Endian doesn't keep the email, it's a proxy so it just passes it on.
In your case you selected 'Banned files destination: bounce' - this means that the proxy will delete the email but send a message to the sender that the mail was not delivered.
Here is an example of what the sender would receive:
BANNED FILENAME ALERT
Our content checker found
banned name: multipart/mixed | text/plain,.vb
in email presumably from you (<sender@senderdomain>), to the following recipient:
-> recepient@recepientdomain
Delivery of the email was stopped!
The message has been blocked because it contains a component
(as a MIME part or nested within) with declared name
or MIME type or contents type violating our access policy.
..... more info ....
Thank you so much. how to keep file extension at endian firewall ? What option i can set ?
Title: Re: Banned files destination
Post by: Steve on Monday 08 June 2009, 07:34:54 pm
You have 3 options:
DISCARD: if you choose this mode the email will be deleted
BOUNCE: if you choose this mode the email will not be delivered but bounced back to the sender in form of a non-delivery notification
P: if you choose this mode the email will be delivered normally
If you set the field 'Banned files quarantine:' to spam-quarantine the messages should be sent to this directory: /var/amavis/virusmails
I have not tested it, but this is from the Endian documentation.
Title: Re: Banned files destination
Post by: pwizard on Friday 11 September 2009, 12:37:02 pm
You have 3 options:
DISCARD: if you choose this mode the email will be deleted
BOUNCE: if you choose this mode the email will not be delivered but bounced back to the sender in form of a non-delivery notification
P: if you choose this mode the email will be delivered normally
If you set the field 'Banned files quarantine:' to spam-quarantine the messages should be sent to this directory: /var/amavis/virusmails
I have not tested it, but this is from the Endian doentation.
How to extract file in folder /var/amavis/virusmails ? Thank you.
|