1

Topic: How to block attachments for specific users

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====
iRedMail -0.8.1 openldap backend
Centos 6.2  64 bit

Hi Zhang,

I want to restrict specific users not to send any attachements. I found in forum with amavisd integrated with ldap can manage this. How can this be achieved .

Kindly advice.

Thanks,
Regards,
Mohan

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: How to block attachments for specific users

Try this:

- Add below content in /etc/amavisd/amavisd.conf and restart Amavisd service:

%banned_rules = (
  'BLOCK_ALL' =>  new_RE(
    [ qr'^text/plain$'i => 0 ],
    [ qr'^\.[a-zA-Z0-9]*$'   => 1 ] ),
  'DEFAULT' => $banned_filename_re,
);

- Login to phpLDAPadmin, add below LDAP attribute and value for your user:

amavisBannedRuleNames=BLOCK_ALL

Then verify it by sending a testing email.

Let me know whether it works for you or not.

== UPDATE ==
If you're running MySQL/PostgreSQL backend, you can add per recipient settings in amavisd.conf directly like below:

@banned_filename_maps = ({
  'user@domain.ltd' => 'BLOCK_ALL',
  '.' => 'DEFAULT',
});

3

Re: How to block attachments for specific users

Hi Zhang,

I have added new attribute amavisBannedFilesLover in phpldapadmin, but for this attribute I can set only true or false value, not able to set value amavisBannedFilesLover=BLOCK_ALL value.

Kindly advice.
Thanks,
Regards,
Mohan

4

Re: How to block attachments for specific users

My mistake, it's amavisBannedRuleNames.

P.S. Multiple rule names (you must defined them in amavisd.conf before using them) must be separated by comma. For example:

amavisBannedRuleNames=RULE1,RULE2,RULE3,...

5 (edited by mohan 2012-08-01 10:39:50)

Re: How to block attachments for specific users

Hi Zhang,

I have added the rule in amavisBannedRuleNames=BLOCK_ALL in phpldapadmin  and also added the lines you have suggested in amavisd.conf  file and restarted amavisd service. But attachment is getting delivered, not getting restricted.

Thanks,
Regards,
Mohan

6

Re: How to block attachments for specific users

Hi ,

Kindly update on this.

Regards,
Mohan

7

Re: How to block attachments for specific users

It works for me.

mohan wrote:

I have added the rule in amavisBannedRuleNames=BLOCK_ALL in phpldapadmin  and also added the lines you have suggested in amavisd.conf  file and restarted amavisd service. But attachment is getting delivered, not getting restricted.

What's the Amavisd log in /var/log/maillog? Did you see log similar with below one (the red text):

Aug  1 22:07:42 ob amavis[5974]: (05974-01) Passed BANNED (application/octet-stream,.image,.jpg,back.JPG) {RelayedTaggedInternal,Quarantined}, MYNETS/MYUSERS LOCAL [127.0.0.1]:43489 [127.0.0.1] <postmaster@a.cn> -> <postmaster@a.cn>, quarantine: banned-A_CCb_V-2cOq, Queue-ID: 09B0E27047, Message-ID: <434d1c7609222b9b504be119c122ac6d@a.cn>, mail_id: A_CCb_V-2cOq, Hits: -8.811, size: 3490186, queued_as: BF9A627048, dkim_new=dkim:a.cn, 11891 ms

If you want to discard it, please make sure you have below setting in amavisd.conf:

$final_banned_destiny     = D_DISCARD;

Then you will get log like below, and email won't be delivered to mailbox:

Aug  1 22:09:47 ob amavis[5756]: (05756-01) Blocked BANNED (application/octet-stream,.image,.jpg,back.JPG) {DiscardedInternal,Quarantined}, MYNETS/MYUSERS LOCAL [127.0.0.1]:28099 [127.0.0.1] <postmaster@a.cn> -> <postmaster@a.cn>, quarantine: banned-ddLUdUk8EUir, Queue-ID: 17E252704F, Message-ID: <d2375688ba5b7637d3e63db36d3a0fa4@a.cn>, mail_id: ddLUdUk8EUir, Hits: -, size: 3490186, 2271 ms

If you prefer quarantining banned email instead of discarding them directly, please uncomment below lines in amavisd.conf:

$banned_files_quarantine_method = 'sql:';
$banned_quarantine_to = 'banned-quarantine';

Then you can manage quarantined emails with iRedAdmin-Pro.

8

Re: How to block attachments for specific users

Hi Zhang,

I have added the following lines in the beginning of amavisd.conf file.

"%banned_rules = (
  'BLOCK_ALL' =>  new_RE(
    [ qr'^text/plain$'i => 0 ],
    [ qr'^\.[a-zA-Z0-9]*$'   => 1 ] ),
  'DEFAULT' => $banned_filename_re,
);

I have enable loglevel=5 and final_banned_destiny=D_DISCARD
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_DISCARD;
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_BOUNCE;


I sent a test mail with attachment, it is getting delivered and also in maillog I can't find any Passed BANNED and Blocked BANNED strings.

Kindly advice.
Thanks,
Mohan

9

Re: How to block attachments for specific users

Please related log in /var/log/maillog to help troubleshoot.
It works for me here with a FRESH OS and default iRedMail installation.

10

Re: How to block attachments for specific users

Hi Zhang,

I have pasted the maillog for your reference, Kindly advice.
mail postfix/qmgr[1952]: 894A580BC3: from=<abc@test1.com>, size=15167, nrcpt=1 (queue active)
Aug  6 18:19:25 mail roundcube: User abc@test1.com [192.168.1.116]; Message for test@live.in; 250: 2.0.0 Ok: queued as 894A580BC3
Aug  6 18:19:25 mail amavis[6067]: Net::Server: 2012/08/06-18:19:25 CONNECT TCP Peer: "127.0.0.1:38629" Local: "127.0.0.1:10024"
Aug  6 18:19:25 mail amavis[6067]: loaded base policy bank
Aug  6 18:19:25 mail amavis[6067]: lookup_ip_acl (inet_acl): key="127.0.0.1" matches "127.0.0.1", result=1
Aug  6 18:19:25 mail amavis[6067]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Aug  6 18:19:25 mail amavis[6067]: switch_to_my_time     480 s, new request
Aug  6 18:19:25 mail amavis[6067]: process_request: suggested_protocol="" on TCP
Aug  6 18:19:25 mail amavis[6067]: (06067-01) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_client_time 480 s, smtp response sent
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 4: was busy, 4.5 ms, total idle 0.000 s, busy 0.004 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 5: was idle, 0.2 ms, total idle 0.000 s, busy 0.004 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) SMTP< EHLO mail.test.com\r\n
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_my_time     480 s, SMTP EHLO received
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250-[127.0.0.1]
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250-VRFY
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250-PIPELINING
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250-SIZE
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250-ENHANCEDSTATUSCODES
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250-8BITMIME
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250-DSN
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250 XFORWARD NAME ADDR PORT PROTO HELO SOURCE
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_client_time 480 s, smtp response sent
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 6: was busy, 2.0 ms, total idle 0.000 s, busy 0.006 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.000 s, busy 0.006 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP< XFORWARD NAME=localhost ADDR=127.0.0.1 PORT=41186\r\n
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_my_time     480 s, SMTP XFORWARD received
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250 2.5.0 Ok XFORWARD
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_client_time 480 s, smtp response sent
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 6: was busy, 1.1 ms, total idle 0.000 s, busy 0.008 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 5: was idle, 0.2 ms, total idle 0.001 s, busy 0.008 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP< XFORWARD PROTO=ESMTP HELO=192.168.1.156 SOURCE=LOCAL\r\n
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_my_time     480 s, SMTP XFORWARD received
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250 2.5.0 Ok XFORWARD
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_client_time 480 s, smtp response sent
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 6: was busy, 0.7 ms, total idle 0.001 s, busy 0.008 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 5: was idle, 0.2 ms, total idle 0.001 s, busy 0.008 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP< MAIL FROM:<abc@test1.com> SIZE=15167\r\n
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_my_time     480 s, SMTP MAIL received
Aug  6 18:19:25 mail amavis[6067]: (06067-01) check_mail_begin_task: task_count=1
Aug  6 18:19:25 mail amavis[6067]: (06067-01) TempDir::prepare: creating directory /var/spool/amavisd/tmp/amavis-20120806T181925-06067
Aug  6 18:19:25 mail amavis[6067]: (06067-01) TempDir::prepare_file: creating file /var/spool/amavisd/tmp/amavis-20120806T181925-06067/email.txt
Aug  6 18:19:25 mail amavis[6067]: (06067-01) TempDir::prepare_file: layers: unix,perlio
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ip_acl: key="127.0.0.1" matches "127.0.0.0/8", result=1
Aug  6 18:19:25 mail amavis[6067]: (06067-01) loaded policy bank "MYNETS"
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_acl(abc@test1.com) matches key "test1.com", result=1
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup [local_domains] => true,  "abc@test1.com" matches, result="1", matching_key="test1.com"
Aug  6 18:19:25 mail amavis[6067]: (06067-01) query_keys: abc@test1.com, abc, @test1.com, @.test1.com, @.com, @.
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ldap "abc@test1.com", query keys: "abc@test1.com", "abc", "@test1.com", "@.test1.com", "@.com", "@.", base: o=domains,dc=test,dc=com, filter: (&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(mail=%m)(shadowAddress=%m)))
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ldap begin_work
Aug  6 18:19:25 mail amavis[6067]: (06067-01) Connecting to LDAP server
Aug  6 18:19:25 mail amavis[6067]: (06067-01) connect_to_ldap: trying 127.0.0.1
Aug  6 18:19:25 mail amavis[6067]: (06067-01) connect_to_ldap: connected to 127.0.0.1
Aug  6 18:19:25 mail amavis[6067]: (06067-01) connect_to_ldap: bind cn=vmail,dc=test,dc=com succeeded
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ldap: searching base="o=domains,dc=test,dc=com", scope="sub", filter="(&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(|(mail=abc@test1.com)(mail=abc)(mail=@test1.com)(mail=@.test1.com)(mail=@.com)(mail=@.))(|(shadowAddress=abc@test1.com)(shadowAddress=abc)(shadowAddress=@test1.com)(shadowAddress=@.test1.com)(shadowAddress=@.com)(shadowAddress=@.))))"
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ldap(abc@test1.com) matches, result=(amavislocal=>"TRUE", amavisbannedrulenames=>"BLOCK_ALL", dn=>"mail=abc@test1.com,ou=Users,domainName=test1.com,o=domains,dc=test,dc=com")
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ldap_attr(amavislocal) "abc@test1.com" result=(1)
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup [local_domains] => true,  "abc@test1.com" matches, result="1", matching_key="amavislocal=>"TRUE", amavisbannedrulenames=>"BLOCK_ALL", dn=>"mail=abc@test1.com,ou=Users,domainName=test1.com,o=domains,dc=test,dc=com""
Aug  6 18:19:25 mail amavis[6067]: (06067-01) loaded policy bank "MYUSERS" over "MYNETS"
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup [debug_sender] => undef, "abc@test1.com" does not match
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250 2.1.0 Sender <abc@test1.com> OK
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_client_time 480 s, smtp response sent
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 6: was busy, 12.6 ms, total idle 0.001 s, busy 0.021 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.001 s, busy 0.021 s
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP< RCPT TO:<test@live.in> ORCPT=rfc822;test@live.in\r\n
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_my_time     480 s, SMTP RCPT received
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_acl(test@live.in), no match
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup [local_domains] => undef, "test@live.in" does not match
Aug  6 18:19:25 mail amavis[6067]: (06067-01) query_keys: test@live.in, @live.in, @.live.in, @.in, @.
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ldap "test@live.in", query keys: "test@live.in", "@live.in", "@.live.in", "@.in", "@.", base: o=domains,dc=test,dc=com, filter: (&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(mail=%m)(shadowAddress=%m)))
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ldap begin_work
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ldap: searching base="o=domains,dc=test,dc=com", scope="sub", filter="(&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(|(mail=test@live.in)(mail=@live.in)(mail=@.live.in)(mail=@.in)(mail=@.))(|(shadowAddress=test@live.in)(shadowAddress=@live.in)(shadowAddress=@.live.in)(shadowAddress=@.in)(shadowAddress=@.))))"
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ldap, "test@live.in" no match
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup_ldap_attr(amavismessagesizelimit), "test@live.in" no matching records
Aug  6 18:19:25 mail amavis[6067]: (06067-01) lookup [message_size_limit] => undef, "test@live.in" does not match
Aug  6 18:19:25 mail amavis[6067]: (06067-01) ESMTP> 250 2.1.5 Recipient <test@live.in> OK
Aug  6 18:19:25 mail amavis[6067]: (06067-01) switch_to_client_time 480 s, smtp response sent

Thanks,
Mohan

11

Re: How to block attachments for specific users

Could you please paste me whole /etc/amavisd.conf? Remove SQL/LDAP username and password before pasting please.

12

Re: How to block attachments for specific users

Hi Zhang,

I have pasted the amavisd.conf file below for your reference.

use strict;

# a minimalistic configuration file for amavisd-new with all necessary settings
#
#   see amavisd.conf-default for a list of all variables with their defaults;
#   see amavisd.conf-sample for a traditional-style commented file;
#   for more details see documentation in INSTALL, README_FILES/*
#   and at http://www.ijs.si/software/amavisd/amav … -docs.html


# COMMONLY ADJUSTED SETTINGS:

# @bypass_virus_checks_maps = (1);  # controls running of anti-virus code
# @bypass_spam_checks_maps  = (1);  # controls running of anti-spam code
# $bypass_decode_parts = 1;         # controls running of decoders&dearchivers

$max_servers = 2;            # num of pre-forked children (2..30 is common), -m
$daemon_user  = 'amavis';     # (no default;  customary: vscan or amavis), -u
$daemon_group = 'amavis';     # (no default;  customary: vscan or amavis), -g

$mydomain = "mail.test.com";    # = 'example.com';   # a convenient default for other settings

$MYHOME = '/var/spool/amavisd';   # a convenient default for other settings, -H
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = "/var/spool/amavisd/quarantine";
# $quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine
# $release_format = 'resend';     # 'attach', 'plain', 'resend'
# $report_format  = 'arf';        # 'attach', 'plain', 'resend', 'arf'

# $daemon_chroot_dir = $MYHOME;   # chroot directory or undef, -R

$db_home   = "$MYHOME/db";        # dir for bdb nanny/cache/snmp databases, -D
# $helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S
$lock_file = "/var/run/amavisd/amavisd.lock";  # -L
$pid_file  = "/var/run/amavisd/amavisd.pid";   # -P
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

$log_level = 5;              # verbosity 0..5, -d
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_facility = 'mail';   # Syslog facility as a string
           # e.g.: mail, daemon, user, local0, ... local7
$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
           # choose from: emerg, alert, crit, err, warning, notice, info, debug

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
$enable_dkim_verification = 1;  # enable DKIM signatures verification
$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key

@local_domains_maps = ( [".$mydomain","test1.com"] );  # list of all local domains

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
               # option(s) -p overrides $inet_socket_port and $unix_socketname

$inet_socket_port = [10024, 9998];
# $inet_socket_port = [10024, 9998];

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 1, # enables disclaimer insertion if available
};

# it is up to MTA to re-route mail from authenticated roaming users or
# from internal hosts to a dedicated TCP port (such as 10026) for filtering
$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["root\@$mydomain"],
  spam_admin_maps  => ["root\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname

# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c
# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'):
$policy_bank{'AM.PDP-SOCK'} = {
  protocol => 'AM.PDP',
  auth_required_release => 0,  # do not require secret_id for amavisd-release
};

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces

$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

# @lookup_sql_dsn =
#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database

# $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP;
#   defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)

$virus_admin               = undef;                    # notifications recip.

$mailfrom_notify_admin     = undef;                    # notifications sender
$mailfrom_notify_recip     = undef;                    # notifications sender
$mailfrom_notify_spamadmin = undef;                    # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps      = ('virus');
@addr_extension_banned_maps     = ('banned');
@addr_extension_spam_maps       = ('spam');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+';  # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# $dspam = 'dspam';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 0;  # MIME-wrap passed mail containing banned name
# for defanging bad headers only turn on certain minor contents categories:
$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR character in header
$defang_by_ccat{+CC_BADH.",5"} = 1;  # header line longer than 998 characters
$defang_by_ccat{+CC_BADH.",6"} = 1;  # header field syntax error


# OTHER MORE COMMON SETTINGS (defaults may suffice):

# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!

# $notify_method  = 'smtp:[127.0.0.1]:10025';
# $forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!

$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_BOUNCE;
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_BOUNCE;
# $bad_header_quarantine_method = undef;

# $os_fingerprint_method = 'p0f:*:2345';  # to query p0f-analyzer.pl

## hierarchy by which a final setting is chosen:
##   policy bank (based on port or IP address) -> *_by_ccat
##   *_by_ccat (based on mail contents) -> *_maps
##   *_maps (based on recipient address) -> final configuration value


# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)

# $warnbadhsender,
# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
#
# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
# @bypass_banned_checks_maps, @bypass_header_checks_maps,
#
# @virus_lovers_maps, @spam_lovers_maps,
# @banned_files_lovers_maps, @bad_header_lovers_maps,
#
# @blacklist_sender_maps, @score_sender_maps,
#
# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to,
# $bad_header_quarantine_to, $spam_quarantine_to,
#
# $defang_bad_header, $defang_undecipherable, $defang_spam


# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS

@keep_decoded_original_maps = (new_RE(
  qr'^MAIL$',   # retain full original message for virus checking
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));


# for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample

$banned_filename_re = new_RE(

### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
# qr'^\.(exe|lha|cab|dll)$',              # banned file(1) types

### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
# [ qr'^\.(gz|bz2)$'             => 0 ],  # allow any in gzip or bzip2
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives

  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
# qr'^\.zip$',                            # block zip type

### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within these archives

  qr'^application/x-msdownload$'i,        # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

# qr'^message/partial$'i,         # rfc2046 MIME type
# qr'^message/external-body$'i,   # rfc2046 MIME type

# qr'^(application/x-msmetafile|image/x-wmf)$'i,  # Windows Metafile MIME type
# qr'^\.wmf$',                            # Windows Metafile file(1) type

  # block certain double extensions in filenames
  qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,

# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose

  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
#        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
#        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long
# qr'.\.(ani|cur|ico)$'i,                 # banned cursors and icons filename
# qr'^\.ani$',                            # banned animated cursor file(1) type

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
);
# See http://support.microsoft.com/default.as … US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm


# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING


@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed

# ## per-recipient personal tables  (NOTE: positive: black, negative: white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
#                           '.cleargreen.com'           => -5.0}],

  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,

   },
  ],  # end of site-wide tables
});


@decoders = (
  ['mail', \&do_mime_decode],
  ['asc',  \&do_ascii],
  ['uue',  \&do_ascii],
  ['hqx',  \&do_ascii],
  ['ync',  \&do_ascii],
  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
  ['gz',   \&do_uncompress,  'gzip -d'],
  ['gz',   \&do_gunzip],
  ['bz2',  \&do_uncompress,  'bzip2 -d'],
  ['lzo',  \&do_uncompress,  'lzop -d'],
  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['deb',  \&do_ar,          'ar'],
# ['a',    \&do_ar,          'ar'],  # unpacking .a seems an overkill

['zip',  \&do_unzip],
  ['7z',   \&do_7zip,       ['7zr','7za','7z'] ],
  ['rar',  \&do_unrar,      ['rar','unrar'] ],
  ['arj',  \&do_unarj,      ['arj','unarj'] ],
  ['arc',  \&do_arc,        ['nomarch','arc'] ],
  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
  ['lha',  \&do_lha,         'lha'],
# ['doc',  \&do_ole,         'ripole'],
  ['cab',  \&do_cabextract,  'cabextract'],
  ['tnef', \&do_tnef_ext,    'tnef'],
  ['tnef', \&do_tnef],
# ['sit',  \&do_unstuff,     'unstuff'],  # broken/unsafe decoder
  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);
$sa_debug = 0;
# Set hostname.
$myhostname = "mail.test.com";

# Set listen IP/PORT.
$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';

# Set default action.
# Available actions: D_PASS, D_BOUNCE, D_REJECT, D_DISCARD.
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_PASS;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;

@av_scanners = (

    #### http://www.clamav.net/
    ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
    qr/\bOK$/, qr/\bFOUND$/,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

@av_scanners_backup = (

    ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
    ['ClamAV-clamscan', 'clamscan',

"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

# This policy will perform virus checks only.
#$interface_policy{'10026'} = 'VIRUSONLY';
#$policy_bank{'VIRUSONLY'} = { # mail from the pickup daemon
#    bypass_spam_checks_maps   => [1],  # don't spam-check this mail
#    bypass_banned_checks_maps => [1],  # don't banned-check this mail
#    bypass_header_checks_maps => [1],  # don't header-check this mail
#};

# Allow SASL authenticated users to bypass scanning. Typically SASL
# users already submit messages to the submission port (587) or the
# smtps port (465):
#$interface_policy{'10026'} = 'SASLBYPASS';
#$policy_bank{'SASLBYPASS'} = {  # mail from submission and smtps ports
#    bypass_spam_checks_maps   => [1],  # don't spam-check this mail
#    bypass_banned_checks_maps => [1],  # don't banned-check this mail
#    bypass_header_checks_maps => [1],  # don't header-check this mail
#};

# Apply to mails which coming from internal networks or authenticated
# roaming users.
# mail supposedly originating from our users
$policy_bank{'MYUSERS'} = {
    # declare that mail was submitted by our smtp client
    originating => 1,

    # enables disclaimer insertion if available
    allow_disclaimers => 1,

    # notify administrator of locally originating malware
    virus_admin_maps => ["root\@$mydomain"],
    spam_admin_maps  => ["root\@$mydomain"],
    warnbadhsender   => 0,

    # forward to a smtpd service providing DKIM signing service
    #forward_method => 'smtp:[127.0.0.1]:10027',

# force MTA conversion to 7-bit (e.g. before DKIM signing)
    smtpd_discard_ehlo_keywords => ['8BITMIME'],

    # don't remove NOTIFY=SUCCESS option
    terminate_dsn_on_notify_success => 0,

    # don't perform spam/virus/header check.
    #bypass_spam_checks_maps => [1],
    #bypass_virus_checks_maps => [1],
    #bypass_header_checks_maps => [1],

    # allow sending any file names and types
    #bypass_banned_checks_maps => [1],
};

# regular incoming mail, originating from anywhere (usually from outside)
#$policy_bank{'EXT'} = {
#  # just use global settings, no special overrides
#};

#
# Port used to release quarantined mails.
#
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
    protocol => 'AM.PDP',       # select Amavis policy delegation protocol
    inet_acl => [qw( 127.0.0.1 [::1] )],    # restrict access to these IP addresses
    auth_required_release => 1,    # 0 - don't require secret_id for amavisd-release
    #log_level => 4,
    #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},
};

#########################
# Quarantine mails.
#

# Don't quarantine mails with bad header.
$bad_header_quarantine_method = undef;

# Quarantine SPAM.
#$spam_quarantine_to = 'spam-quarantine';
# Quarantine method. How to store mail body.
#   - 'local:spam-%i-%m', store mail on local file system.
#   - 'sql:', store mail body in MySQL.
#$spam_quarantine_method = 'sql:';

#########################
# Quarantine VIRUS mails.
#
#$virus_quarantine_to     = 'virus-quarantine';
#$virus_quarantine_method = 'sql:';

#########################
# Quarantine BANNED mails.
#
#$banned_files_quarantine_method = 'sql:';
#$banned_quarantine_to = 'banned-quarantine';


# Modify email subject, add '$sa_spam_subject_tag'.
#   0:  disable
#   1:  enable
$sa_spam_modifies_subj = 1;

# remove existing headers
#$remove_existing_x_scanned_headers= 0;
#$remove_existing_spam_headers = 0;

# Leave empty (undef) to add no header.
# Modify /usr/sbin/amavisd or /usr/sbin/amavisd-new file to add customize header in:
#
#   sub add_forwarding_header_edits_per_recip
#
#$X_HEADER_TAG = 'X-Virus-Scanned';
#$X_HEADER_LINE = "by amavisd at $myhostname";

# Notify virus sender?
#$warnvirussender = 0;

# Notify spam sender?
#$warnspamsender = 0;

# Notify sender of banned files?
$warnbannedsender = 0;

# Notify sender of syntactically invalid header containing non-ASCII characters?
$warnbadhsender = 0;

# Notify virus (or banned files) RECIPIENT?
#  (not very useful, but some policies demand it)
$warnvirusrecip = 0;
$warnbannedrecip = 0;

# Notify also non-local virus/banned recipients if $warn*recip is true?
#  (including those not matching local_domains*)
$warn_offsite = 0;

#$notify_sender_templ      = read_text('/var/amavis/notify_sender.txt');
#$notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
#$notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
#$notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
#$notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
#$notify_spam_admin_templ  = read_text('/var/amavis/notify_spam_admin.txt');

$sql_allow_8bit_address = 1;
$timestamp_fmt_mysql = 1;
# Hope to fix 'nested MAIL command' issue on high load server.
$smtp_connection_cache_enable = 0;

# The default set of header fields to be signed can be controlled
# by setting %signed_header_fields elements to true (to sign) or
# to false (not to sign). Keys must be in lowercase, e.g.:
# 0 -> off
# 1 -> on
$signed_header_fields{'received'} = 0;
$signed_header_fields{'to'} = 1;

# Make sure it sings all inbound mails, avoid error log like this:
# 'dkim: not signing inbound mail'.
$originating = 1;
# Add dkim_key here.
dkim_key("test1.com", "dkim", "/var/lib/dkim/test1.com.pem");

# Note that signing mail for subdomains with a key of a parent
# domain is treated by recipients as a third-party key, which
# may 'hold less merit' in their eyes. If one has a choice,
# it is better to publish a key for each domain (e.g. host1.a.cn)
# if mail is really coming from it. Sharing a pem file
# for multiple domains may be acceptable, so you don't need
# to generate a different key for each subdomain, but you
# do need to publish it in each subdomain. It is probably
# easier to avoid sending addresses like host1.a.cn and
# always use a parent domain (a.cn) in 'From:', thus
# avoiding the issue altogether.
#dkim_key("host1.test1.com", "dkim", "/var/lib/dkim/test1.com.pem");
#dkim_key("host3.test1.com", "dkim", "/var/lib/dkim/test1.com.pem");

# Add new dkim_key for other domain.
#dkim_key('Your_New_Domain_Name', 'dkim', 'Your_New_Pem_File');

@dkim_signature_options_bysender_maps = ( {
    # ------------------------------------
    # For domain: test1.com.
    # ------------------------------------
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key

    #'postmaster@test1.com'    => { d => "test1.com", a => 'rsa-sha256', ttl =>  7*24*3600 },
    #"spam-reporter@test1.com"    => { d => "test1.com", a => 'rsa-sha256', ttl =>  7*24*3600 },

    # explicit 'd' forces a third-party signature on foreign (hosted) domains
    "test1.com"  => { d => "test1.com", a => 'rsa-sha256', ttl => 10*24*3600 },
    #"host1.test1.com"  => { d => "host1.test1.com", a => 'rsa-sha256', ttl => 10*24*3600 },
    #"host2.test1.com"  => { d => "host2.test1.com", a => 'rsa-sha256', ttl => 10*24*3600 },
    # ---- End domain: test1.com ----

    # catchall defaults
    '.' => { a => 'rsa-sha256', c => 'relaxed/simple', ttl => 30*24*3600 },
} );
# ------------ Disclaimer Setting ---------------
# Uncomment this line to enable singing disclaimer in outgoing mails.
#$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];
# Program used to signing disclaimer in outgoing mails.
$altermime = '/usr/bin/altermime';

# Disclaimer in plain text formart.
@altermime_args_disclaimer = qw(--disclaimer=/etc/postfix/disclaimer/_OPTION_.txt --disclaimer-

html=/etc/postfix/disclaimer/_OPTION_.txt --force-for-bad-html);

@disclaimer_options_bysender_maps = ({
    # Per-domain disclaimer setting: /etc/postfix/disclaimer/host1.iredmail.org.txt
    #'host1.iredmail.org' => 'host1.iredmail.org',

    # Sub-domain disclaimer setting: /etc/postfix/disclaimer/iredmail.org.txt
    #'.iredmail.org'      => 'iredmail.org',

    # Per-user disclaimer setting: /etc/postfix/disclaimer/boss.iredmail.org.txt
    #'boss@iredmail.org'  => 'boss.iredmail.org',

    # Catch-all disclaimer setting: /etc/postfix/disclaimer/default.txt
    '.' => 'default',
},);
# ------------ End Disclaimer Setting ---------------
# Integrate Amavisd-new with OpenLDAP.
$enable_ldap    = 1;    # 1 -> enable, 0 -> disable.
$default_ldap   = {
    hostname        => "127.0.0.1",
    port            => 389,
    version         => 3,
    tls             => 0,
    timeout         => 120,
    base            => "o=domains,dc=test,dc=com",
    scope           => "sub",
    query_filter    => "(&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(mail=%m)(shadowAddress=

%m)))",
    bind_dn         => "cn=vmail,dc=test,dc=com",
    bind_password   => "XXXXXXXXXXXXXXXXXXXXX",
};
@storage_sql_dsn = (
    ['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'amavisd', 'xxxxxxxxxxxxxxxxxxxxx'],
);
#@lookup_sql_dsn = @storage_sql_dsn;

1;  # insure a defined return
%banned_rules = (
'BLOCK_ALL' =>  new_RE(
    [ qr'^text/plain$'i => 0 ],
    [ qr'^\.[a-zA-Z0-9]*$'   => 1 ] ),
  'DEFAULT' => $banned_filename_re,
);

Thanks,
Regards,
Mohan

13

Re: How to block attachments for specific users

1;  # insure a defined return
%banned_rules = (
'BLOCK_ALL' =>  new_RE(
    [ qr'^text/plain$'i => 0 ],
    [ qr'^\.[a-zA-Z0-9]*$'   => 1 ] ),
  'DEFAULT' => $banned_filename_re,
);

In amavisd.conf, you MUST always leave the line marked in red the last line. So it MUST be:

%banned_rules = (
'BLOCK_ALL' =>  new_RE(
    [ qr'^text/plain$'i => 0 ],
    [ qr'^\.[a-zA-Z0-9]*$'   => 1 ] ),
  'DEFAULT' => $banned_filename_re,
);

1;  # insure a defined return

Please restart Amavisd servivce and test it again.

14

Re: How to block attachments for specific users

Hi Zhang,
I have now made entries in amavisd.conf file like as what you have mentioned and restarted amavisd service and tested mail is getting delivered with attachment not getting quarantined.

In maillog I can find Passed CLEAN, MYNETS/MYUSERS[127.0.0.1] , I have pasted the log for your reference below:

Aug  7 19:23:41 mail amavis[4979]: (04979-01) Passed CLEAN, MYNETS/MYUSERS [127.0.0.1] [127.0.0.1] <abc@test1.com> ->

Kindly advice,

Thanks,
Regards,
Mohan

15

Re: How to block attachments for specific users

No idea yet. You have correct Amavisd settings and LDAP values.

Could you please paste me Amavisd debug log after you modified amavisd.conf? Just like this one: http://www.iredmail.org/forum/post17482.html#p17482

16

Re: How to block attachments for specific users

Hi Zhang,

I have pasted the maillog for your reference.


Aug  8 09:25:44 mail postfix/qmgr[3766]: EF26180C25: from=<abc@test1.com>, size=381718, nrcpt=1 (queue active)
Aug  8 09:25:44 mail roundcube: User abc@test1.com [192.168.1.116]; Message for testmail8@gmail.com; 250: 2.0.0 Ok: queued as EF26180C25
Aug  8 09:25:44 mail amavis[7556]: Net::Server: 2012/08/08-09:25:44 CONNECT TCP Peer: "127.0.0.1:41165" Local: "127.0.0.1:10024"
Aug  8 09:25:44 mail amavis[7556]: loaded base policy bank
Aug  8 09:25:44 mail amavis[7556]: lookup_ip_acl (inet_acl): key="127.0.0.1" matches "127.0.0.1", result=1
Aug  8 09:25:44 mail amavis[7556]: process_request: fileno sock=13, STDIN=0, STDOUT=1
Aug  8 09:25:44 mail amavis[7556]: switch_to_my_time     480 s, new request
Aug  8 09:25:44 mail amavis[7556]: process_request: suggested_protocol="" on TCP
Aug  8 09:25:44 mail amavis[7556]: (07556-01) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_client_time 480 s, smtp response sent
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 4: was busy, 4.6 ms, total idle 0.000 s, busy 0.005 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 5: was idle, 0.2 ms, total idle 0.000 s, busy 0.005 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) SMTP< EHLO mail.test.com\r\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_my_time     480 s, SMTP EHLO received
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250-[127.0.0.1]
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250-VRFY
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250-PIPELINING
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250-SIZE
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250-ENHANCEDSTATUSCODES
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250-8BITMIME
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250-DSN
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250 XFORWARD NAME ADDR PORT PROTO HELO SOURCE
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_client_time 480 s, smtp response sent
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 6: was busy, 1.8 ms, total idle 0.000 s, busy 0.006 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.000 s, busy 0.006 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP< XFORWARD NAME=localhost ADDR=127.0.0.1 PORT=59581\r\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_my_time     480 s, SMTP XFORWARD received
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250 2.5.0 Ok XFORWARD
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_client_time 480 s, smtp response sent
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 6: was busy, 5.1 ms, total idle 0.000 s, busy 0.012 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.000 s, busy 0.012 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP< XFORWARD PROTO=ESMTP HELO=192.168.1.156 SOURCE=LOCAL\r\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_my_time     480 s, SMTP XFORWARD received
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250 2.5.0 Ok XFORWARD
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_client_time 480 s, smtp response sent
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 6: was busy, 1.9 ms, total idle 0.000 s, busy 0.013 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.001 s, busy 0.013 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP< MAIL FROM:<abc@test1.com> SIZE=381718\r\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_my_time     480 s, SMTP MAIL received
Aug  8 09:25:44 mail amavis[7556]: (07556-01) check_mail_begin_task: task_count=1
Aug  8 09:25:44 mail amavis[7556]: (07556-01) TempDir::prepare: creating directory /var/spool/amavisd/tmp/amavis-20120808T092544-07556
Aug  8 09:25:44 mail amavis[7556]: (07556-01) TempDir::prepare_file: creating file /var/spool/amavisd/tmp/amavis-20120808T092544-07556/email.txt
Aug  8 09:25:44 mail amavis[7556]: (07556-01) TempDir::prepare_file: layers: unix,perlio
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ip_acl: key="127.0.0.1" matches "127.0.0.0/8", result=1
Aug  8 09:25:44 mail amavis[7556]: (07556-01) loaded policy bank "MYNETS"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_acl(abc@test1.com) matches key "test1.com", result=1
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [local_domains] => true,  "abc@test1.com" matches, result="1", matching_key="test1.com"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) query_keys: abc@test1.com, abc, @test1.com, @.test1.com, @.com, @.
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap "abc@test1.com", query keys: "abc@test1.com", "abc", "@test1.com", "@.test1.com", "@.com", "@.", base: o=domains,dc=test,dc=com, filter: (&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(mail=%m)(shadowAddress=%m)))
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ldap begin_work
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Connecting to LDAP server
Aug  8 09:25:44 mail amavis[7556]: (07556-01) connect_to_ldap: trying 127.0.0.1
Aug  8 09:25:44 mail amavis[7556]: (07556-01) connect_to_ldap: connected to 127.0.0.1
Aug  8 09:25:44 mail amavis[7556]: (07556-01) connect_to_ldap: bind cn=vmail,dc=test,dc=com succeeded
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap: searching base="o=domains,dc=test,dc=com", scope="sub", filter="(&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(|(mail=abc@test1.com)(mail=abc)(mail=@test1.com)(mail=@.test1.com)(mail=@.com)(mail=@.))(|(shadowAddress=abc@test1.com)(shadowAddress=abc)(shadowAddress=@test1.com)(shadowAddress=@.test1.com)(shadowAddress=@.com)(shadowAddress=@.))))"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap(abc@test1.com) matches, result=(amavislocal=>"TRUE", amavisbannedrulenames=>"BLOCK_ALL", dn=>"mail=abc@test1.com,ou=Users,domainName=test1.com,o=domains,dc=test,dc=com")
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavislocal) "abc@test1.com" result=(1)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [local_domains] => true,  "abc@test1.com" matches, result="1", matching_key="amavislocal=>"TRUE", amavisbannedrulenames=>"BLOCK_ALL", dn=>"mail=abc@test1.com,ou=Users,domainName=test1.com,o=domains,dc=test,dc=com""
Aug  8 09:25:44 mail amavis[7556]: (07556-01) loaded policy bank "MYUSERS" over "MYNETS"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [debug_sender] => undef, "abc@test1.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250 2.1.0 Sender <abc@test1.com> OK
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_client_time 480 s, smtp response sent
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 6: was busy, 23.0 ms, total idle 0.001 s, busy 0.036 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 5: was idle, 0.2 ms, total idle 0.001 s, busy 0.036 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP< RCPT TO:<testmail8@gmail.com> ORCPT=rfc822;testmail8@gmail.com\r\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_my_time     480 s, SMTP RCPT received
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_acl(testmail8@gmail.com), no match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [local_domains] => undef, "testmail8@gmail.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) query_keys: testmail8@gmail.com, @gmail.com, @.gmail.com, @.com, @.
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap "testmail8@gmail.com", query keys: "testmail8@gmail.com", "@gmail.com", "@.gmail.com", "@.com", "@.", base: o=domains,dc=test,dc=com, filter: (&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(mail=%m)(shadowAddress=%m)))
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ldap begin_work
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap: searching base="o=domains,dc=test,dc=com", scope="sub", filter="(&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(|(mail=testmail8@gmail.com)(mail=@gmail.com)(mail=@.gmail.com)(mail=@.com)(mail=@.))(|(shadowAddress=testmail8@gmail.com)(shadowAddress=@gmail.com)(shadowAddress=@.gmail.com)(shadowAddress=@.com)(shadowAddress=@.))))"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap, "testmail8@gmail.com" no match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavismessagesizelimit), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [message_size_limit] => undef, "testmail8@gmail.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 250 2.1.5 Recipient <testmail8@gmail.com> OK
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_client_time 480 s, smtp response sent
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 6: was busy, 6.8 ms, total idle 0.001 s, busy 0.043 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) idle_proc, 5: was idle, 0.5 ms, total idle 0.001 s, busy 0.043 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP< DATA\r\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_my_time     480 s, SMTP DATA received
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP::10024 /var/spool/amavisd/tmp/amavis-20120808T092544-07556: <abc@test1.com> -> <testmail8@gmail.com> SIZE=381718 Received: from mail.test.com ([127.0.0.1]) by localhost (mail.test.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <testmail8@gmail.com>; Wed,  8 Aug 2012 09:25:44 +0530 (IST)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP> 354 End data with <CR><LF>.<CR><LF>
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_client_time 480 s, smtp response sent
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_client_time 480 s, receiving data
Aug  8 09:25:44 mail amavis[7556]: (07556-01) switch_to_my_time     480 s, data-end received
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ESMTP< .<CR><LF>
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Actual message size 381684 B less than the declared 381718 B
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer digest_init: timer set to 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) get_body_digest: reading header section
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer digest_hdr: timer set to 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) get_body_digest: reading mail body
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer digest_body: timer set to 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) body type (ESMTP BODY): unlabeled, good (h=0, b=0)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) body hash: 19c7fb0b674ea79266b16a46704e06e1
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Original mail size: 381684; quota set to: 190842000 bytes
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql begin, nontransaction
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Connecting to SQL database server
Aug  8 09:25:44 mail amavis[7556]: (07556-01) connect_to_sql: trying 'DBI:mysql:database=amavisd;host=127.0.0.1;port=3306'
Aug  8 09:25:44 mail amavis[7556]: (07556-01) connect_to_sql: 'DBI:mysql:database=amavisd;host=127.0.0.1;port=3306' succeeded
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql: preparing and executing: SELECT id FROM maddr WHERE partition_tag=? AND email=?
Aug  8 09:25:44 mail amavis[7556]: (07556-01) save_info_preliminary: 8, abc@test1.com, exists
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql begin, nontransaction
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Connecting to SQL database server
Aug  8 09:25:44 mail amavis[7556]: (07556-01) connect_to_sql: trying 'DBI:mysql:database=amavisd;host=127.0.0.1;port=3306'
Aug  8 09:25:44 mail amavis[7556]: (07556-01) connect_to_sql: 'DBI:mysql:database=amavisd;host=127.0.0.1;port=3306' succeeded
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql: preparing and executing: SELECT id FROM maddr WHERE partition_tag=? AND email=?
Aug  8 09:25:44 mail amavis[7556]: (07556-01) save_info_preliminary: 8, abc@test1.com, exists
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql begin, nontransaction
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql: executing clause: SELECT id FROM maddr WHERE partition_tag=? AND email=?
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql begin, nontransaction
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql: preparing and executing: INSERT INTO maddr (partition_tag, email, domain) VALUES (?,?,?)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql begin, nontransaction
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql: executing clause: SELECT id FROM maddr WHERE partition_tag=? AND email=?
Aug  8 09:25:44 mail amavis[7556]: (07556-01) find_or_save_addr: record inserted, id=30, testmail8@gmail.com
Aug  8 09:25:44 mail amavis[7556]: (07556-01) save_info_preliminary 5AGnn9pDidtH, recip id: 30, testmail8@gmail.com, new
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql begin transaction
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql: preparing and executing: INSERT INTO msgs (partition_tag, mail_id, secret_id, am_id, time_num, time_iso, sid, policy, client_addr, size, host) VALUES (?,?,?,?,?,?,?,?,?,?,?)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) sql commit
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Checking: 5AGnn9pDidtH MYNETS/MYUSERS [127.0.0.1] <abc@test1.com> -> <testmail8@gmail.com>
Aug  8 09:25:44 mail amavis[7556]: (07556-01) 2822.From: <abc@test1.com>
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavislocal), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_acl(testmail8@gmail.com), no match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [local_domains] => undef, "testmail8@gmail.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisbypassviruschecks), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) query_keys: testmail8@gmail.com, testmail8@, gmail.com, .gmail.com, .com, .
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_hash(testmail8@gmail.com), no matches
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [bypass_virus_checks] => undef, "testmail8@gmail.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisbypassbannedchecks), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) query_keys: testmail8@gmail.com, testmail8@, gmail.com, .gmail.com, .com, .
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_hash(testmail8@gmail.com), no matches
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [bypass_banned_checks] => undef, "testmail8@gmail.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisbypassspamchecks), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) query_keys: testmail8@gmail.com, testmail8@, gmail.com, .gmail.com, .com, .
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_hash(testmail8@gmail.com), no matches
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [bypass_spam_checks] => undef, "testmail8@gmail.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Open relay? Nonlocal recips but not originating: testmail8@gmail.com
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Extracting mime components
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Issued a new file name: p001
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Issued a new file name: p002
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Issued a new pseudo part: p003
Aug  8 09:25:44 mail amavis[7556]: (07556-01) p003 1 Content-Type: multipart/mixed
Aug  8 09:25:44 mail amavis[7556]: (07556-01) mime_decode_epilogue: 1 lines
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Charging 4 bytes to remaining quota 190842000 (out of 190842000, (0%)) - by mime_decode
Aug  8 09:25:44 mail amavis[7556]: (07556-01) p001 1/1 Content-Type: text/plain, size: 4 B, name:
Aug  8 09:25:44 mail amavis[7556]: (07556-01) reparenting p001 from p000 to p003
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Charging 278282 bytes to remaining quota 190841996 (out of 190842000, (0%)) - by mime_decode
Aug  8 09:25:44 mail amavis[7556]: (07556-01) p002 1/2 Content-Type: image/png, size: 278282 B, name: Search.png
Aug  8 09:25:44 mail amavis[7556]: (07556-01) reparenting p002 from p000 to p003
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer mime_decode: remaining time = 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer mime_decode-1: remaining time = 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) inspect_dsn: parts: multipart/mixed, text/plain, image/png
Aug  8 09:25:44 mail amavis[7556]: (07556-01) inspect_dsn: not a bounce
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer dsn_parse: remaining time = 480 s
Aug  8 09:25:44 mail postfix/smtpd[8644]: disconnect from localhost[127.0.0.1]
Aug  8 09:25:44 mail amavis[7556]: (07556-01) decode_parts: level=1, #parts=3 : p001, p002, p003
Aug  8 09:25:44 mail amavis[7556]: (07556-01) running file(1) on 2 files, arglist size 23
Aug  8 09:25:44 mail amavis[7556]: (07556-01) run_command: [8649] /usr/bin/file p001 p002 </dev/null 2>&1
Aug  8 09:25:44 mail amavis[8649]: (07556-01) open_on_specific_fd: target fd0 closing, to become < /dev/null
Aug  8 09:25:44 mail amavis[8649]: (07556-01) open_on_specific_fd: target fd1 closing, to become > &=18
Aug  8 09:25:44 mail amavis[8649]: (07556-01) open_on_specific_fd: target fd1 dup2 from fd18 > &=18
Aug  8 09:25:44 mail amavis[8649]: (07556-01) open_on_specific_fd: source fd18 closed
Aug  8 09:25:44 mail amavis[8649]: (07556-01) open_on_specific_fd: target fd2 closing, to become > &1
Aug  8 09:25:44 mail amavis[8649]: (07556-01) open_on_specific_fd: target fd2 dup2 from fd1 > &1
Aug  8 09:25:44 mail amavis[7556]: (07556-01) result line from file(1): p001: ASCII text, with no line terminators\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_re("ASCII text, with no line terminators") matches key "(?i-xsm:^(ASCII|text)\b)", result="asc"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [map_full_type_to_short_type] => true,  "ASCII text, with no line terminators" matches, result="asc", matching_key="(?i-xsm:^(ASCII|text)\\b)"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) File-type of p001: ASCII text, with no line terminators; (asc)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) result line from file(1): p002: PNG image data, 1343 x 1813, 8-bit/color RGBA, non-interlaced\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_re("PNG image data, 1343 x 1813, 8-bit/color RGBA, non-interlaced") matches key "(?-xism:^PNG image data\b)", result=["image","png"]
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [map_full_type_to_short_type] => true,  "PNG image data, 1343 x 1813, 8-bit/color RGBA, non-interlaced" matches, result=["image","png"], matching_key="(?-xism:^PNG image data\\b)"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) File-type of p002: PNG image data, 1343 x 1813, 8-bit/color RGBA, non-interlaced; (image, png)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) do_ascii: Decoding part p001
Aug  8 09:25:44 mail amavis[7556]: (07556-01) do_ascii: Setting sigaction handler, was 0
Aug  8 09:25:44 mail amavis[7556]: (07556-01) timer set to 320 s (was 480 s)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) do_ascii: Decoding part p001 (0 items), uulib V0.5pl20
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer do_ascii: timer set to 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) decompose_part: p001 - atomic
Aug  8 09:25:44 mail amavis[7556]: (07556-01) decompose_part: p002 - atomic
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer parts_decode: remaining time = 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisbypassheaderchecks), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) query_keys: testmail8@gmail.com, testmail8@, gmail.com, .gmail.com, .com, .
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_hash(testmail8@gmail.com), no matches
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [bypass_header_checks] => undef, "testmail8@gmail.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) check_header: 0, OK
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisbypassheaderchecks), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) query_keys: testmail8@gmail.com, testmail8@, gmail.com, .gmail.com, .com, .
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_hash(testmail8@gmail.com), no matches
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [bypass_header_checks] => undef, "testmail8@gmail.com" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Checking for banned types and filenames
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisbannedrulenames), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup: (scalar) matches, result="DEFAULT"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [banned_filename], 1 matches for "testmail8@gmail.com", results: "(constant:DEFAULT)"=>"DEFAULT"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) collect banned table[0]: testmail8@gmail.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x2188238)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) starting banned checks - traversing message structure tree
Aug  8 09:25:44 mail amavis[7556]: (07556-01) check_for_banned (p003,p001) multipart/mixed | text/plain,.asc
Aug  8 09:25:44 mail amavis[7556]: (07556-01) doing banned check for testmail8@gmail.com on multipart/mixed | text/plain,.asc
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_re(["multipart/mixed","text/plain",".asc"]), no matches
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [check_bann:testmail8@gmail.com] => undef, ["multipart/mixed","text/plain",".asc"] does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [banned_namepath_re] => undef, "P=p003\tL=1\tM=multipart/mixed\nP=p001\tL=1/1\tM=text/plain\tT=asc" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) p.path testmail8@gmail.com: "P=p003,L=1,M=multipart/mixed | P=p001,L=1/1,M=text/plain,T=asc"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) check_for_banned (p003,p002) multipart/mixed | image/png,.image,.png,Search.png
Aug  8 09:25:44 mail amavis[7556]: (07556-01) doing banned check for testmail8@gmail.com on multipart/mixed | image/png,.image,.png,Search.png
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_re(["multipart/mixed","image/png",".image",".png","Search.png"]), no matches
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [check_bann:testmail8@gmail.com] => undef, ["multipart/mixed","image/png",".image",".png","Search.png"] does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [banned_namepath_re] => undef, "P=p003\tL=1\tM=multipart/mixed\nP=p002\tL=1/2\tM=image/png\tT=image\tT=png\tN=Search.png" does not match
Aug  8 09:25:44 mail amavis[7556]: (07556-01) p.path testmail8@gmail.com: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=image/png,T=image,T=png,N=Search.png"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) banned check: any=0, all=N (1)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_re("MAIL") matches key "(?-xism:^MAIL$)", result="1"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup [keep_decoded_original] => true,  "MAIL" matches, result="1", matching_key="(?-xism:^MAIL$)"
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Issued a new file name: p004
Aug  8 09:25:44 mail amavis[7556]: (07556-01) presenting full original message to scanners as /var/spool/amavisd/tmp/amavis-20120808T092544-07556/parts/p004
Aug  8 09:25:44 mail amavis[7556]: (07556-01) Calling virus scanners, 3 files to scan in /var/spool/amavisd/tmp/amavis-20120808T092544-07556/parts
Aug  8 09:25:44 mail amavis[7556]: (07556-01) run_av (ClamAV-clamd): query template(1,2): CONTSCAN {}\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer run_av: timer set to 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer run_av: timer set to 384 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ask_av Using (ClamAV-clamd): CONTSCAN /var/spool/amavisd/tmp/amavis-20120808T092544-07556/parts\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ask_daemon_internal: timer set to 10 s (was 384 s)
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ClamAV-clamd: Connecting to socket  /tmp/clamd.socket
Aug  8 09:25:44 mail amavis[7556]: (07556-01) creating socket by IO::Socket::UNIX to /tmp/clamd.socket
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/tmp/amavis-20120808T092544-07556/parts\n to UNIX socket /tmp/clamd.socket
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer ask_daemon_internal: timer set to 307 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer ask_daemon_internal: timer set to 384 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) prolong_timer ask_av: timer set to 480 s
Aug  8 09:25:44 mail amavis[7556]: (07556-01) ask_av (ClamAV-clamd) result: /var/spool/amavisd/tmp/amavis-20120808T092544-07556/parts: OK\n
Aug  8 09:25:44 mail amavis[7556]: (07556-01) run_av (ClamAV-clamd): CLEAN
Aug  8 09:25:44 mail amavis[7556]: (07556-01) run_av (ClamAV-clamd) result: clean
Aug  8 09:25:44 mail amavis[7556]: (07556-01) wbl: checking sender <abc@test1.com>
Aug  8 09:25:44 mail amavis[7556]: (07556-01) query_keys: abc@test1.com, @test1.com, @.test1.com, @.com, @.
Aug  8 09:25:44 mail amavis[7556]: (07556-01) wbl: (LDAP) query keys: "abc@test1.com", "@test1.com", "@.test1.com", "@.com", "@."
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisblacklistsender), "testmail8@gmail.com" no matching records
Aug  8 09:25:44 mail amavis[7556]: (07556-01) lookup => undef, "testmail8@gmail.com" does not match
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisspamkilllevel), "testmail8@gmail.com" no matching records
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup: (scalar) matches, result="6.9"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup [spam_kill_level] => true,  "testmail8@gmail.com" matches, result="6.9", matching_key="(constant:6.9)"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavismessagesizelimit), "testmail8@gmail.com" no matching records
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup [message_size_limit] => undef, "testmail8@gmail.com" does not match
Aug  8 09:26:08 mail amavis[7556]: (07556-01) final_destiny (ccat=0) is PASS, recip testmail8@gmail.com
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup: (scalar) matches, result="disclaimer"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup [Mangling1] => true,  "testmail8@gmail.com" matches, result="disclaimer", matching_key="(constant:disclaimer)"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavislocal) "abc@test1.com" result=(1)
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup [local_domains] => true,  "abc@test1.com" matches, result="1", matching_key="/cached/"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) mangling YES: disclaimer (orig: disclaimer), discl_allowed=1, <abc@test1.com> -> <testmail8@gmail.com>
Aug  8 09:26:08 mail amavis[7556]: (07556-01) final_destiny PASS, recip testmail8@gmail.com
Aug  8 09:26:08 mail amavis[7556]: (07556-01) do_notify_and_quar: ccat=Clean (1,0) ("1":Clean, "0":CatchAll) ccat_block=(), qar_mth=
Aug  8 09:26:08 mail amavis[7556]: (07556-01) skip admin notification, no administrators
Aug  8 09:26:08 mail amavis[7556]: (07556-01) do_notify_and_quarantine - done
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisspamtaglevel), "testmail8@gmail.com" no matching records
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup: (scalar) matches, result="2"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup [spam_tag_level] => true,  "testmail8@gmail.com" matches, result="2", matching_key="(constant:2)"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavisspamtag2level), "testmail8@gmail.com" no matching records
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup: (scalar) matches, result="6.2"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup [spam_tag2_level] => true,  "testmail8@gmail.com" matches, result="6.2", matching_key="(constant:6.2)"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) headers CLUSTERING: NEW CLUSTER <testmail8@gmail.com>: score=-9.998, tag=0, tag2=0, local=0, bl=, s=, mangle=disclaimer
Aug  8 09:26:08 mail amavis[7556]: (07556-01) header: X-Amavis-Modified: Mail body modified (using disclaimer) - mail.test.com\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) header: X-Virus-Scanned: amavisd-new at mail.test.com\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) header: Received: from mail.test.com ([127.0.0.1])\n\tby localhost (mail.test.com [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 5AGnn9pDidtH for <testmail8@gmail.com>;\n\tWed,  8 Aug 2012 09:25:44 +0530 (IST)\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) headers CLUSTERING: done all 1 recips in one go
Aug  8 09:26:08 mail amavis[7556]: (07556-01) mangling by: disclaimer, <testmail8@gmail.com>
Aug  8 09:26:08 mail amavis[7556]: (07556-01) disclaimer options lookup (2822.From) abc@test1.com
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup_ldap_attr(amavislocal) "abc@test1.com" result=(1)
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup [local_domains] => true,  "abc@test1.com" matches, result="1", matching_key="/cached/"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) query_keys: abc@test1.com, abc@, test1.com, .test1.com, .com, .
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup_hash(abc@test1.com) matches key ".", result=default
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup => true,  "abc@test1.com" matches, result="default", matching_key="."
Aug  8 09:26:08 mail amavis[7556]: (07556-01) disclaimer options pertaining to (2822.From) abc@test1.com: default
Aug  8 09:26:08 mail amavis[7556]: (07556-01) run_command: [8660] /usr/bin/altermime --input=/var/spool/amavisd/tmp/amavis-20120808T092544-07556/email-repl.txt --disclaimer=/etc/postfix/disclaimer/default.txt --disclaimer-html=/etc/postfix/disclaimer/default.txt --force-for-bad-html </dev/null 2>&1
Aug  8 09:26:08 mail amavis[8660]: (07556-01) open_on_specific_fd: target fd0 closing, to become < /dev/null
Aug  8 09:26:08 mail amavis[8660]: (07556-01) open_on_specific_fd: target fd1 closing, to become > &=18
Aug  8 09:26:08 mail amavis[8660]: (07556-01) open_on_specific_fd: target fd1 dup2 from fd18 > &=18
Aug  8 09:26:08 mail amavis[8660]: (07556-01) open_on_specific_fd: source fd18 closed
Aug  8 09:26:08 mail amavis[8660]: (07556-01) open_on_specific_fd: target fd2 closing, to become > &1
Aug  8 09:26:08 mail amavis[8660]: (07556-01) open_on_specific_fd: target fd2 dup2 from fd1 > &1
Aug  8 09:26:08 mail amavis[7556]: (07556-01) collect_results from [8660] (/usr/bin/altermime), 0 bytes, (limit 16384)
Aug  8 09:26:08 mail amavis[7556]: (07556-01) mangling by altermime (disclaimer) done, new size: 376778, orig 381684 bytes
Aug  8 09:26:08 mail amavis[7556]: (07556-01) mail body mangling in effect,
Aug  8 09:26:08 mail amavis[7556]: (07556-01) dkim: not signing mail which is not originating from inside
Aug  8 09:26:08 mail amavis[7556]: (07556-01) (about to connect to [127.0.0.1]:10025) FWD via SMTP: <abc@test1.com> -> <testmail8@gmail.com>
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp session: setting up a new session
Aug  8 09:26:08 mail amavis[7556]: (07556-01) establish_or_refresh, state: down
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp creating socket by IO::Socket::INET to [127.0.0.1]:10025
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=1, flush=0, wr=0, timeout=35
Aug  8 09:26:08 mail postfix/smtpd[8661]: connect from localhost[127.0.0.1]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: receiving
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop read 33 chars< 220 mail.test.com ESMTP Postfix\r\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp resp to greeting: 220 mail.test.com ESMTP Postfix
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp cmd> EHLO localhost
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=300
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 16> EHLO localhost\r\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=1, flush=0, wr=0, timeout=300
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: receiving
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop read 156 chars< 250-mail.test.com\r\n250-PIPELINING\r\n250-SIZE 15728640\r\n250-ETRN\r\n250-AUTH PLAIN LOGIN\r\n250-AUTH=PLAIN LOGIN\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250 DSN\r\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp resp to EHLO: 250 mail.test.com\nPIPELINING\nSIZE 15728640\nETRN\nAUTH PLAIN LOGIN\nAUTH=PLAIN LOGIN\nENHANCEDSTATUSCODES\n8BITMIME\nDSN
Aug  8 09:26:08 mail amavis[7556]: (07556-01) Remote host presents itself as: mail.test.com, handles DSN, handles PIPELINING

Aug  8 09:26:08 mail amavis[7556]: (07556-01) AUTH not needed, user='', MTA offers 'PLAIN LOGIN'
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp cmd> MAIL FROM:<abc@test1.com> BODY=7BIT
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp cmd> RCPT TO:<testmail8@gmail.com> ORCPT=rfc822;testmail8@gmail.com
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp cmd> DATA
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=120
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 107> MAIL FROM:<abc@test1.com> BODY=7BIT\r\nRCPT TO:<testmail8@gmail.com> ORCPT=rfc822;testmail8@gmail.com\r\nDATA\r\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=1, flush=0, wr=0, timeout=300
Aug  8 09:26:08 mail postfix/smtpd[8661]: 8CA7680BE4: client=localhost[127.0.0.1]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: receiving
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop read 65 chars< 250 2.1.0 Ok\r\n250 2.1.5 Ok\r\n354 End data with <CR><LF>.<CR><LF>\r\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp resp to MAIL (pip): 250 2.1.0 Ok
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp resp to RCPT (pip) (<testmail8@gmail.com>): 250 2.1.5 Ok
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF>
Aug  8 09:26:08 mail amavis[7556]: (07556-01) write_header: 0, Amavis::Out::SMTP::Protocol=HASH(0x1ae0d20)
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=180
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail postfix/cleanup[8647]: 8CA7680BE4: message-id=<f34a9419bb32318216e70d1b3fb1a55c@test1.com>
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 50651> X-Amavis-Modified: Mail body modified (using disclaimer) - mail.test.com\r\nX-Virus-Scanned: amavisd-new at mail.test.com\r\nReceived: from mail.test.com ([127.0.0.1])\r\n\tby localhost (mail.test.com [127.0 [...]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=180
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 49790> Qlil6945OF8zmID46e446dfsVOhR6c/H3HEEXL22Wf7t1r8\r\nHRCYM2eOLFiwIGRh56OKZZYJmxQ7zao1sc7/crWZMGLgrZyKYCpQ22ZBbhap9W8CnImHlg2rwqlN\r\nZx83blzog/5tGz7FZaRa/3bMnb4etx6n27c7aBpljlr/Jt75PqV9/okTn/2HVZeju2aosdK+V [...]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=180
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 49791> +oR78+Iq42zi9+0vqObBc\r\n6i1R2bi7VFX3kD79260aN61B69uOqnzvHq28sUFHv/1djb38ch1/fZ2OHenQ2CUPuN4HdPXq1Zo2\r\nbZo1zd0MP4cMGaJdu3apsbFRU6YYI0j3r9apA6tU3XC9Tu39uU52lGjfByfU3VOmH79xWg8+/CPP\r\nHvYFoyNpappiTySzFRrme [...]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=180
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 49790> kAAJkAAJkAAJkAAJ6J8AxU/955ARhI8Axc/wsaXlEBOYaPEzxO7THAmQAAmQAAmQAAmQAAmQ\r\nAAmQAAlMGAGr1RrSvhITE4U95b15SDugMRIIEwGKn2ECS7OhJzDR4mdubm7og6BFEiABEiABEiAB\r\nEiABEiABEiABEggxAc78DDFQmjMUAYqfhkqnsYOh+Gns/DI6 [...]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=180
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 49790> D4ybuDBLQJUPzk3aEbAv4WP3UDho6SAAmQAAmQAAmQAAmQ\r\nAAmQAAmQgIqAxWLxKZO4uDhhT/nZ3KcD0BgJTBEBip9TBJZmfU/A3+JnVlaW74OgRRIgARIgARIg\r\nARIgARIgARIgARLwMQGu/PQxUJoLKQIUP0MqnaEdDMXP0M4voyMBEiABEiABEiABEiABEiABEv [...]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=180
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 49791> uc+hJPvrfs/5/OErWLU4\r\nF2f7gBPHq/GvRVlCwPTnVVdXJyo95dftt98uxE+r1SrEzwsXLqC4uBj79u1DV1cXsrOzsWDBAn/M\r\n81oSIAESIAESIAEdEKD4qYMk0cVJI0Dxc9LQc2J/CYSz+PnS5s3+hoN1a9f6PYYDSIAESIAEQkNA\r\nbnV/5oMFeLzoL9Cb1IH+oU [...]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=180
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 49790> PzUQZLo4qQRoPg5aeg5sL8EKH76S4ztSYAESIAEAiUglro/88ESPF7wF+hN6ED/UCdGFMYi\r\nhH9Hm6ci9lYifvvp63j1j477XQIvip9rBfGzrBWovVCFbffPlFZw+vpoampCd3c3pk2bhtbWVjQ0\r\nNGBgYEAqdR8eHpbET1EEzcjIQHp6uiSMJiYmUgD1FTDbkQAJk [...]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp cmd> QUIT
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=0, flush=1, wr=1, timeout=456
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: sending
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop sent 32638> gARIgARIggcglQPEzcnNDz8JPgOJn+HNAD/wkoAfxs3Lv\r\nJ16jiYmJkW5CzYi3xOK+e+/CpImfjbtQvv4EitaVY7nVT9DyYcG2c3YRTPtg2gQQkl+HButDsO20\r\nnAq1Pb+C50EkQAJKAivfvxsPS2t91g1eQHX9eddHeTcX4FJ9tUv4lD/YUP+XyJ4yB/93aAfefOh [...]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: needline=1, flush=0, wr=0, timeout=456
Aug  8 09:26:08 mail postfix/qmgr[3766]: 8CA7680BE4: from=<abc@test1.com>, size=382227, nrcpt=1 (queue active)
Aug  8 09:26:08 mail postfix/smtpd[8661]: disconnect from localhost[127.0.0.1]
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop: receiving
Aug  8 09:26:08 mail amavis[7556]: (07556-01) rw_loop read 51 chars< 250 2.0.0 Ok: queued as 8CA7680BE4\r\n221 2.0.0 Bye\r\n
Aug  8 09:26:08 mail amavis[7556]: (07556-01) smtp resp to data-dot (<testmail8@gmail.com>): 250 2.0.0 Ok: queued as 8CA7680BE4
Aug  8 09:26:08 mail amavis[7556]: (07556-01) Amavis::Out::SMTP::Session close, disconnecting
Aug  8 09:26:08 mail amavis[7556]: (07556-01) prolong_timer fwd-end-chkpnt: timer set to 456 s
Aug  8 09:26:08 mail amavis[7556]: (07556-01) FWD via SMTP: <abc@test1.com> -> <testmail8@gmail.com>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8CA7680BE4
Aug  8 09:26:08 mail amavis[7556]: (07556-01) prolong_timer forwarding: remaining time = 456 s
Aug  8 09:26:08 mail amavis[7556]: (07556-01) DSN: sender NOT credible, SA: -9.998, <abc@test1.com>
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup: (scalar) matches, result="10"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) lookup [spam_dsn_cutoff_level_bysender] => true,  "abc@test1.com" matches, result="10", matching_key="(constant:10)"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) dsn: from MTA 250 NonBlocking:Clean <abc@test1.com> -> <testmail8@gmail.com>: on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=1, mta_resp: "250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8CA7680BE4"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) DSN: SUCC from MTA 250 NonBlocking:Clean, no DSN requested: <abc@test1.com> -> <testmail8@gmail.com>
Aug  8 09:26:08 mail amavis[7556]: (07556-01) one_response_for_all <abc@test1.com>: success, r=0,b=0,d=0, ndn_needed=0, '250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8CA7680BE4'
Aug  8 09:26:08 mail amavis[7556]: (07556-01) parse_ip_address_from_received: 127.0.0.1
Aug  8 09:26:08 mail amavis[7556]: (07556-01) Passed CLEAN, MYNETS/MYUSERS [127.0.0.1] [127.0.0.1] <abc@test1.com> -> <testmail8@gmail.com>, Message-ID: <f34a9419bb32318216e70d1b3fb1a55c@test1.com>, mail_id: 5AGnn9pDidtH, Hits: -9.998, size: 381684, queued_as: 8CA7680BE4, 24334 ms
Aug  8 09:26:08 mail amavis[7556]: (07556-01) prolong_timer main_log_entry: remaining time = 456 s
Aug  8 09:26:08 mail amavis[7556]: (07556-01) sql begin transaction
Aug  8 09:26:08 mail amavis[7556]: (07556-01) sql: preparing and executing: INSERT INTO msgrcpt (partition_tag, mail_id, rid, ds, rs, bl, wl, bspam_level, smtp_resp) VALUES (?,?,?,?,?,?,?,?,?)
Aug  8 09:26:08 mail amavis[7556]: (07556-01) save_info_final 5AGnn9pDidtH, C,  , , N, -9.998, Message-ID: <f34a9419bb32318216e70d1b3fb1a55c@test1.com>, From: 'abc@test1.com', Subject: 'test for attachment restriction'
Aug  8 09:26:08 mail amavis[7556]: (07556-01) sql: preparing and executing: UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?, spam_level=?, message_id=?, from_addr=?, subject=?, client_addr=? WHERE partition_tag=? AND mail_id=?
Aug  8 09:26:08 mail amavis[7556]: (07556-01) sql commit
Aug  8 09:26:08 mail amavis[7556]: (07556-01) TIMING-SA total 23598 ms - parse: 27 (0.1%), extract_message_metadata: 340 (1.4%), poll_dns_idle: 306 (1.3%), get_uri_detail_list: 0.43 (0.0%), tests_pri_-1000: 3 (0.0%), tests_pri_-950: 1.64 (0.0%), tests_pri_-900: 1.30 (0.0%), tests_pri_-400: 1.02 (0.0%), tests_pri_0: 23008 (97.5%), check_dkim_adsp: 20001 (84.8%), check_spf: 0.28 (0.0%), check_razor2: 2934 (12.4%), check_pyzor: 0.31 (0.0%), tests_pri_500: 4 (0.0%), learn: 197 (0.8%), get_report: 1.23 (0.0%)
Aug  8 09:26:08 mail amavis[7556]: (07556-01) updating snmp variables
Aug  8 09:26:08 mail amavis[7556]: (07556-01) prolong_timer check done: remaining time = 456 s
Aug  8 09:26:08 mail amavis[7556]: (07556-01) sending SMTP response: "250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8CA7680BE4"
Aug  8 09:26:08 mail amavis[7556]: (07556-01) ESMTP> 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8CA7680BE4
Aug  8 09:26:08 mail postfix/smtp[8648]: EF26180C25: to=<testmail8@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=25, delays=0.81/0.01/0.01/24, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8CA7680BE4)
Aug  8 09:26:08 mail postfix/qmgr[3766]: EF26180C25: removed


Thanks,
Regards,
Mohan

17

Re: How to block attachments for specific users

Could you please comment out "bypass_banned_checks_maps" in policy_bank "ORIGINATING" and try again?

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  ...
  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  ...
};

18

Re: How to block attachments for specific users

Hi Zhang,

I have commented as you have mentioned and restarted amavisd service and checked by sending test mail with attachment it is getting delivered. I have pasted the commented line in amavisd.conf file below.

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["root\@$mydomain"],
  spam_admin_maps  => ["root\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  # bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

Kindly advice,
Thanks,
Regards,
Mohan

19

Re: How to block attachments for specific users

Does it work if you add below settings in amavisd.conf?

@banned_filename_maps = ({
  'testmail8@gmail.com' => 'BLOCK_ALL',
  '.' => 'DEFAULT',
});

Restarting Amavisd, then send testing email.

20

Re: How to block attachments for specific users

Hi Zhang,

I have now added the lines you have mentioned, and tried to send mail with attachment it is getting delivered, in maillog I can find "Passed_BANNED" word. as you mentioned previoulsy in http://www.iredmail.org/forum/post17384.html#p17384 . I have pasted the maillog for your reference below:
ug  9 15:21:49 mail amavis[17119]: (17119-01) parse_ip_address_from_received: 127.0.0.1
Aug  9 15:21:49 mail amavis[17119]: (17119-01) Passed BANNED (application/vnd.ms-powerpoint,.dat,Presentation1.ppt), MYNETS/MYUSERS [127.0.0.1] [127.0.0.1] <test@test1.com> -> <testmail8@gmail.com>, quarantine: banned-25i0HUdXsVxH, Message-ID: <87adf5526cac8cbfa240556724fbdfb9@test1.com>, mail_id: 25i0HUdXsVxH, Hits: -9.998, size: 600681, queued_as: 1464180C45, 23106 ms
Aug  9 15:21:49 mail amavis[17119]: (17119-01) prolong_timer main_log_entry: remaining time = 458 s
Aug  9 15:21:49 mail amavis[17119]: (17119-01) sql begin transaction

Thanks,
Regards,
Mohan

21

Re: How to block attachments for specific users

Hi Zhang,

Kindly update I am not able to restrict mails with attachment type.

Thanks,
Regards,
Mohan.

22

Re: How to block attachments for specific users

mohan wrote:

I have now added the lines you have mentioned, and tried to send mail with attachment it is getting delivered, in maillog I can find "Passed_BANNED"

What did you change in amavisd.conf? Could you please show me the whole amavisd.conf? I'm really confused why it didn't work before.

To restrict different attachments, please open amavisd.conf and you will find samples.
It's good idea to do some research and try it yourself before asking and creating a new forum topic.