1

Topic: Banned file type checking ignored for outgoing emails

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0
- Deployed with iRedMail Easy or the downloadable installer?downloadable installer
- Linux/BSD distribution name and version: Centos 7.9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro?Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello.

I'm trying to define per user policy for specific mailbox.
When I uncheck "Enable banned file type checking" in iRedAdmin-pro, it has no effect for outgoing emails. The emails are still "Blocked BANNED" by amavis.
It seems that it works only for incoming emails.

How do I prevent banned file type checking also for outgoing emails for specific mailbox?

ORIGINATING section in amavis:
# Postfix will re-route mail from authenticated users to this port.
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {
    originating => 1,         # declare that mail was submitted by our smtp client
    allow_disclaimers => 1,   # enables disclaimer insertion if available
    enable_dkim_signing => 1,

    # notify administrator of locally originating malware
    spam_admin_maps  => ["root\@$mydomain"],
    # notify administrator of locally originating malware
    virus_admin_maps => ["root\@$mydomain"],
    spam_admin_maps  => ["root\@$mydomain"],
    bad_header_admin_maps => ["root\@$mydomain"],
    banned_admin_maps => ["root\@$mydomain"],
    warnbadhsender   => 0,
    warnbannedsender => 0,

    # force MTA conversion to 7-bit (e.g. before DKIM signing)
    smtpd_discard_ehlo_keywords => ['8BITMIME'],
    terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option

    # Bypass checks
    #bypass_spam_checks_maps => [1],    # don't check spam
    #bypass_virus_checks_maps => [1],   # don't check virus
    #bypass_banned_checks_maps => [1],  # don't check banned file names and types
    #bypass_header_checks_maps => [1],  # don't check bad header
};

2

Re: Banned file type checking ignored for outgoing emails

roccoro wrote:

- Manage mail accounts with iRedAdmin-Pro?Yes

iRedAdmin-Pro has 3 levels of spam policy settings:

- Per-user spam policy setting (in user profile page, under tab "Spam Policy"). Highest priority.
- Per-domain setting (in domain profile page)
- Global setting (from main navigation bar: "System -> Global Spam Policy"). Lowest priority.

Please make sure you don't have per-user, per-domain settings which overrides it.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

3

Re: Banned file type checking ignored for outgoing emails

I have global spam policy configured.

Now I want to define PER-USER spam policy for specific mailbox.

The problem is, that if I disable banned file type checking for specific user in per-user spam policy setting, this setting applies only for incoming emails but not for outgoing.

What I want to achieve?
I want to disable banned file type checking for specific user for incoming and outgoing emails.

How do I do that?

4

Re: Banned file type checking ignored for outgoing emails

roccoro wrote:

this setting applies only for incoming emails but not for outgoing.

Could you please turn on debug mode in Amavisd and double check whether it's applied?

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

5

Re: Banned file type checking ignored for outgoing emails

Amavisd log level=5
Logs in attachment.

Post's attachments

amavisd_logs.txt 64.05 kb, 2 downloads since 2021-09-20 

You don't have the permssions to download the attachments of this post.

6

Re: Banned file type checking ignored for outgoing emails

Hello.

Any news?
Could you please check logs in attachment (previous post)?

Thank you.

7

Re: Banned file type checking ignored for outgoing emails

Search "banned_namepath_re" in your log.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

8

Re: Banned file type checking ignored for outgoing emails

I do some tests.

Apparently Amavis always lookup only recipient mail address.

Zhang, it's possible to do opposite logic for originating emails by adding sql_select_policy into ORIGINATING policy bank? Something like this:

ORIGINATING section in amavis:
# Postfix will re-route mail from authenticated users to this port.
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {
    originating => 1,         # declare that mail was submitted by our smtp client
    allow_disclaimers => 1,   # enables disclaimer insertion if available
    enable_dkim_signing => 1,

    # notify administrator of locally originating malware
    spam_admin_maps  => ["root\@$mydomain"],
    # notify administrator of locally originating malware
    virus_admin_maps => ["root\@$mydomain"],
    spam_admin_maps  => ["root\@$mydomain"],
    bad_header_admin_maps => ["root\@$mydomain"],
    banned_admin_maps => ["root\@$mydomain"],
    warnbadhsender   => 0,
    warnbannedsender => 0,

    $sql_select_policy='SELECT *,users.id FROM users,policy WHERE (users.policy_id=policy.id) AND (users.email IN (%sender_address)) ORDER BY users.priority DESC',

    # force MTA conversion to 7-bit (e.g. before DKIM signing)
    smtpd_discard_ehlo_keywords => ['8BITMIME'],
    terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option

    # Bypass checks
    #bypass_spam_checks_maps => [1],    # don't check spam
    #bypass_virus_checks_maps => [1],   # don't check virus
    #bypass_banned_checks_maps => [1],  # don't check banned file names and types
    #bypass_header_checks_maps => [1],  # don't check bad header
};

9

Re: Banned file type checking ignored for outgoing emails

roccoro wrote:

Zhang, it's possible to do opposite logic for originating emails by adding sql_select_policy into ORIGINATING policy bank? Something like this:

You're free to customize the config file if it works for you. iRedMail will remain current config for now. Sorry.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee