Search found 18 matches

by iglooo
14 Feb 2019 19:32
Forum: Discussion
Topic: How to reject mail to unknown user instead of sending a bounce?
Replies: 0
Views: 20

How to reject mail to unknown user instead of sending a bounce?

There's countless bounces sent out every day by postfix in reply to spam sent to unknown users. How can we flat out reject said emails instead of sending a bounce to a (most likely) spammer? I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as...
by iglooo
14 Feb 2019 17:09
Forum: 3.x How-to
Topic: Email Details Invisible
Replies: 5
Views: 53

Re: Email Details Invisible

You mean message details on mailwatch? It might be this if you're running version 3 - viewtopic.php?f=13&t=3311
by iglooo
12 Feb 2019 14:22
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 119

Re: Releasing a password protected archive? (quarantine stored)

Swear to god that wasn't me haha. It's a relatively fresh hyperv install of 3.0.2.6 and I've only changed a handful of things Besides the default README file, there's nothing under /etc/MailScanner/conf.d pp.archive.rules lives in /etc/MailScanner/rules/ and here's the contents: FromOrTo: 127.0.0.1 ...
by iglooo
12 Feb 2019 00:06
Forum: 3.x How-to
Topic: Can't allow specific double extensions
Replies: 2
Views: 48

Re: Can't allow specific double extensions

Just tried your way and it still gets blocked. :/
Quarantine: /var/spool/MailScanner/quarantine/20190211/60EC6100105.AC00C
Report: MailScanner: Attempt to hide real filename extension (teest.doc.pdf)
by iglooo
12 Feb 2019 00:00
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 119

Re: Releasing a password protected archive? (quarantine stored)

Sorry henk :)

I've attached my mailscanner config, appreciate you taking the time to look at it!
by iglooo
11 Feb 2019 23:36
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 119

Re: Releasing a password protected archive? (quarantine stored)

Appreciate the input as always, hank! I've read every single thread about password protected archives on here, as well as elsewhere, and nothing really helps.

Is there any chance the server needs a reboot for the changes to take effect, because clearly restarting the mailscanner service does nothing
by iglooo
11 Feb 2019 22:27
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 119

Re: Releasing a password protected archive? (quarantine stored)

Anyone? I don't get why it's not accepting rulesets. Same thing with double extensions getting blocked despite me allowing select few.

Is this a bug or something, or have I messed up the mailscanner config somewhere?
by iglooo
11 Feb 2019 20:02
Forum: 3.x How-to
Topic: Can't allow specific double extensions
Replies: 2
Views: 48

Can't allow specific double extensions

I'm trying to allow .doc/.docx.pdf extensions but it doesn't work with the below configuration. What am I doing wrong? I've already restarted mailscanner and I'm using tabs for spaces. Feb 11 14:42:31 efaserv MailScanner[29811]: Filename Checks: Found possible filename hiding (E569E101301.AB8C0 tees...
by iglooo
07 Feb 2019 20:30
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 119

Re: Releasing a password protected archive? (quarantine stored)

I've tried adding a ruleset to allow localhost to receive password protected archives but that did nothing. Same with a ruleset to not scan viruses for localhost. Either way I just get a report about a blocked email, and maillog entries don't look any different no matter what I change Also followed ...
by iglooo
07 Feb 2019 16:42
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 119

Releasing a password protected archive? (quarantine stored)

Hey, Incoming password protected archives are automatically blocked which isn't a problem but we never receive the released message after *successfully* releasing them in mailwatch. The message doesn't show up in exchange server logs either. I also noticed that the "from" field gets changed to my em...
by iglooo
06 Feb 2019 19:59
Forum: 3.x Bugs
Topic: GeoIP not working
Replies: 8
Views: 482

Re: GeoIP not working

... And the file should be a link. [root@sansspam ~]# ls -l /usr/share/GeoIP/GeoLiteCountry.dat lrwxrwxrwx 1 root root 40 Apr 26 2018 /usr/share/GeoIP/GeoLiteCountry.dat -> /var/www/html/mailscanner/temp/GeoIP.dat Thanks for the updated database henk! Curious, why does GeoLiteCountry.dat have to be...
by iglooo
05 Feb 2019 18:43
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 253

Re: What happened after I released an email?

efa4 is still in testing right? Not a great idea to put something that's not final into production. Any idea when it's coming out?

And I did search for yara but nothing comprehensive came up
by iglooo
05 Feb 2019 17:33
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 253

Re: What happened after I released an email?

So I checked maillog again and somehow I missed this but there's countless log entries pertaining to the message loop: Jan 25 13:01:29 efaserv MailScanner[9710]: Virus Scanning: Found 1 viruses Jan 25 13:01:29 efaserv MailScanner[9710]: Spam Checks: Starting Jan 25 13:01:29 efaserv MailScanner[9710]...
by iglooo
04 Feb 2019 16:09
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 253

Re: What happened after I released an email?

Appreciate you chiming in Shawn! That makes sense. I've uploaded my transport settings and I don't have an outbound relay (is that what you're talking about?) set-up.

Should I be adding localhost to transport settings too?
by iglooo
01 Feb 2019 19:37
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 253

Re: What happened after I released an email?

Henk, here's a screenshot of the message:

It's the same thing over and over again, as you can see by the long scroll bar

Thanks for all your help!
by iglooo
31 Jan 2019 17:16
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 253

Re: What happened after I released an email?

Looks strange, I never had to release whitelisted mail.. ... Hey Henk! Appreciate your reply. I didn't NEED to release white listed mail, I just tried it because the initial email got blocked by exchange and I wanted to resend it. Any idea why it wouldn't resend it but instead create a flood of tho...
by iglooo
29 Jan 2019 20:20
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 253

Re: What happened after I released an email?

Anyone? It's really bugging me and I can't figure out
by iglooo
25 Jan 2019 20:01
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 253

What happened after I released an email?

I've just finished setting up efa in hyperv to work with our exchange 2013 server and ran into something a little odd.. The automated system emails from root@mydomain got flagged by exchange sender ID filter (before I disabled it) so I tried releasing one of them, and what followed was a flood of th...