DSN without attachment?
in [Postfix]
|
From: Noel Jones on 13 May 2010 08:19 On 5/13/2010 5:45 AM, Markus Schwengel wrote: >> please don't top-post. >> >> If you're using clamav-milter postfix will reject the mail with a >> milter-reject: log entry and no DSN is sent. >> >> So, what are you really doing? >> http://www.postfix.org/DEBUG_README.html#mail >> >> >> -- Noel Jones >> > > sorry about the posting style. > > I have the line "OnInfected Reject" in my mailter.conf > > postconf -n: > alias_maps = hash:/etc/aliases > allow_min_user = yes > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/lib/postfix > data_directory = /var/lib/postfix > defer_transports = > disable_dns_lookups = no > html_directory = no > mail_owner = postfix > mail_spool_directory = /var/mail > mailbox_size_limit = 102400000 > mailq_path = /usr/bin/mailq > manpage_directory = /usr/local/man > masquerade_classes = envelope_sender, header_sender, header_recipient > masquerade_domains = > masquerade_exceptions = root > message_size_limit = 102400000 > milter_default_action = accept > mydestination = $myhostname, localhost.$mydomain > myhostname =<HOSTNAME> > mynetworks = 192.168.0.0/16, 127.0.0.0/8 > newaliases_path = /usr/bin/newaliases > non_smtpd_milters = inet:192.168.10.250:7357 > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/packages/postfix/README_FILES > relayhost = 192.168.30.11 > relocated_maps = hash:/etc/postfix/relocated > sample_directory = /etc/postfix > sendmail_path = /usr/sbin/sendmail > setgid_group = postdrop > smtpd_client_restrictions = > smtpd_helo_required = no > smtpd_helo_restrictions = > smtpd_milters = inet:192.168.10.250:7357 > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_path = smtpd > smtpd_sender_restrictions = hash:/etc/postfix/access > smtpd_tls_security_level = may > strict_rfc821_envelopes = no > transport_maps = hash:/etc/postfix/transport, > ldap:/etc/postfix/transport_recipients > unknown_local_recipient_reject_code = 550 > > When a virus is found postfix sends a message like the one I posted > earlier. Is this not a DSN generated by postfix? I'm confused... We need to see log entries of an entire infected message transaction.
From: Markus Schwengel on 14 May 2010 04:19 On Thu, May 13, 2010 at 14:19, Noel Jones <njones(a)megan.vbhcs.org> wrote: > On 5/13/2010 5:45 AM, Markus Schwengel wrote: >>> >>> please don't top-post. >>> >>> If you're using clamav-milter postfix will reject the mail with a >>> milter-reject: log entry and no DSN is sent. >>> >>> So, what are you really doing? >>> http://www.postfix.org/DEBUG_README.html#mail >>> >>> >>> Â -- Noel Jones >>> >> >> sorry about the posting style. >> >> I have the line "OnInfected Reject" in my mailter.conf >> >> postconf -n: >> alias_maps = hash:/etc/aliases >> allow_min_user = yes >> broken_sasl_auth_clients = yes >> command_directory = /usr/sbin >> config_directory = /etc/postfix >> daemon_directory = /usr/lib/postfix >> data_directory = /var/lib/postfix >> defer_transports = >> disable_dns_lookups = no >> html_directory = no >> mail_owner = postfix >> mail_spool_directory = /var/mail >> mailbox_size_limit = 102400000 >> mailq_path = /usr/bin/mailq >> manpage_directory = /usr/local/man >> masquerade_classes = envelope_sender, header_sender, header_recipient >> masquerade_domains = >> masquerade_exceptions = root >> message_size_limit = 102400000 >> milter_default_action = accept >> mydestination = $myhostname, localhost.$mydomain >> myhostname =<HOSTNAME> >> mynetworks = 192.168.0.0/16, 127.0.0.0/8 >> newaliases_path = /usr/bin/newaliases >> non_smtpd_milters = inet:192.168.10.250:7357 >> queue_directory = /var/spool/postfix >> readme_directory = /usr/share/doc/packages/postfix/README_FILES >> relayhost = 192.168.30.11 >> relocated_maps = hash:/etc/postfix/relocated >> sample_directory = /etc/postfix >> sendmail_path = /usr/sbin/sendmail >> setgid_group = postdrop >> smtpd_client_restrictions = >> smtpd_helo_required = no >> smtpd_helo_restrictions = >> smtpd_milters = inet:192.168.10.250:7357 >> smtpd_recipient_restrictions = permit_mynetworks, >> permit_sasl_authenticated, Â reject_unauth_destination >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_authenticated_header = yes >> smtpd_sasl_path = smtpd >> smtpd_sender_restrictions = hash:/etc/postfix/access >> smtpd_tls_security_level = may >> strict_rfc821_envelopes = no >> transport_maps = hash:/etc/postfix/transport, >> ldap:/etc/postfix/transport_recipients >> unknown_local_recipient_reject_code = 550 >> >> When a virus is found postfix sends a message like the one I posted >> earlier. Is this not a DSN generated by postfix? I'm confused... > > > We need to see log entries of an entire infected message transaction. > > > here you go: postfix/pickup[9871]: 445AE1EAEB1: uid=33 from=<SENDER> postfix/cleanup[9878]: 445AE1EAEB1: message-id=<1273824671.91686-9548(a)HOST> postfix/cleanup[9878]: 445AE1EAEB1: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: \ 5.7.1 Virus Eicar-Test-Signature found!; from=<SENDER> to=<RECEIVER> postfix/cleanup[9878]: 445AE1EAEB1: to=<RECEIVER>, orig_to=<@HOST:RECEIVER>, relay=none, delay=0.11, \ delays=0.11/0/0/0, dsn=5.7.1, status=bounced (Virus Eicar-Test-Signature found!) postfix/cleanup[9882]: 5CFE71EAEB3: message-id=<20100514081111.5CFE71EAEB3(a)HOST> postfix/qmgr[9870]: 5CFE71EAEB3: from=<>, size=2559, nrcpt=1 (queue active) postfix/bounce[9880]: 445AE1EAEB1: sender non-delivery notification: 5CFE71EAEB3 postfix/smtp[9883]: 5CFE71EAEB3: to=<SENDER>, relay=192.168.30.11[192.168.30.11]:25, delay=0.07, \ delays=0.02/0.01/0/0.04, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5F8193955D9) postfix/qmgr[9870]: 5CFE71EAEB3: removed
From: Larry Stone on 14 May 2010 07:44 On 5/14/10 3:19 AM, Markus Schwengel at markus.schwengel(a)googlemail.com wrote: >>> When a virus is found postfix sends a message like the one I posted >>> earlier. Is this not a DSN generated by postfix? I'm confused... >> >> >> We need to see log entries of an entire infected message transaction. >> >> >> > > > here you go: > > postfix/pickup[9871]: 445AE1EAEB1: uid=33 from=<SENDER> > postfix/cleanup[9878]: 445AE1EAEB1: message-id=<1273824671.91686-9548(a)HOST> > postfix/cleanup[9878]: 445AE1EAEB1: milter-reject: END-OF-MESSAGE from > localhost[127.0.0.1]: \ > 5.7.1 Virus Eicar-Test-Signature found!; from=<SENDER> to=<RECEIVER> > postfix/cleanup[9878]: 445AE1EAEB1: to=<RECEIVER>, > orig_to=<@HOST:RECEIVER>, relay=none, delay=0.11, \ > delays=0.11/0/0/0, dsn=5.7.1, status=bounced (Virus > Eicar-Test-Signature found!) > postfix/cleanup[9882]: 5CFE71EAEB3: > message-id=<20100514081111.5CFE71EAEB3(a)HOST> > postfix/qmgr[9870]: 5CFE71EAEB3: from=<>, size=2559, nrcpt=1 (queue active) > postfix/bounce[9880]: 445AE1EAEB1: sender non-delivery notification: > 5CFE71EAEB3 > postfix/smtp[9883]: 5CFE71EAEB3: to=<SENDER>, > relay=192.168.30.11[192.168.30.11]:25, delay=0.07, \ > delays=0.02/0.01/0/0.04, dsn=2.0.0, status=sent (250 2.0.0 Ok: > queued as 5F8193955D9) > postfix/qmgr[9870]: 5CFE71EAEB3: removed Looks like this message is originating locally so your Postfix is acting as both client (sending) and server (receiving) for the message. So yes, Postfix is generating that DSN but it's doing so as the sending Postfix. Try testing with a message originating externally and you should see your local Postfix reject the message, not accept it and then generate a DSN. -- Larry Stone lstone19(a)stonejongleux.com http://www.stonejongleux.com/
From: Markus Schwengel on 14 May 2010 08:08 On Fri, May 14, 2010 at 13:44, Larry Stone <lstone19(a)stonejongleux.com> wrote: > On 5/14/10 3:19 AM, Markus Schwengel at markus.schwengel(a)googlemail.com > wrote: > > >>>> When a virus is found postfix sends a message like the one I posted >>>> earlier. Is this not a DSN generated by postfix? I'm confused... >>> >>> >>> We need to see log entries of an entire infected message transaction. >>> >>> >>> >> >> >> here you go: >> >> postfix/pickup[9871]: 445AE1EAEB1: uid=33 from=<SENDER> >> postfix/cleanup[9878]: 445AE1EAEB1: message-id=<1273824671.91686-9548(a)HOST> >> postfix/cleanup[9878]: 445AE1EAEB1: milter-reject: END-OF-MESSAGE from >> localhost[127.0.0.1]: \ >> Â 5.7.1 Virus Eicar-Test-Signature found!; from=<SENDER> to=<RECEIVER> >> postfix/cleanup[9878]: 445AE1EAEB1: to=<RECEIVER>, >> orig_to=<@HOST:RECEIVER>, relay=none, delay=0.11, \ >> Â delays=0.11/0/0/0, dsn=5.7.1, status=bounced (Virus >> Eicar-Test-Signature found!) >> postfix/cleanup[9882]: 5CFE71EAEB3: >> message-id=<20100514081111.5CFE71EAEB3(a)HOST> >> postfix/qmgr[9870]: 5CFE71EAEB3: from=<>, size=2559, nrcpt=1 (queue active) >> postfix/bounce[9880]: 445AE1EAEB1: sender non-delivery notification: >> 5CFE71EAEB3 >> postfix/smtp[9883]: 5CFE71EAEB3: to=<SENDER>, >> relay=192.168.30.11[192.168.30.11]:25, delay=0.07, \ >> Â delays=0.02/0.01/0/0.04, dsn=2.0.0, status=sent (250 2.0.0 Ok: >> queued as 5F8193955D9) >> postfix/qmgr[9870]: 5CFE71EAEB3: removed > > Looks like this message is originating locally so your Postfix is acting as > both client (sending) and server (receiving) for the message. So yes, > Postfix is generating that DSN but it's doing so as the sending Postfix. Try > testing with a message originating externally and you should see your local > Postfix reject the message, not accept it and then generate a DSN. > > -- > Larry Stone > lstone19(a)stonejongleux.com > http://www.stonejongleux.com/ > > > True, the message is generated locally. But this is exactly what I need. So the question remains the same: How can i tell postfix to not include the original message in the DSN or at least strip the attachment?
From: Wietse Venema on 14 May 2010 08:46 Markus Schwengel: > > True, the message is generated locally. But this is exactly what I need. > > So the question remains the same: How can i tell postfix to not > include the original message in the DSN or at least strip the > attachment? You can submit the message with "sendmail -N never" and get no DSN at all. Postfix currently doesn't implement the Sendmail "-R" command-line option that controls whether a DSN returns a "full" or "headers only" message. This option should be implemented when time is available. Currently, it is silently ignored to avoid breaking programs. Wietse
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: virtual_alias_maps Next: Encoded attack using cyrus sasl |