info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Header Check Blocking Emails with "image001.jpg" attachment
352 views
Skip to first unread message
mightym...@gmail.com
May 26, 2017, 12:02:25 PM5/26/17
to
I have built a new Postfix server for spam and virus checking of emails before being passed on to an internal Exchange server. I had been running a rather old version 2.7 for sometime.
One thing that's happening on the new server is that it's blocking emails with the "image001.jpg" attachment, which the old one does not.
May 26 08:40:05 palinuxserv postfix/cleanup[11114]: A851E400F09: reject: header Content-Type: image/png; name="image001.png" from mail-oln040092006069.outbound.protection.outlook.com[40.92.6.69]; from=<aa...@bbbb.com> to=<xx...@yyyy.com> proto=ESMTP helo=<NAM03-BY2-obe.outbound.protection.outlook.com>: 5.7.1 message content rejected
I have a pretty simple regex file to block attachments:
/name=[^>]*\.(zip||ade|adp|bat|chm|cmd|com|cpl|exe|hta|ins|isp|jse|lib|lnk|mde|msc|msp|mst|pif|scr|sct|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh|rar|js|docm|dotm)/ REJECT
Nowhere in there is it set to block the jpg extension.
I do have postgrey, spamassassin and Clamav installed, but this error seems to be coming directly from Postfix itself.
This is my main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = xxxx.dddd.com
mydomain = dddd.com
myorigin = dddd.com
inet_interfaces = all
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
virtual_alias_maps = hash:/etc/postfix/virtual
unknown_local_recipient_reject_code = 550
mynetworks = 10.0.0.0/20 192.168.1.0/24 127.0.0.0/8
relay_domains = avemployment.ca,lists.avemployment.ca
relay_recipient_maps = hash:/etc/postfix/relay_recipients,hash:/etc/postfix/relay_recipients_mailing_lists
header_checks = regexp:/etc/postfix/header_checks
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
transport_maps = hash:/etc/postfix/transport
recipient_bcc_maps = hash:/etc/postfix/rcpt_bcc
content_filter = scan:127.0.0.1:10026
receive_override_options = no_address_mappings
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
smtpd_sender_restrictions =
hash:/etc/postfix/access,
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/blacklist_senders,
check_policy_service inet:127.0.0.1:60000,
permit
mime_header_checks = regexp:/etc/postfix/block_attachments
One thing that's happening on the new server is that it's blocking emails with the "image001.jpg" attachment, which the old one does not.
May 26 08:40:05 palinuxserv postfix/cleanup[11114]: A851E400F09: reject: header Content-Type: image/png; name="image001.png" from mail-oln040092006069.outbound.protection.outlook.com[40.92.6.69]; from=<aa...@bbbb.com> to=<xx...@yyyy.com> proto=ESMTP helo=<NAM03-BY2-obe.outbound.protection.outlook.com>: 5.7.1 message content rejected
I have a pretty simple regex file to block attachments:
/name=[^>]*\.(zip||ade|adp|bat|chm|cmd|com|cpl|exe|hta|ins|isp|jse|lib|lnk|mde|msc|msp|mst|pif|scr|sct|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh|rar|js|docm|dotm)/ REJECT
Nowhere in there is it set to block the jpg extension.
I do have postgrey, spamassassin and Clamav installed, but this error seems to be coming directly from Postfix itself.
This is my main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = xxxx.dddd.com
mydomain = dddd.com
myorigin = dddd.com
inet_interfaces = all
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
virtual_alias_maps = hash:/etc/postfix/virtual
unknown_local_recipient_reject_code = 550
mynetworks = 10.0.0.0/20 192.168.1.0/24 127.0.0.0/8
relay_domains = avemployment.ca,lists.avemployment.ca
relay_recipient_maps = hash:/etc/postfix/relay_recipients,hash:/etc/postfix/relay_recipients_mailing_lists
header_checks = regexp:/etc/postfix/header_checks
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
transport_maps = hash:/etc/postfix/transport
recipient_bcc_maps = hash:/etc/postfix/rcpt_bcc
content_filter = scan:127.0.0.1:10026
receive_override_options = no_address_mappings
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
smtpd_sender_restrictions =
hash:/etc/postfix/access,
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/blacklist_senders,
check_policy_service inet:127.0.0.1:60000,
permit
mime_header_checks = regexp:/etc/postfix/block_attachments
mightym...@gmail.com
May 26, 2017, 1:11:25 PM5/26/17
to
Further to this, it is also rejecting PDFs with a similar error.
--
Aaron Clausen
--
Aaron Clausen
mightym...@gmail.com
May 26, 2017, 2:13:29 PM5/26/17
to
And I solved it, it was right in the regular expression. Somehow I had doubled up the |, so that it ended up rejecting any kind of extension.
/name=[^>]*\.(zip||ade|adp|bat|chm|cmd|com|cpl|exe|hta|ins|isp|jse|lib|lnk|mde|msc|msp|mst|pif|scr|sct|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh|rar|js|docm|dotm)/ REJECT
Offending bit "(zip||ade|"
--
Aaron Clausen
/name=[^>]*\.(zip||ade|adp|bat|chm|cmd|com|cpl|exe|hta|ins|isp|jse|lib|lnk|mde|msc|msp|mst|pif|scr|sct|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh|rar|js|docm|dotm)/ REJECT
--
Aaron Clausen
0 new messages