From: Ricardo Pardini (no email)
Date: Tue Mar 01 2005 - 00:21:00 EST
Hello,
I'm running Postfix + Amavisd-new on a few boxes. On all of them,
testing amavisd-new standalone works as expected (I have
$final_virus_destiny = D_REJECT, and mail is rejected):
$ telnet localhost 10024
Trying 127.0.0.1...
Connected to themachine.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
helo me
...mail from, rcpt to...
250 2.1.5 Recipient OK
data
354 End data with <CR><LF>.<CR><LF>
... mime attached eicar virus ...
.
550 5.7.1 Message content rejected, id=25760-01 - VIRUS: EICAR test file
So I setup Postfix to filter mail thru it (I tried both
"content_filter", and "smtpd_recipient_restrictions =
check_recipient_access ..."). The problem here is that when I connect to
postfix (on port 25), and send the same data, Postfix queues the message:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to themachine.
Escape character is '^]'.
220 smtp.themachine.net ESMTP Postfix (Debian/GNU)
...helo, mail from, rcpt to...
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
... mime attached eicar virus ...
.
250 Ok: queued as E6617AF4011
Everything else works as expected (amavisd-new quarantines the
message, notifies admins, etc, also I think a bounce is generated).
In my mail.info logfile:
Mar 1 02:05:38 themachine postfix/smtp[26555]: E6617AF4011:
to=<>, relay=127.0.0.1[127.0.0.1], delay=14, status=bounced
(host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message content rejected,
id=26403-01 - VIRUS: EICAR test file (in reply to end of DATA command))
I'm sure the mail is getting through the filter; but if I understood
well, Postfix should reject the message (just as plain amavisd-new does)
with a 550, and not accept it with a "250 Ok". Did I get that right? At
least that is what Mr. Haas says in his helpful documents at
workaround.org: "The sender is faked in most cases. [...] But if you use
D_REJECT the SMTP session will be aborted while you are geting viruses.
So the real (!) sender will get a mail-delivery failure notification.
That's a great feature."
I'm using postfix 2.1.5-6 Debian Package, and amavisd-new
20030616p10-5 also Debian package.
On another host I have slightly different versions and get the same
behaviour...
Thanks for the patience and help,
Ricardo Pardini
|
|
|