EXIM Virus Rule --> fehler beim SMTP This message contains an unwanted file extension ()

Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
makeat
Posts: 39
Joined: 2005-12-19 00:08

EXIM Virus Rule --> fehler beim SMTP This message contains an unwanted file extension ()

Post by makeat » 2005-12-20 13:08

Code: Select all

  deny  senders = :
        hosts   = ! +relay_from_hosts
        !acl    = spf_from_acl
        message = Your sender is not permitted (read spf.pobox.com)

  # First unpack MIME containers and reject serious errors.
  deny  message = This message contains a MIME error ($demime_reason)
        demime = *
        condition = ${if >{$demime_errorlevel}{2}{1}{0}}
        
  # Reject typically wormish file extensions. There is almost no
  # sense in sending such files by email.
  deny  message = This message contains an unwanted file extension ($found_extension)
        bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url:key
  
  # Reject virus infested messages.
  warn  message = This message contains malware ($malware_name)
        malware = *
        log_message = This message contains malware ($malware_name)

  # Reject messages containing "viagra" in all kinds of whitespace/case combinations
  # WARNING: this is an example !
  # deny  message = This message matches a blacklisted regular expression ($regex_match_string)
  #      regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]

  # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
  # (user "nobody"), no matter if over threshold or not.
  warn  message = X-Spam-Score: $spam_score ($spam_bar)
        spam = vmail:true
  warn  message = X-Spam-Report: $spam_report
        spam = vmail

  # This code was derived from a post to exim-users by Alan J. Flavell:
  # http://www.exim.org/pipermail/exim-users/Week-of-Mon-20031201/063095.html
  deny  hosts           = emi.mail.pas.earthlink.net
        message         = X-PH-FW: leaky forwarder, $dnslist_domain=$dnslist_value
                          set acl_m4 = ${if match {$h_received:}
                                {N[(d+).(d+).(d+).(d+)])s+.*by 
                                emi.mail.pas.earthlink.netN}
                                {$4.$3.$2.$1}fail}
        dnslists        = sbl-xbl.spamhaus.org:list.dsbl.org:dynablock.njabl.org/$acl_m4

  deny  hosts           = emi.mail.pas.earthlink.net
        message         = Please use your FQDN for HELO
        condition       = ${if match {$h_received:}{Nhelo=d+.d+.d+.d+N}{yes}{no} }

Hallo wenn ich ne normale Nachricht über den SMTP senden will meldet er:

im Mail Log:

Code: Select all

2005-12-20 12:05:17 1EofIz-0002Cl-2G H=.cybertown.co.at ([192.168.0.4]) [212.236.16.***] F=<markus@******> rejected after DATA: This message contains an unwanted file extension ()
2005-12-20 12:05:32 1EofJE-0002Cn-2G H=.hh20.cybertown.co.at ([192.168.0.4]) [212.236.16.***] F=<markus@*****> rejected after DATA: This message contains an unwanted file extension ()
2005-12-20 12:05:35 1EofJH-0002Cp-DA H=.hh20.cybertown.co.at ([192.168.0.4]) [212.236.16.***] F=<markus@*****> rejected after DATA: This message contains an unwanted file extension ()
und im requec log :

Code: Select all

2005-12-20 12:05:17 1EofIz-0002Cl-2G H=****.hh20.cybertown.co.at ([192.168.0.4]) [212.236.16.***] F=<markus@****.com> rejected after DATA: This message contains an unwanted file extension ()
Envelope-from: <markus@******>
Envelope-to: <onemarkus@****.de>
P Received: from ****.hh20.cybertown.co.at ([212.236.16.****] helo=[192.168.0.4])
	by Xeon.make.at with esmtpa (Exim 4.50)
	id 1EofIz-0002Cl-2G
	for onemarkus@****.de; Tue, 20 Dec 2005 12:05:17 +0100
I Message-ID: <43A7F153.7090308@*****.com>
  Date: Tue, 20 Dec 2005 12:56:03 +0100
F From: Markus ***** <markus@****.com>
  User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
  X-Accept-Language: de-DE, de, en-us, en
  MIME-Version: 1.0
T To:  onemarkus@****.de
  Subject: Hallo
  Content-Type: text/plain; charset=ISO-8859-15; format=flowed
  Content-Transfer-Encoding: 7bit
2005-12-20 12:05:32 1EofJE-0002Cn-2G H=****.hh20.cybertown.co.at ([192.168.0.4]) [212.236.16.****] F=<markus@****.com> rejected after DATA: This message contains an unwanted file extension ()
Envelope-from: <markus@****.com>
Envelope-to: <onemarkus@****.de>
P Received: from ****.hh20.cybertown.co.at ([212.236.16.****] helo=[192.168.0.4])
	by Xeon.make.at with esmtpa (Exim 4.50)
	id 1EofJE-0002Cn-2G
	for onemarkus@****.de; Tue, 20 Dec 2005 12:05:32 +0100
I Message-ID: <43A7F169.4030104@****.com>
  Date: Tue, 20 Dec 2005 12:56:25 +0100
F From: Markus Lang <markus@*****.com>
  User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
  X-Accept-Language: de-DE, de, en-us, en
  MIME-Version: 1.0
T To:  onemarkus@****.de
  Subject: Hallo
  Content-Type: text/plain; charset=ISO-8859-15; format=flowed
  Content-Transfer-Encoding: 7bit
2005-12-20 12:05:35 1EofJH-0002Cp-DA H=****.hh20.cybertown.co.at ([192.168.0.4]) [212.236.16.***] F=<markus@*****.com> rejected after DATA: This message contains an unwanted file extension ()
Envelope-from: <markus@*****.com>
Envelope-to: <onemarkus@****.de>
P Received: from ***.hh20.cybertown.co.at ([212.236.16.****] helo=[192.168.0.4])
	by Xeon.make.at with esmtpa (Exim 4.50)
	id 1EofJH-0002Cp-DA
	for onemarkus@***.de; Tue, 20 Dec 2005 12:05:35 +0100
I Message-ID: <43A7F16C.4030101@*****.com>
  Date: Tue, 20 Dec 2005 12:56:28 +0100
F From: Markus Lang <markus@****.com>
  User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
  X-Accept-Language: de-DE, de, en-us, en
  MIME-Version: 1.0
T To:  onemarkus@****.de
  Subject: Hallo
  Content-Type: text/plain; charset=ISO-8859-15; format=flowed
  Content-Transfer-Encoding: 7bit
Was lauft falsch ?

makeat
Posts: 39
Joined: 2005-12-19 00:08

Re: EXIM Virus Rule --> fehler beim SMTP This message contains an unwanted file extension ()

Post by makeat » 2005-12-20 13:35

Code: Select all

  # Reject typically wormish file extensions. There is almost no
  # sense in sending such files by email.
  deny  message = This message contains an unwanted file extension ($found_extension)
        bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs
also ich vertehs nicht...

($found_extension) die Variable $found_extension wird nicht eingetragen....

hängt der script mit Perl zusammen kann das daran liegen wenn PERL.Template nicht installiert ist ?

makeat
Posts: 39
Joined: 2005-12-19 00:08

Re: EXIM Virus Rule --> fehler beim SMTP This message contains an unwanted file extension ()

Post by makeat » 2005-12-20 13:45

Problem behoben:

deny message = This message contains an unwanted file extension ($found_extension)
demime = scr:vbs:bat:lnk:pif:bz2

hab wieder das reingemacht und exim4 restarted und siehe da es geht.

Bitte welche Ã?ndung haut den Mailserver um ???

bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs

hat jemand die selbe erfahrung gemacht ?