Senkinek sincs semmi otlete?? :((((
Esetleg a neten merre talalhatok valami megoldast ??
Mar kereselem egy ideje.
Az is jo lenne, ha az exim amikor kirakja a maildirekbe
a levelet, akkor hajtson vegre viruselenorzest, es ha virusos, akkor dobja vissza a feladonak az egesz levelet.
Szerintem jo lesz elore is koszi.
Esetleg nemi infot a beallitas/telepiteshez is.
Gondolom a felszorolt csomagokhoz felkel meg
raknom az apt-get install maildrop.
Az Eximben kell ehez konfiguralni valamit??
Koszi a segitseget. (idohiany miatt csak most sikerult folytatnom)
A mellekelt configok alapjan vegul is sikerult beloni a .milfilter-t.
(a user ho,e-ba kellet raknom a .mailfilter filet, de nem tudom, hogy
a /etc/maildroprc-ben mert nem fogadja el??)
Kerdesem az, megoldhato, hogy a maildropp altal lenyelt levelekrol
ertesitest kuldjek a felado/es vagy cimzettnek??
A maildropos megoldassal szart sem ersz mert a kimeno leveleket nem fogja megnezni. Inkabb a data acl-edben nezelodjel, hogy mi az ami meg a virusokra vonatkozo kriteriumok elott megengedi a levelnek, hogy kimenjen.
A data_acl ben nem talalok, semmi bejegyzest, ami miatt ki kellene engednie a virusos levelet.
Az az erdekes, hogy amikor a klinsgepen pl. mozilllabol, outlook (pop3) kuldom a levelett, akkor nem kuldi el a virusos mellekletet, de viszont a squirrelmail viszont siman elkuldi a virusis mellekletet. Es meg is kaapja a locall user.
Tehat sem a kimeno/bejovo oldalon nem vegez virusellenorzest???
[code:1:8669c6b4e2]
40_exim4-config_check_data
acl_check_data:
# Deny unless the address list headers are syntactically correct.
# If you enable this, you might reject legitimate mail.
.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_whitelist_local_deny
!verify = header_syntax
.endif
# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_whitelist_local_deny
!verify = header_sender
.endif
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
# Reject messages containing malware.
deny message = This message contains a virus ($malware_name) and has been rejected
demime = *
malware = *
log_message = MALWARE: $malware_name
# Reject file extensions used by worms.
# Note that the extension list may be incomplete.
deny message = This domain has a policy of not accepting certain types of attachments \
in mail as they may contain a virus. This mail has a file with a .$found_extension \
attachment and is not accepted. If you have a legitimate need to send \
this particular attachment, send it in a compressed archive, and it will \
then be forwarded to the recipient.
demime = exe:com:vbs:bat:pif:scr
# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
[code:1:c3123846ce]virtual_local_user_imap_maildrop:
domains = ${lookup mysql {MYSQL_USER_IMAP}{$value}}
require_files = /var/spool/mail/${domain}/${local_part}/.mailfilter:+/usr/bin/maildrop
transport_home_directory = "/var/spool/mail/${domain}/${local_part}"
driver = accept
transport = virtual_delivery_imap_maildrop_pipe
virtual_local_user_imap:
domains = ${lookup mysql {MYSQL_USER_IMAP}{$value}}
driver = accept
transport = virtual_delivery_imap[/code:1:c3123846ce]
exim.conf, transport-ok:
[code:1:c3123846ce]virtual_delivery_imap:
driver = appendfile
directory = /var/spool/mail/${domain}/${local_part}/Maildir
user = mail
group = mail
mode = 0660
maildir_format
Nem vagyok guru, par honapja kezdtem el foglalkozni vele.
A problémám a következő, probálunk összedobni, egy belső levelező szervert a melohelyen, de azt nem sikerult beallitani, hogy a squirrelmailbol kuldott (vagy beerkezett) leveleken vegezzen viruskeresest. POP3 kliensnel, mukodik a viruskereses, el sem kuldi, a virusos levelet.
A rendszer:
DEBIAN SARGE
EXIM4 (maildir)
courier-imap
courier-pop
squirrelmail
clamav
deny message = This domain has a policy of not accepting certain types of attachments \
in mail as they may contain a virus. This mail has a file with a .$found_extension \
attachment and is not accepted. If you have a legitimate need to send \
this particular attachment, send it in a compressed archive, and it will \
then be forwarded to the recipient.
demime = exe:com:vbs:bat:pif:scr
deny message = This message contains a virus ($malware_name) and has been rejected
demime = *
malware = *
log_message = MALWARE: $malware_name
Nincs senkinek semmi otlete, hogy mi lehet a problema :-((((
Eddig meg nem talatam meg a hibat, valami otlet legalabb, hogy merre keresgeljek megoldas utan???
Reszlet az EXIM4 logjabol
1: pop3 kliensbil valo mail kuldes (nem engedi a virusos levelet elkuldeni)
2: squirellmail-bol valo kuldes (elkuldi a virusos levelet)
Hozzászólások
Senkinek sincs semmi otlete?? :((((
Esetleg a neten merre talalhatok valami megoldast ??
Mar kereselem egy ideje.
Az is jo lenne, ha az exim amikor kirakja a maildirekbe
a levelet, akkor hajtson vegre viruselenorzest, es ha virusos, akkor dobja vissza a feladonak az egesz levelet.
[quote:2bf0bbba28="ace"]es ha virusos, akkor dobja vissza a feladonak az egesz levelet.
Ennek semmi ertelme, mivel mar majdnem minden virus nem a "valodi" feladot irja oda.
Nekem amugy maildir-ben van .mailfiter file maildrop-hoz, azzal ellenorzok virust, ha ez megfelel, szivesen bepastezom a config-okat.
udv
Hasonló cipőben járok, engem is érdekelne a megoldás.
Szerintem jo lesz elore is koszi.
Esetleg nemi infot a beallitas/telepiteshez is.
Gondolom a felszorolt csomagokhoz felkel meg
raknom az apt-get install maildrop.
Az Eximben kell ehez konfiguralni valamit??
Koszi a segitseget. (idohiany miatt csak most sikerult folytatnom)
A mellekelt configok alapjan vegul is sikerult beloni a .milfilter-t.
(a user ho,e-ba kellet raknom a .mailfilter filet, de nem tudom, hogy
a /etc/maildroprc-ben mert nem fogadja el??)
Kerdesem az, megoldhato, hogy a maildropp altal lenyelt levelekrol
ertesitest kuldjek a felado/es vagy cimzettnek??
A maildropos megoldassal szart sem ersz mert a kimeno leveleket nem fogja megnezni. Inkabb a data acl-edben nezelodjel, hogy mi az ami meg a virusokra vonatkozo kriteriumok elott megengedi a levelnek, hogy kimenjen.
A data_acl ben nem talalok, semmi bejegyzest, ami miatt ki kellene engednie a virusos levelet.
Az az erdekes, hogy amikor a klinsgepen pl. mozilllabol, outlook (pop3) kuldom a levelett, akkor nem kuldi el a virusos mellekletet, de viszont a squirrelmail viszont siman elkuldi a virusis mellekletet. Es meg is kaapja a locall user.
Tehat sem a kimeno/bejovo oldalon nem vegez virusellenorzest???
[code:1:8669c6b4e2]
40_exim4-config_check_data
acl_check_data:
# Deny unless the address list headers are syntactically correct.
# If you enable this, you might reject legitimate mail.
.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_whitelist_local_deny
!verify = header_syntax
.endif
# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_whitelist_local_deny
!verify = header_sender
.endif
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
# Deny viruses.
deny message = Message contains malware or a virus ($malware_name).
log_message = $sender_host_address tried sending $malware_name
demime = *
malware = *
# Reject messages containing malware.
deny message = This message contains a virus ($malware_name) and has been rejected
demime = *
malware = *
log_message = MALWARE: $malware_name
# Reject file extensions used by worms.
# Note that the extension list may be incomplete.
deny message = This domain has a policy of not accepting certain types of attachments \
in mail as they may contain a virus. This mail has a file with a .$found_extension \
attachment and is not accepted. If you have a legitimate need to send \
this particular attachment, send it in a compressed archive, and it will \
then be forwarded to the recipient.
demime = exe:com:vbs:bat:pif:scr
# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# accept otherwise
accept
[/code:1:8669c6b4e2]
exim.conf, router-ek:
[code:1:c3123846ce]virtual_local_user_imap_maildrop:
domains = ${lookup mysql {MYSQL_USER_IMAP}{$value}}
require_files = /var/spool/mail/${domain}/${local_part}/.mailfilter:+/usr/bin/maildrop
transport_home_directory = "/var/spool/mail/${domain}/${local_part}"
driver = accept
transport = virtual_delivery_imap_maildrop_pipe
virtual_local_user_imap:
domains = ${lookup mysql {MYSQL_USER_IMAP}{$value}}
driver = accept
transport = virtual_delivery_imap[/code:1:c3123846ce]
exim.conf, transport-ok:
[code:1:c3123846ce]virtual_delivery_imap:
driver = appendfile
directory = /var/spool/mail/${domain}/${local_part}/Maildir
user = mail
group = mail
mode = 0660
maildir_format
virtual_delivery_imap_maildrop_pipe:
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop /var/spool/mail/${domain}/${local_part}/.mailfilter"
return_path_add
delivery_date_add
envelope_to_add[/code:1:c3123846ce]
.mailfilter, virtualis juzer home-jaban:
[code:1:c3123846ce]import HOME
SHELL="/bin/bash"
MAILDIR="$HOME/Maildir"
xfilter "/usr/bin/spamc -u mail"
xfilter "/usr/bin/clamassassin"
if( /X-Spam-Status: Yes/ )
{
to $MAILDIR/.junk
}
if( /X-Virus-Status: Yes/ )
{
to $MAILDIR/.junk
}
to $MAILDIR/
[/code:1:c3123846ce]
Sziasztok.
Nem vagyok guru, par honapja kezdtem el foglalkozni vele.
A problémám a következő, probálunk összedobni, egy belső levelező szervert a melohelyen, de azt nem sikerult beallitani, hogy a squirrelmailbol kuldott (vagy beerkezett) leveleken vegezzen viruskeresest. POP3 kliensnel, mukodik a viruskereses, el sem kuldi, a virusos levelet.
A rendszer:
DEBIAN SARGE
EXIM4 (maildir)
courier-imap
courier-pop
squirrelmail
clamav
Exim4 config:
main/01_exim4-config_listmacrosdefs
..
av_scanner = clamd:/var/run/clamav/clamd.ctl
..
### acl/40_exim4-config_check_data
acl_check_data:
..
..
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This domain has a policy of not accepting certain types of attachments \
in mail as they may contain a virus. This mail has a file with a .$found_extension \
attachment and is not accepted. If you have a legitimate need to send \
this particular attachment, send it in a compressed archive, and it will \
then be forwarded to the recipient.
demime = exe:com:vbs:bat:pif:scr
deny message = This message contains a virus ($malware_name) and has been rejected
demime = *
malware = *
log_message = MALWARE: $malware_name
# accept otherwise
accept
Udv.: ace
Sziasztok!
Nincs senkinek semmi otlete, hogy mi lehet a problema :-((((
Eddig meg nem talatam meg a hibat, valami otlet legalabb, hogy merre keresgeljek megoldas utan???
Reszlet az EXIM4 logjabol
1: pop3 kliensbil valo mail kuldes (nem engedi a virusos levelet elkuldeni)
2: squirellmail-bol valo kuldes (elkuldi a virusos levelet)
[code:1:4f5e6233c4]
2005-11-09 07:49:03 1EZjlX-0001A5-2M H=(domain.xy) [192.168.x.y] F=<hnorbert@domain.xy> rejected after DATA: 192.168.x.y tried sending Eicar-Test-Signature
2005-11-09 08:05:29 1EZk1R-0001BM-KT <= hnorbert@domain.xy U=www-data P=local S=1349 id=1271.192.168.x.y.1131519929.squirrel@diws
2005-11-09 08:05:29 1EZk1R-0001BM-KT => hnorbert <hnorbert@domain.xy> R=local_user T=maildir_home
2005-11-09 08:05:29 1EZk1R-0001BM-KT Completed
[/code:1:4f5e6233c4]