On 5/21/2015 9:26 AM, yoklar wrote: > Hello, > > I have just setup a postfix mail server and I am very new to postfix. > Today I have received several mails from `Content-filter` to my root > account. I just want to figure out about what is going on. > If I am posting wrong mail list please direct me to the correct list. > Thanks > > ---------------------------------- > > Subject: BANNED contents (.exe,message_zdm.scr) in mail FROM LOCAL > [77.29.219.106]:3811 <karatk...@heinemann.com > <mailto:karatk...@heinemann.com>>
Looks as if you've configured amavisd-new as a content_filter, and enabled the banned files feature. This is good, but pay attention to what you're doing. > > No viruses were found. > > Banned name: .exe,message_zdm.scr > Content type: Banned Details of the banned file attachment. An .scr file in an email is almost certainly a virus, so appropriate to block them. > Internal reference code for the message is 30004-03/epBilsE5WZC7 This helps identify logging if you want to see details. > > First upstream SMTP client IP address: [77.29.219.106] > According to a 'Received:' trace, the message apparently originated at: > [77.29.219.106], 192.168.1.188 > > Return-Path: <karatk...@heinemann.com> <mailto:karatk...@heinemann.com> > From: "Eli D Martel" <eli.d.mar...@jpmorgan.com> > <mailto:eli.d.mar...@jpmorgan.com> > Message-ID: <94966.308030@> > Subject: You have received a new secure message details of the blocked message. > Not quarantined. Looks as if you don't have quarantine enabled. Generally you should enable quarantine so that mail isn't "lost". False positives do happen, but this isn't one. > > The message WAS NOT relayed to: > <*******@onlinedry.com> <mailto:sukran...@onlinedry.com>: > 554 5.7.0 Bounce, id=30004-03 - BANNED: .exe,message_zdm.scr > > Looks as if you've configured amavisd-new to BOUNCE unwanted mail. This can cause unwanted bounces to forged senders possibly clogging your queue and eventually get your server blacklisted as a backscatter source. > header > > > Return-Path: <karatk...@heinemann.com> <mailto:karatk...@heinemann.com> > Received: from [77.29.219.106] (unknown [77.29.219.106]) > by mail.onlinedry.com <http://mail.onlinedry.com> (Postfix) with ESMTP > id 70662E0697 > for <*******@onlinedry.com> <mailto:sukran...@onlinedry.com>; Thu, 21 > May 2015 16:49:20 +0300 (EEST) > Received: from (192.168.1.188) by (77.29.219.106) with Microsoft SMTP Server > id 8.0.685.24; Thu, 21 May 2015 14:49:43 +0100 > Message-ID: <94966.308030@> > Date: Thu, 21 May 2015 14:49:43 +0100 > From: "Eli D Martel" <eli.d.mar...@jpmorgan.com> > <mailto:eli.d.mar...@jpmorgan.com> > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) > Gecko/20101103 Thunderbird/3.1.6 > MIME-Version: 1.0 > To: <sukraner...@onlinedry.com> <mailto:sukraner...@onlinedry.com> > Subject: You have received a new secure message > Content-Type: multipart/alternative; > boundary="------------03070900401010101030903" > > > -------------------------------------------------------- > For details on configuring amavisd-new, see the amavisd-new docs or their users list. -- Noel Jones
