Thank you Noel for the details. I will take into accounts your warnings and have a look at amavisd-new docs.
On Thu, May 21, 2015 at 6:05 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 5/21/2015 9:26 AM, yoklar wrote: > > Hello, > > > > I have just setup a postfix mail server and I am very new to postfix. > > Today I have received several mails from `Content-filter` to my root > > account. I just want to figure out about what is going on. > > If I am posting wrong mail list please direct me to the correct list. > > Thanks > > > > ---------------------------------- > > > > Subject: BANNED contents (.exe,message_zdm.scr) in mail FROM LOCAL > > [77.29.219.106]:3811 <karatk...@heinemann.com > > <mailto:karatk...@heinemann.com>> > > > Looks as if you've configured amavisd-new as a content_filter, and > enabled the banned files feature. > > This is good, but pay attention to what you're doing. > > > > > No viruses were found. > > > > Banned name: .exe,message_zdm.scr > > Content type: Banned > > Details of the banned file attachment. An .scr file in an email is > almost certainly a virus, so appropriate to block them. > > > Internal reference code for the message is 30004-03/epBilsE5WZC7 > > This helps identify logging if you want to see details. > > > > > First upstream SMTP client IP address: [77.29.219.106] > > According to a 'Received:' trace, the message apparently originated at: > > [77.29.219.106], 192.168.1.188 > > > > Return-Path: <karatk...@heinemann.com> <mailto:karatk...@heinemann.com> > > From: "Eli D Martel" <eli.d.mar...@jpmorgan.com> <mailto: > eli.d.mar...@jpmorgan.com> > > Message-ID: <94966.308030@> > > Subject: You have received a new secure message > > details of the blocked message. > > > Not quarantined. > > Looks as if you don't have quarantine enabled. > > Generally you should enable quarantine so that mail isn't "lost". > False positives do happen, but this isn't one. > > > > > The message WAS NOT relayed to: > > <*******@onlinedry.com> <mailto:sukran...@onlinedry.com>: > > 554 5.7.0 Bounce, id=30004-03 - BANNED: .exe,message_zdm.scr > > > > > > Looks as if you've configured amavisd-new to BOUNCE unwanted mail. > This can cause unwanted bounces to forged senders possibly clogging > your queue and eventually get your server blacklisted as a > backscatter source. > > > header > > > > > > Return-Path: <karatk...@heinemann.com> <mailto:karatk...@heinemann.com> > > Received: from [77.29.219.106] (unknown [77.29.219.106]) > > by mail.onlinedry.com <http://mail.onlinedry.com> (Postfix) with > ESMTP id 70662E0697 > > for <*******@onlinedry.com> <mailto:sukran...@onlinedry.com>; > Thu, 21 May 2015 16:49:20 +0300 (EEST) > > Received: from (192.168.1.188) by (77.29.219.106) with Microsoft SMTP > Server id 8.0.685.24; Thu, 21 May 2015 14:49:43 +0100 > > Message-ID: <94966.308030@> > > Date: Thu, 21 May 2015 14:49:43 +0100 > > From: "Eli D Martel" <eli.d.mar...@jpmorgan.com> <mailto: > eli.d.mar...@jpmorgan.com> > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) > Gecko/20101103 Thunderbird/3.1.6 > > MIME-Version: 1.0 > > To: <sukraner...@onlinedry.com> <mailto:sukraner...@onlinedry.com> > > Subject: You have received a new secure message > > Content-Type: multipart/alternative; > > boundary="------------03070900401010101030903" > > > > > > -------------------------------------------------------- > > > > > For details on configuring amavisd-new, see the amavisd-new docs or > their users list. > > > -- Noel Jones > -- her sey akar..
