Mailing List Archive

exim4
Hello,


Well, I sent me a mail with an *.exe as attachements.
In my system-filter.exim, I asked exim4 to reject exe, pif, src etcetc.
It seems to be done. But , I have no message that this mail was rejected.

How, as recipient, I can be informed that someone tried to send me a
mail with an attachment ?

Here is exim4.conf in main:


#!!# message_filter renamed system_filter
system_filter = /etc/exim4/system_filter.exim
message_body_visible = 5000
#!!# message_filter_reply_transport renamed system_filter_reply_transport
system_filter_reply_transport = address_reply


and by the way, clamav seems not work :
av_scanner = clamd:/var/run/clamav/clamd.pid


Here is my system_filter.exim:
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename
[content_type_quoted_fn_match]
if $header_content-type: matches
"(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp
|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
then
mail to $return_path
subject "Mail rejected: Executable attachment $1 not permitted."
text "Your message to $h_to: has been rejected because it has\n\
potentially executable content $1."
file /etc/exim/attachment-reject.txt
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches
"(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|h
ta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
then
mail to $return_path
subject "Mail rejected: Executable attachment $1 not permitted."
text "Your message to $h_to: has been rejected because it has\n\
potentially executable content $1."
file /etc/exim/attachment-reject.txt
seen finish
endif


Thanks

Franck
Re: exim4 [ In reply to ]
fhuet schrieb:

> Hello,
>
>
> Well, I sent me a mail with an *.exe as attachements.
> In my system-filter.exim, I asked exim4 to reject exe, pif, src etcetc.
> It seems to be done. But , I have no message that this mail was rejected.
>
> How, as recipient, I can be informed that someone tried to send me a
> mail with an attachment ?

Just parse the rejectlog for the relevant entries, compose a message to
your liking and send it to the original recipient. All the infos needed
(sender, recipient, etc.) are in the rejectlog entry.

But please don't send ndrs to the purported sender. Virusses these days
send themselves with a faked sender address, and people don't like to be
informed about rejected mail they've never sent. This is called
collateral spam. Just reject at smtp time with a proper error message
and that's it. The mimce acl let's you achieve what you do in a better
way. Put something like this into it:

deny
message = Win/DOS Executable found.
log_message = Dangerous attachment $mime_filename found
condition = ${if match{${lc:$mime_filename}} \
{.*\\.(com|exe|pif|scr|bat)\$}
{yes}{no}}

Check the exiscan documentation for more details. The archive is also
full of snippets.


Patrick
Re: exim4 [ In reply to ]
On Fri, 25 Feb 2005 15:19:35 +0100, fhuet <fhuet@boursorama.fr> wrote:
>But , I have no message that this mail was rejected.

What do your logs say for the appropriate time frame?

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Re: exim4 [ In reply to ]
here is my paniclog :
005-02-25 16:42:48 1D4hby-0005sh-9W User 0 set for address_reply
transport is on the never_users list
2005-02-25 16:43:17 1D4hcZ-0005tk-U3 User 0 set for address_reply
transport is on the never_users list
2005-02-25 16:43:26 1D4hci-0005u1-TH User 0 set for address_reply
transport is on the never_users list
2005-02-25 16:43:40 1D4hcx-0005uP-8j User 0 set for address_reply
transport is on the never_users list
2005-02-25 16:43:54 1D4hdA-0005up-GN User 0 set for address_reply
transport is on the never_users list

What does it means ?

And exe file are not rejected in fact. I received it 30min after sending
it ...

I think that my exim does not do its work wery nice ..


Marc Haber wrote:

>On Fri, 25 Feb 2005 15:19:35 +0100, fhuet <fhuet@boursorama.fr> wrote:
>
>
>>But , I have no message that this mail was rejected.
>>
>>
>
>What do your logs say for the appropriate time frame?
>
>Greetings
>Marc
>
>
>


--
Franck Huet
Administrateur Unix
Boursorama
Tel : 01-46-09-48-17
Re: exim4 [ In reply to ]
On Fri, 25 Feb 2005 16:46:07 +0100, fhuet <fhuet@boursorama.fr> wrote:
>here is my paniclog :
>005-02-25 16:42:48 1D4hby-0005sh-9W User 0 set for address_reply
>transport is on the never_users list
>2005-02-25 16:43:17 1D4hcZ-0005tk-U3 User 0 set for address_reply
>transport is on the never_users list
>2005-02-25 16:43:26 1D4hci-0005u1-TH User 0 set for address_reply
>transport is on the never_users list
>2005-02-25 16:43:40 1D4hcx-0005uP-8j User 0 set for address_reply
>transport is on the never_users list
>2005-02-25 16:43:54 1D4hdA-0005up-GN User 0 set for address_reply
>transport is on the never_users list
>
>What does it means ?

I am not a hundert percent sure, but it looks like you're not
specifying an account in the address reply transport, and exim refuses
to do what you want it to do while having root privileges.

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Re: Exim4 [ In reply to ]
On Thursday 22 February 2007 21:21, James W. Davis wrote:
> I want to setup the mail server to handle the mail for multiple domains. (I
> own 6 domains all hosted on the same server) I want to have it allow
> multiple mailboxes for each site for example
>
> webmaster@
> support@
> sales@
> orders@
> listserv@
> firstname.lastname@

Well, this is pretty basic and there are many ways to accomplish it, but it's
not certain that you will find a complete step-by-step guide that fits your
needs perfectly.

Have you read the official documentation
(http://www.exim.org/exim-html-4.66/doc/html/spec_html/)? Chapters 1, 3, and
6 are required reading to begin with. Since you are using Ubuntu you must
also read /usr/share/doc/exim4-base/README.Debian.html. Then read chapters
15, 16, 22, 24, and 26.

Here are some random links:

http://www.debian-administration.org/articles/140
http://www.tty1.net/virtual_domains_en.html

Do you want to involve a DBMS or do you want to use plain text files?

What POP or IMAP server are you using to let the users read their mail?

> but for some reason I can not find information on creating the mailbox &
> user/pass.

Exim can create the target file or maildir automatically if it doesn't exist.
It's controlled by the create_directory and create_file options of the
appendfile router.

Exim can not help you create user accounts or set their passwords, but it can
use many backends to authenticate the users if you want them to use SMTP
AUTH. You have to setup the POP/IMAP server to use the same database
(preferably) first.

> I would also like to have it forward all emails for that box into a folder.

You should be able to figure that out yourself by now.

--
Magnus Holmgren holmgren@lysator.liu.se
(No Cc of list mail needed, thanks)

"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
Re: Exim4 [ In reply to ]
???????? ??????? via Exim-users <exim-users@exim.org> (Mi 30 Mai 2018 09:34:22 CEST):
> Help me please. Exim does not send letters with attachments ... there is
> nothing in the logs. In the logs, only the successful delivery of a text
> message is displayed.

Exim should be agnostic with regard of attachments. As long as you do
not configure MIME ACLs, but then you should find traces in the logs.

How do you send the message?

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -