amavisd blockiert definierten Anhänge nicht

10 Nov 2016


      Hallo Postfix und amavisd Profis!
Amavisd blockiert die definierten Anhänge nicht, obwohl diese definiert 
und in den Policies AM.PDP-SOCK und MYSUBMITTERS lt. maillog ja auch 
richtig angesprochen werden.
Woran kann das liegen?
Anbei meine Policies in der amavisd.conf und anschl. die beiden Auszüge 
aus dem Maillog:
*Policy für MTA zu MTA*
$policy_bank{'AM.PDP-SOCK'} = {
     protocol => 'AM.PDP',
     auth_required_release => 0,
};
*
*
*Policy für Submission
*$policy_bank{'MYSUBMITTERS'} = {
     originating              => 1,
     banned_filename_maps     => ['DEFAULT'],
     warnbadhsender           => 1,
     notify_method  => 'smtp:[127.0.0.1]:10025',
     forward_method => 'smtp:[127.0.0.1]:10025',
};
*Meine Definitionen*
%banned_rules = (
     'NO-MS-EXEC'=> new_RE( qr'^.(exe-ms)$' ),
     'PASSALL'   => new_RE( [qr'^' => 0] ),
     'ALLOW_EXE' => new_RE( qr'..(vbs|pif|scr|bat)$'i, [qr'^.exe$' => 
0] ),
     'ALLOW_VBS' => new_RE( [qr'..vbs$' => 0] ),
     'NO-VIDEO'  => new_RE( qr'^.movie$', 
qr'..(asf|asx|mpg|mpe|mpeg|avi|mp3|wav|wma|wmf|wmv|mov|vob)$'i, ),
     'NO-MOVIES' => new_RE( qr'^.movie$', qr'..(mpg|avi|mov)$'i, ),
     'MYNETS-DEFAULT' => new_RE( [ qr'^.(rpm|cpio|tar)$' => 0 ], 
qr'..(zip|vbs|pif|scr)$'i, ),
     'DEFAULT' => $banned_filename_re,
);
$banned_filename_re = new_RE(
     # banned file(1) types, rudimentary
     qr'^.(exe-ms|dll)$',
     # allow any in Unix-type archives
     [ qr'^.(rpm|cpio|tar)$'       => 0 ],
     # banned extensions - rudimentary
     qr'..(pif|scr)$'i,
     # block these MIME types
     qr'^application/x-msdownload$'i,
     qr'^application/x-msdos-program$'i,
     qr'^application/hta$'i,
     # block certain double extensions in filenames
qr'^(?!cid:).*.[^./]*[A-Za-z][^./]*.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
     # banned extension - basic+cmd
     qr'..(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i,
     qr'..(zip)$'i,
);
*
Gesendet über Submission port *
Nov 10 10:45:19 mail postfix/submission/smtpd[2771]: connect from 
unknown[89.26.12.241]
Nov 10 10:45:19 mail postfix/submission/smtpd[2771]: Anonymous TLS 
connection established from unknown[89.26.12.241]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits)
Nov 10 10:45:19 mail postfix/submission/smtpd[2771]: D7B26209B6: 
client=unknown[89.26.12.241], sasl_method=PLAIN, sasl_username=andi@wassa.at
Nov 10 10:45:19 mail postfix/cleanup[2784]: D7B26209B6: 
message-id=582441AF.90905@wassa.at
Nov 10 10:45:20 mail amavis[2769]: (02769-01) Checking: 1TlSqvTJaKWJ 
AM.PDP-SOCK/MYSUBMITTERS [89.26.12.241] andi@wassa.at -> andi@wassa.at
Nov 10 10:45:20 mail amavis[2769]: (02769-01) p003 1 Content-Type: 
multipart/mixed
Nov 10 10:45:20 mail amavis[2769]: (02769-01) p001 1/1 Content-Type: 
text/plain, size: 1 B, name:
Nov 10 10:45:20 mail amavis[2769]: (02769-01) p002 1/2 Content-Type: 
application/octet-stream, size: 38912 B, name: *AdapterTroubleshooter.exe*
Nov 10 10:45:20 mail amavis[2769]: (02769-01) spam-tag, andi@wassa.at 
-> andi@wassa.at, No, score=-1 tagged_above=-1000 required=6.31 
tests=[ALL_TRUSTED=-1] autolearn=ham autolearn_force=no
Nov 10 10:45:20 mail amavis[2769]: (02769-01) Passed CLEAN 
{AcceptedInternal}, *AM.PDP-SOCK/MYSUBMITTERS* LOCAL [89.26.12.241] 
[89.26.12.241] andi@wassa.at -> andi@wassa.at, Queue-ID: D7B26209B6, 
Message-ID: 582441AF.90905@wassa.at, mail_id: 1TlSqvTJaKWJ, Hits: -1, 
size: 54336, 694 ms
Nov 10 10:45:20 mail amavis[2769]: (02769-01) TIMING-SA total 570 ms - 
parse: 5 (0.9%), extract_message_metadata: 9 (1.5%), 
get_uri_detail_list: 0.25 (0.0%), tests_pri_-1000: 9 (1.6%), 
tests_pri_-950: 2.5 (0.4%), tests_pri_-900: 1.69 (0.3%), tests_pri_-400: 
1.27 (0.2%), tests_pri_0: 454 (79.7%), check_dkim_signature: 2.5 (0.4%), 
check_dkim_adsp: 7 (1.2%), check_spf: 0.49 (0.1%), check_razor2: 400 
(70.3%), check_pyzor: 0.21 (0.0%), tests_pri_500: 3.4 (0.6%), learn: 57 
(10.1%), b_learn: 55 (9.7%), b_count_change: 6 (1.1%), get_report: 0.45 
(0.1%)
Nov 10 10:45:20 mail amavis[2769]: (02769-01) size: 54336, TIMING [total 
702 ms] - got data: 0.0 (0%)0, check_init: 5 (1%)1, digest_hdr: 1.1 
(0%)1, digest_body: 0.8 (0%)1, collect_info: 3.4 (0%)1, mkdir parts: 22 
(3%)5, mime_decode: 20 (3%)7, get-file-type2: 13 (2%)9, decompose_part: 
15 (2%)12, parts_decode: 0.1 (0%)12, check_header: 0.7 (0%)12, 
AV-scan-1: 27 (4%)15, spam-wb-list: 1.3 (0%)16, SA msg read: 0.8 (0%)16, 
SA parse: 6 (1%)17, SA check: 563 (80%)97, decide_mail_destiny: 3.9 
(1%)97, notif-quar: 0.6 (0%)97, prepare-dsn: 3.8 (1%)98, report: 1.6 
(0%)98, main_log_entry: 5 (1%)99, update_snmp: 6 (1%)100, rundown: 1.3 
(0%)100
Nov 10 10:45:20 mail postfix/qmgr[1102]: D7B26209B6: 
from=andi@wassa.at, size=54430, nrcpt=1 (queue active)
Nov 10 10:45:20 mail dovecot: lmtp(2790): Connect from 127.0.0.1
Nov 10 10:45:20 mail postfix/submission/smtpd[2771]: disconnect from 
unknown[89.26.12.241]
Nov 10 10:45:21 mail dovecot: lmtp(andi@wassa.at): 
9+MNNrBBJFjmCgAAu6NIgg: msgid=582441AF.90905@wassa.at: saved mail to INBOX
Nov 10 10:45:21 mail postfix/lmtp[2789]: D7B26209B6: to=andi@wassa.at, 
relay=127.0.0.1[127.0.0.1]:24, delay=1.3, delays=1/0.01/0.01/0.23, 
dsn=2.0.0, status=sent (250 2.0.0 andi@wassa.at 9+MNNrBBJFjmCgAAu6NIgg 
Saved)
Nov 10 10:45:21 mail dovecot: lmtp(2790): Disconnect from 127.0.0.1: 
Successful quit
Nov 10 10:45:21 mail postfix/qmgr[1102]: D7B26209B6: removed
*Gesendet von MTA ZU MTA*
Nov 10 10:46:08 mail postfix/postscreen[2791]: CONNECT from 
[89.26.12.242]:39271 to [172.31.1.100]:25
Nov 10 10:46:08 mail postfix/postscreen[2791]: PASS OLD [89.26.12.242]:39271
Nov 10 10:46:09 mail postfix/smtpd[2795]: connect from 
mail1.glasgasperlmair.at[89.26.12.242]
Nov 10 10:46:09 mail postfix/smtpd[2795]: 42FD0209BB: 
client=mail1.glasgasperlmair.at[89.26.12.242]
Nov 10 10:46:09 mail postfix/cleanup[2784]: 42FD0209BB: 
resent-message-id=mm_8McFZG0iK-ai4up9dD03fx@mail1.glasgasperlmair.at
Nov 10 10:46:09 mail postfix/cleanup[2784]: 42FD0209BB: 
message-id=582441CE.2020806@glas-gasperlmair.at
Nov 10 10:46:09 mail amavis[2770]: (02770-01) Checking: Xb0YiIeoenTQ 
AM.PDP-SOCK [89.26.12.242] a.wass@glas-gasperlmair.at -> andi@wassa.at
Nov 10 10:46:09 mail amavis[2770]: (02770-01) p004 1 Content-Type: 
multipart/mixed
Nov 10 10:46:09 mail amavis[2770]: (02770-01) p005 1/1 Content-Type: 
multipart/alternative
Nov 10 10:46:09 mail amavis[2770]: (02770-01) p001 1/1/1 Content-Type: 
text/plain, size: 265 B, name:
Nov 10 10:46:09 mail amavis[2770]: (02770-01) p002 1/1/2 Content-Type: 
text/html, size: 622 B, name:
Nov 10 10:46:09 mail amavis[2770]: (02770-01) p003 1/2 Content-Type: 
application/octet-stream, size: 38912 B, name: *AdapterTroubleshooter.exe*
Nov 10 10:46:10 mail amavis[2770]: (02770-01) spam-tag, 
a.wass@glas-gasperlmair.at -> andi@wassa.at, No, score=0.001 
tagged_above=-1000 required=6.31 tests=[HTML_MESSAGE=0.001] 
autolearn=ham autolearn_force=no
Nov 10 10:46:10 mail amavis[2770]: (02770-01) Passed CLEAN 
{AcceptedInbound}, *AM.PDP-SOCK* [89.26.12.242] [89.26.12.242] 
a.wass@glas-gasperlmair.at -> andi@wassa.at, Queue-ID: 42FD0209BB, 
Message-ID: 582441CE.2020806@glas-gasperlmair.at, Resent-Message-ID: 
mm_8McFZG0iK-ai4up9dD03fx@mail1.glasgasperlmair.at, mail_id: 
Xb0YiIeoenTQ, Hits: 0.001, size: 56550, 889 ms
Nov 10 10:46:10 mail amavis[2770]: (02770-01) TIMING-SA total 751 ms - 
parse: 3.5 (0.5%), extract_message_metadata: 33 (4.4%), 
get_uri_detail_list: 2.4 (0.3%), tests_pri_-1000: 31 (4.1%), 
tests_pri_-950: 1.20 (0.2%), tests_pri_-900: 1.32 (0.2%), 
tests_pri_-400: 0.97 (0.1%), tests_pri_0: 573 (76.3%), 
check_dkim_signature: 3.3 (0.4%), check_dkim_adsp: 6 (0.8%), check_spf: 
13 (1.8%), poll_dns_idle: 0.98 (0.1%), check_razor2: 457 (60.9%), 
check_pyzor: 0.76 (0.1%), tests_pri_500: 6 (0.8%), learn: 80 (10.7%), 
b_learn: 76 (10.1%), b_count_change: 20 (2.7%), get_report: 0.41 (0.1%)
Nov 10 10:46:10 mail amavis[2770]: (02770-01) size: 56550, TIMING [total 
894 ms] - got data: 0.0 (0%)0, check_init: 4.6 (1%)1, digest_hdr: 1.3 
(0%)1, digest_body: 0.7 (0%)1, collect_info: 7 (1%)2, mkdir parts: 1.6 
(0%)2, mime_decode: 33 (4%)5, get-file-type3: 32 (4%)9, decompose_part: 
16 (2%)11, parts_decode: 0.1 (0%)11, check_header: 0.8 (0%)11, 
AV-scan-1: 26 (3%)14, spam-wb-list: 1.2 (0%)14, SA msg read: 0.6 (0%)14, 
SA parse: 4.3 (0%)14, SA check: 745 (83%)98, decide_mail_destiny: 3.9 
(0%)98, notif-quar: 0.5 (0%)98, prepare-dsn: 3.3 (0%)99, report: 1.7 
(0%)99, main_log_entry: 5 (1%)99, update_snmp: 3.5 (0%)100, rundown: 1.4 
(0%)100
Nov 10 10:46:10 mail postfix/qmgr[1102]: 42FD0209BB: 
from=a.wass@glas-gasperlmair.at, size=56578, nrcpt=1 (queue active)
Nov 10 10:46:10 mail postfix/smtpd[2795]: disconnect from 
mail1.glasgasperlmair.at[89.26.12.242]
Nov 10 10:46:10 mail dovecot: lmtp(2790): Connect from 127.0.0.1
Nov 10 10:46:10 mail dovecot: lmtp(andi@wassa.at): 
AQyGE+JBJFjmCgAAu6NIgg: msgid=582441CE.2020806@glas-gasperlmair.at: 
saved mail to INBOX
Nov 10 10:46:10 mail postfix/lmtp[2789]: 42FD0209BB: to=andi@wassa.at, 
relay=127.0.0.1[127.0.0.1]:24, delay=1.3, delays=1.2/0/0/0.11, 
dsn=2.0.0, status=sent (250 2.0.0 andi@wassa.at AQyGE+JBJFjmCgAAu6NIgg 
Saved)
Nov 10 10:46:10 mail dovecot: lmtp(2790): Disconnect from 127.0.0.1: 
Successful quit
Nov 10 10:46:10 mail postfix/qmgr[1102]: 42FD0209BB: removed

amavisd blockiert definierten Anhänge nicht

Andreas Wass - Glas Gasperlmair