Mail server bouncing emails

M

Mike Healan

Verified User
Joined
Dec 1, 2003
Messages
19
My users are reporting that the server is bouncing emails with certain kinds of attachments. I've confirmed that my web host has not installed any kind of antivirus to do that and the recipients are not bouncing it with client-side antivirus.

Is there something in DirectAdmin doing this? And how can I disable or configure it if it is?


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
This message has been rejected because it has
a potentially executable attachment
Choose Your Q1'04 Compensation Structure Now!.eml
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
Click to expand...
 
I just found out when hotmail did their latest upgrades part of the changes were to check that the host that sent the mail resolved the ip properly (one of our did't). Hotmail appears to be doing foward lookups...

I am telling you this because it is possible for someone to setup the email server to do foward or reverse lookups for all email or email sent with attachments. Is is possible that you don't have your dns resolving properly? This looks exactly like the type of message exim would give you with a DNS error.

Check you DNS and make sure the reverse matches the forward for your email server.
 
That wouldn't be the issue in my case. An email account on one domain on the server is getting this from another email account on another domain on that same server.
 
I filter out a few domains on my own account, but that's it. Nothing is filtered on another domain that also bounced attachments back to me. There is no virus checking of any kind on the server so far as my host knows. They're just as baffled as I am.
 
Hello,

The included system_filter.exim filter will block all potentially hazardous attachments. You can disable the system_filter by editing the /etc/exim.conf file and commenting out this line:

system_filter = /etc/system_filter.exim

to

# system_filter = /etc/system_filter.exim

then

service exim restart

John
 
Ok, cool. Is that server wide or domain by domain?
Is there a way to control what kind of files it will bounce for? Or just on or off?
 
if it's in exim.conf it's probably server wide. I've taken a look at system_filter.exim and I believe you can very well state which files to bounce and which not.

just download your copy of system_filter.exim and take a look at it.
 
After I looked at it I saw a specific virus domain being blocked so I tried sending it impersonating that domain. It actually got blocked.

This answers yours question but raises one with me :D

If virus mails are blocked how come only few virus mails are blocked and will this list ever be updated? I could imagine that keeping this list up to date wil ensure maximum security against virusses
 
Hello,

The list is just blocking all email types that can carry viruses. So new viruses will most likely be hidden inside one of the existing file types that are block (so far :))

As for block on a per-domain basis.. this can be done by adding the filter to /etc/virtual/domain.com/filter ... however, it will be overwritten upon any change of the filters through DirectAdmin.

John
 
I like this feature, however I have people complaining that .doc, .pdf and other typically benign types are being blocked, I just confirmed by trying to send a .zip file to someone on this server and it was chewed up by the filter.

I've looked at the system_filter file and "zip" "doc" and "pdf" aren't even in the file anywhere so I'm confused as to how it's getting blocked or why.
 
You must log in or register to reply here.
Back
Top