Blocking docx with rar

K

koby

Renowned Member
Jun 21, 2012
135
4
83
Natanya , Israel
Hello Guys ,
I would like to ask please , why block rules with ==> application/vnd\.rar (rar)
Is block *.docx....

One more question please :

Where I can find why mail was blocking exactly ,
Because currently I was needed to eliminate one at the time to find out which one causing me trouble.

Thanks,
Koby Peleg Hen
 
koby said:
I would like to ask please , why block rules with ==> application/vnd\.rar (rar)
Click to expand...
it should not - afaik docx and rar have nothing in common

koby said:
Where I can find why mail was blocking exactly ,
Click to expand...
you should be able to see which rule caused a mail to be blocked/quarantined/accepted in the mail.log (/var/log/mail.log, or `journalctl -b`)

I hope this helps!
 
Hello Guys ,
I would you to check this please ,
I was setting a rule name " Block Archive file Type" which ment to be blocking all king of archive (zip , rar etc..)
By all mean not for blacking docx file type.

Here is my mail.log :
"
Oct 1 16:45:20 smg01 postfix/smtpd[39356]: connect from localhost[127.0.0.1]
Oct 1 16:45:20 smg01 postfix/smtpd[39356]: 25C8260E1E: client=localhost[127.0.0.1]
Oct 1 16:45:20 smg01 postfix/cleanup[39357]: 25C8260E1E: message-id=<20201001134520.25C8260E1E@smg01.mksoft.co.il>
Oct 1 16:45:20 smg01 postfix/qmgr[34827]: 25C8260E1E: from=<postmaster@smg01.mksoft.co.il>, size=2073, nrcpt=1 (queue active)
Oct 1 16:45:20 smg01 pmg-smtp-filter[33364]: 60DDB5F75DD6F1193E: notify <koby@mksoft.co.il> (rule: Block On Archive FileType, 25C8260E1E)
Oct 1 16:45:20 smg01 postfix/smtpd[39356]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Oct 1 16:45:20 smg01 pmg-smtp-filter[33364]: 60DDB5F75DD6F1193E: moved mail for <koby@mksoft.co.il> to spam quarantine - 60F545F75DD702D5E9 (rule: Block On Archive FileType)
Oct 1 16:45:20 smg01 pmg-smtp-filter[33364]: 60DDB5F75DD6F1193E: processing time: 1.119 seconds (0.947, 0.048, 0)
Oct 1 16:45:20 smg01 postfix/smtpd[39347]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (60DDB5F75DD6F1193E); from=<kph.hunter@gmail.com> to=<koby@mksoft.co.il> proto=ESMTP helo=<mail-yb1-f17
1.google.com>
Oct 1 16:45:20 smg01 postfix/smtpd[39347]: disconnect from mail-yb1-f171.google.com[209.85.219.171] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
Oct 1 16:45:21 smg01 pmgmirror[16631]: starting cluster syncronization
Oct 1 16:45:21 smg01 pmgmirror[16631]: cluster syncronization finished (0 errors, 0.02 seconds (files 0.00, database 0.02, config 0.00))
Oct 1 16:45:21 smg01 postfix/smtp[39358]: 25C8260E1E: to=<koby@mksoft.co.il>, relay=mksoft-co-il.mail.protection.outlook.com[104.47.17.74]:25, delay=1.6, delays=0.04/0.05/0.81/0.72, dsn=2.6
.0, status=sent (250 2.6.0 <20201001134520.25C8260E1E@smg01.mksoft.co.il> [InternalId=1245540522025, Hostname=DB7PR05MB5018.eurprd05.prod.outlook.com] 9368 bytes in 0.119, 76.556 KB/sec Queu
ed mail for delivery)
Oct 1 16:45:21 smg01 postfix/qmgr[34827]: 25C8260E1E: removed
"


Here is my quarantine blocking log
"
Delivered-To: koby@mksoft.co.il
Return-Path: kph.hunter@gmail.com
Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180])
by smg01.mksoft.co.il (Proxmox) with ESMTP
for <koby@mksoft.co.il>; Thu, 1 Oct 2020 16:53:45 +0300 (IDT)
Received: by mail-yb1-f180.google.com with SMTP id h9so4081008ybm.4
for <koby@mksoft.co.il>; Thu, 01 Oct 2020 06:53:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=GWuCx1AdrDfgEX0b88qQmmiM5jr+NjtUSpGSR7UHBIc=;
b=h82OPNknqCM7EtF+SJgukhmuMja09tBjE5zl58v0kedSRUfEhd459+KG0NpC6F5F+r
hnjBHT91IAJtQRt7AiTaJlGdIivHc4uJyRhsBB+9pMmYpueUsDHpfjosboEG+hXFK8mY
Wx4hNVEvAyXeNy2TT4PdqAuyB1JiE5RP7cGrRbi2/EEW0Ao1GDizSKQkXJbB0ZjoC/is
dmm62ZBaOnv43T+fPmQastuMs8CsUwyYdHBWa2to5bDBdAPNm/cjdd5+l7XM0wWoVcvY
8zCUQHLvMWyWurgtWw2LLabDcAMp8+39Brfst9d4mNo+SSm+Su99YiHTwG4PEkG/jkEt
CIVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=GWuCx1AdrDfgEX0b88qQmmiM5jr+NjtUSpGSR7UHBIc=;
b=rFbnCI+M6lqFdUKUOh/6N3YQHlbR4l9YN9/+z/jrdHys2Z4jqpTPD3XDbf8HM+P1s3
wIR4kZ7QsqylAJZuxIYG8OkotcmrszxOD8x5Az/1iCzhGmbmosPdhuKEz1k9QUHWlsFa
vT2K278IFXvXvKqNNxM0b1clsNQXqK3mZW5ND0tgAfWTYkyYFYEVFHznlekN2Uhf49r4
EYpgQPVcOj/OrSDfLhv783+av3ZIL5OWYNgAPJtHRKBquQcnkIvRXhU9jMD1W7mRpuuk
z95JmcGFrREF/AjbbrMkrsxQBDijy4x7I1spO5Mg6lKbM8FvtYuEH91ktFzznF7EzWtk
EIdA==
X-Gm-Message-State: AOAM5318TL+KH1oDyXGKA3dVPdANxQE5H3ZYafL61FYEV34fAlYpoXj7
Ck1A4Z6f0CdtQYNlvXEoHttO/mHH/xgleVHyhguWJdFkrvY=
X-Google-Smtp-Source: ABdhPJxIdGGxkWow4IbKfee7lkwj0vHVHdjAxPRiKZV8aGbkmJe3FOzkoxaObNxD1r+BUNxlWfEtQyrfD42eSlD+iFA=
X-Received: by 2002:a25:ae9e:: with SMTP id b30mr9755905ybj.281.1601560423896;
Thu, 01 Oct 2020 06:53:43 -0700 (PDT)
MIME-Version: 1.0
From: =?UTF-8?B?16fXldeR15kg16TXnNeSINeX158=?= <kph.hunter@gmail.com>
Date: Thu, 1 Oct 2020 16:53:32 +0300
Message-ID: <CA+MqEvMDaXrPn3MrY5F7zH1fdsuxfjRD5kds9torhAnc0MT+pQ@mail.gmail.com>
Subject: e1
To: koby <koby@mksoft.co.il>
Content-Type: multipart/mixed; boundary="0000000000002774f205b09c5851"
X-SmgPro: Checked & Verified by SmgPro - Mksoft Systems


--0000000000002774f205b09c5851
Content-Type: multipart/alternative; boundary="0000000000002774ef05b09c584f"

--0000000000002774ef05b09c584f
Content-Type: text/plain; charset="UTF-8"

--0000000000002774ef05b09c584f
Content-Type: text/html; charset="UTF-8"

<div dir="rtl"><br></div>

--0000000000002774ef05b09c584f--

--0000000000002774f205b09c5851
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;
name="MAMRAM_HOURS_07_2020.docx"
Content-Disposition: attachment; filename="MAMRAM_HOURS_07_2020.docx"
Content-Transfer-Encoding: base64
Content-ID: <f_kfqvpu5r0>
X-Attachment-Id: f_kfqvpu5r0
"

And here is the pic of my rule for you to see :

1601560850347.png


1601560917914.png1601560954700.png

Does anyone have the same issue ?
Thank for any help.

Koby Pleg Hen
 
Thanks for sharing your config, the mail and the logs - with this I could reproduce the issue:
docx is basically a zipped xml - see https://en.wikipedia.org/wiki/Office_Open_XML
so the content type filter matches.
The content type matches zip files (which are different and have a different mime-type from .rar files)

You have the following possibilities:
* create a rule with a higher priority, which accepts mails with docx/xlsx filetypes ('application/vnd\.openxmlformats-officedocument.*' should work)
* maybe a bit more robust - create the rule matching for the filename '.*.docx'

* change the Block ArchiveFile Type to match for the filename as well

(of course there is the difference between filename (which is provided by the mail-sender (or their client) and the mime-type (which is deduced from the file contents (roughly what `file(1)` does) )

I hope this explains it!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back