Add $banned_namepath_re on only RHEL/CentOS.
This commit is contained in:
parent
33cfc5fec3
commit
777bdcc157
|
@ -62,19 +62,16 @@ and it may not be working as expected.</p>
|
|||
prompt you to choose different versions of binary packages, please choose
|
||||
the one described below:</p>
|
||||
<ul>
|
||||
<li><code>php-5.6.x</code> is recommended, but it's ok if you want to use another version</li>
|
||||
<li>choose <code>postfix-2.11.x</code></li>
|
||||
<li>choose <code>p5-Mail-SPF</code>, NOT <code>p5-Mail-SPF-Query</code></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<p>Apache chroot is disabled by default, required by iRedAdmin - the web-based
|
||||
admin panel.</p>
|
||||
<p>Nginx is used as web server.</p>
|
||||
</li>
|
||||
<li>PF is enabled by default, with basic rules for ssh and mail services.</li>
|
||||
<li>System built-in <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/spamd.8"><code>spamd(8)</code></a> is enabled by default for greylisting,
|
||||
whitelisting, blacklisting.</li>
|
||||
<li>Sendmail and OpenSMTPd are disabled by default, replaced by Postfix.</li>
|
||||
<li>OpenSMTPd are disabled by default, replaced by Postfix.</li>
|
||||
</ul>
|
||||
<h2 id="preparations">Preparations</h2>
|
||||
<h3 id="set-a-fully-qualified-domain-name-fqdn-hostname-on-your-server">Set a fully qualified domain name (FQDN) hostname on your server</h3>
|
||||
|
|
|
@ -62,7 +62,7 @@
|
|||
<p><strong>WARNING: Still working in progress, do <em>NOT</em> apply it.</strong></p>
|
||||
<h2 id="changelog">ChangeLog</h2>
|
||||
<ul>
|
||||
<li>2015-05-03: [All backends] Fixed: Amavisd cannot ban zipped <code>.exe</code> attachment file.</li>
|
||||
<li>2015-05-03: [All backends] [RHEL/CentOS] Fixed: Amavisd cannot ban zipped <code>.exe</code> attachment file.</li>
|
||||
<li>2015-04-21: [All backends] [Debian/Ubuntu] Fixed: Amavisd cannot detect <code>.exe</code> file in rar compressed attachment.</li>
|
||||
<li>2015-04-21: [All backends] Fixed: Incorrect log file and owner/group in logrotate config file: /etc/logrotate.d/policyd.</li>
|
||||
<li>2015-04-06: [All backends] Make Dovecot subscribe newly created folder automatically.</li>
|
||||
|
@ -189,6 +189,7 @@ log). If your user's password was cracked by spammer, spammer can use this
|
|||
account to bypass smtp authentication, but with a null sender in <code>From:</code>
|
||||
header, throttling won't be triggered.</p>
|
||||
<h3 id="fixed-amavisd-cannot-ban-zipped-exe-attachment-file">Fixed: Amavisd cannot ban zipped <code>.exe</code> attachment file.</h3>
|
||||
<p>Note: this is applicable to only RHEL/CentOS.</p>
|
||||
<p>Amavisd on some Linux/BSD distribution uses <code>$banned_namepath_re</code>
|
||||
instead of <code>$banned_filename_re</code> to check banned file types, but it
|
||||
(<code>$banned_namepath_re</code>) was not defined, so we define some blocked file
|
||||
|
@ -214,7 +215,7 @@ types here.</p>
|
|||
# - N: suggested (MIME) name. e.g. my_docum.zip.
|
||||
|
||||
$banned_namepath_re = new_RE(
|
||||
[qr'T=(exe|exe-ms|dat|lha|cab|dll)\t'xmi => 'DISCARD'], # banned file(1) types
|
||||
[qr'T=(exe|exe-ms|lha|cab|dll)\t'xmi => 'DISCARD'], # banned file(1) types
|
||||
[qr'T=(pif|scr)\t'xmi => 'DISCARD'], # banned extensions - rudimentary
|
||||
[qr'T=ani\t'xmi => 'DISCARD'], # banned animated cursor file(1) type
|
||||
[qr'T=(mim|b64|bhx|hqx|xxe|uu|uue)\t'xmi => 'DISCARD'], # banned extension - WinZip vulnerab.
|
||||
|
|
|
@ -32,16 +32,13 @@ Notes:
|
|||
prompt you to choose different versions of binary packages, please choose
|
||||
the one described below:
|
||||
|
||||
* `php-5.6.x` is recommended, but it's ok if you want to use another version
|
||||
* choose `postfix-2.11.x`
|
||||
* choose `p5-Mail-SPF`, NOT `p5-Mail-SPF-Query`
|
||||
|
||||
* Apache chroot is disabled by default, required by iRedAdmin - the web-based
|
||||
admin panel.
|
||||
* Nginx is used as web server.
|
||||
* PF is enabled by default, with basic rules for ssh and mail services.
|
||||
* System built-in [`spamd(8)`](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/spamd.8) is enabled by default for greylisting,
|
||||
whitelisting, blacklisting.
|
||||
* Sendmail and OpenSMTPd are disabled by default, replaced by Postfix.
|
||||
* OpenSMTPd are disabled by default, replaced by Postfix.
|
||||
|
||||
## Preparations
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ __WARNING: Still working in progress, do _NOT_ apply it.__
|
|||
|
||||
## ChangeLog
|
||||
|
||||
* 2015-05-03: [All backends] Fixed: Amavisd cannot ban zipped `.exe` attachment file.
|
||||
* 2015-05-03: [All backends] [RHEL/CentOS] Fixed: Amavisd cannot ban zipped `.exe` attachment file.
|
||||
* 2015-04-21: [All backends] [Debian/Ubuntu] Fixed: Amavisd cannot detect `.exe` file in rar compressed attachment.
|
||||
* 2015-04-21: [All backends] Fixed: Incorrect log file and owner/group in logrotate config file: /etc/logrotate.d/policyd.
|
||||
* 2015-04-06: [All backends] Make Dovecot subscribe newly created folder automatically.
|
||||
|
@ -152,6 +152,8 @@ header, throttling won't be triggered.
|
|||
|
||||
### Fixed: Amavisd cannot ban zipped `.exe` attachment file.
|
||||
|
||||
Note: this is applicable to only RHEL/CentOS.
|
||||
|
||||
Amavisd on some Linux/BSD distribution uses `$banned_namepath_re`
|
||||
instead of `$banned_filename_re` to check banned file types, but it
|
||||
(`$banned_namepath_re`) was not defined, so we define some blocked file
|
||||
|
@ -179,7 +181,7 @@ Please append below settings in Amavisd config file, before the last line
|
|||
# - N: suggested (MIME) name. e.g. my_docum.zip.
|
||||
|
||||
$banned_namepath_re = new_RE(
|
||||
[qr'T=(exe|exe-ms|dat|lha|cab|dll)\t'xmi => 'DISCARD'], # banned file(1) types
|
||||
[qr'T=(exe|exe-ms|lha|cab|dll)\t'xmi => 'DISCARD'], # banned file(1) types
|
||||
[qr'T=(pif|scr)\t'xmi => 'DISCARD'], # banned extensions - rudimentary
|
||||
[qr'T=ani\t'xmi => 'DISCARD'], # banned animated cursor file(1) type
|
||||
[qr'T=(mim|b64|bhx|hqx|xxe|uu|uue)\t'xmi => 'DISCARD'], # banned extension - WinZip vulnerab.
|
||||
|
|
Loading…
Reference in New Issue