Hello Jean! On Sunday 08 August 2021 01:13:27 Jean-Michel Brünn wrote: > Hi there, > > I've setup amavisd-new with amavisd-milter (amavisd-new 2.11.1, > amavisd-milter 1.7.1, Postfix 3.5.6). > > I'm using D_REJECT for $final_virus_destination. If I use telnet I can > see that it does reject correctly: > > Connected to mail.no-uce.de. > Escape character is '^]'. > 220 mail.no-uce.de ESMTP Postfix > EHLO example.com > 250-mail.no-uce.de > 250-PIPELINING > 250-SIZE > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250-DSN > 250-SMTPUTF8 > 250 CHUNKING > MAIL FROM:<[email protected]> > 250 2.1.0 Ok > RCPT TO:<[email protected]> > 250 2.1.5 Ok > DATA > 354 End data with <CR><LF>.<CR><LF> > << EICAR SIGNATURE HERE >> > > . > *554 5.7.0 Reject, id=06986-07 - INFECTED: Eicar-Signature* > quit > 221 2.0.0 Bye > Connection closed by foreign host. > > So that seems to work. > > If I use my gmail address and send an E-Mail from gmail to my server I > can see it rejected in the logs: > > Aug 8 01:00:00 mail amavis[6987]: (06987-07) Blocked INFECTED > (Eicar-Signature) {*RejectedInbound*}, AM.PDP-SOCK [209.85.208.41] > [209.85.208.41] <[email protected]> -> <[email protected]>, > Queue-ID: C2D7113F99D, Message-ID: > <CAHJLFye_NLns9UekM=mexnxbb8efyxbo0a7+n99kyqqtpxl...@mail.gmail.com>, > mail_id: QNMup7dScVzw, Hits: -, size: 3173, > dkim_sd=20161025:gmail.com, 462 ms > Aug 8 01:00:00 mail postfix/cleanup[7313]: C2D7113F99D: > milter-reject: END-OF-MESSAGE from > mail-ed1-f41.google.com[209.85.208.41]:*5.7.0 Reject*, id=06987-07 - > INFECTED: Eicar-Signature; from=<[email protected]> > to=<[email protected]> proto=ESMTP helo=<mail-ed1-f41.google.com> > > (and no, xxx@ is not my real gmail address :-)) > > So that seems to work as well. > > > But: I never get anything (DSN?) in my gmail mail. So I'm wondering if I > configured something wrongly on my side or if google just discards some > specific DSNs. > > If I send an E-Mail from gmail to a non-existing mail address I get a > message in my gmail inbox, that that address does not exist.
In this case when recipient email address does not exist, target SMTP server usually returns error code for RCPT TO command. But of course, it is possible to accept RCPT TO and then reject DATA command. Could you try to reconfigure your server to reject RCPT TO command? It would be good to verify if something changes or not. I do not see any obvious issue neither from telnet output nor from log. > I was searching in all folders of that gmail web account but I couldn't > find it anywhere. > > > I'm curious: anyone else observed this behavior with gmail? If google > does not inform their users about mails that were rejected, this might > be very problematic, hence I'm a bit confused and wondering if I > configured something wrong. More people told me about similar issues with Gmail. Basically Gmail is known to "eat" emails in both direction. Not exactly this issue but from past I also have experiences when Gmail somewhere lost emails. So I'm not surprised that on gmail you have not got any notification that email was rejected. Funny part is that sometimes also google services (e.g. google groups) are not able to deliver emails to gmail account. In past I got advice that for sending & receiving emails on gmail, just use gmail account. > Jean > >
