I have this situation where most all emails with virus attachments are
getting rejected, as they should, and now recently emails with this
certain virus attached are getting temp failed, "please try again
later". I've checked our greylist, they've already passed the greylist
so for some reason they're getting temp failed and i'm not sure why.
here is some log info:
### example of what it SHOULD normally do, and does:
[EMAIL PROTECTED] log]# grep l0PFvdOe069418 spamlog
Jan 25 07:57:42 host mimedefang.pl[20624]:
MDLOG,l0PFvdOe069418,virus,Trojan.Postcard-eml-2,68***0,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,
You've received a greeting from a family member!
[EMAIL PROTECTED] log]# grep l0PFvdOe069418 maillog
Jan 25 07:57:42 host sm-mta[69418]: l0PFvdOe069418:
from=<[EMAIL PROTECTED]>, size=2673, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=a****n13.pacbell.net [****70]
Jan 25 07:57:42 host sm-mta[69418]: l0PFvdOe069418: Milter: data,
reject=554 5.7.1 Virus Trojan.Postcard-eml-2 found in mail - rejected
Jan 25 07:57:42 host sm-mta[69418]: l0PFvdOe069418: to=<[EMAIL PROTECTED]>,
delay=00:00:00, pri=32673, stat=Virus Trojan.Postcard-eml-2 found in
mail - rejected
### example of a temp fail with virus:
Jan 25 08:45:27 host mimedefang.pl[20624]:
MDLOG,l0PGj6i6003318,virus,Trojan.Downloader-656,2***.76,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,Warning:
could not send message for past 4 hours
[EMAIL PROTECTED] log]# grep l0PGj6i6003318 maillog
Jan 25 08:45:15 host sm-mta[3318]: l0PGj6i6003318:
from=<[EMAIL PROTECTED]>, size=813352, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=ha********net [20****6]
Jan 25 08:47:15 host sm-mta[3318]: l0PGj6i6003318: Milter: data,
reject=451 4.3.2 Please try again later
Jan 25 08:47:15 host sm-mta[3318]: l0PGj6i6003318:
to=<[EMAIL PROTECTED]>, delay=00:02:06, pri=843352, stat=Please try
again later
Here is my mimedefang config related to the virus scanner:
sub filter_begin {
my($entity) = @_;
if ($SuspiciousCharsInHeaders) {
md_graphdefang_log('suspicious_chars');
return action_bounce("Message rejected because of suspicious
characters in headers");
}
# Copy original message into work directory as an "mbox" file for
virus-scanning
# md_copy_orig_msg_to_work_dir_as_mbox_file();
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
# Lower level of paranoia - only looks for actual viruses
$FoundVirus = ($category eq "virus");
if ($FoundVirus) {
md_graphdefang_log('virus', $VirusName, $RelayAddr);
return action_bounce("Virus $VirusName found in mail - rejected");
}
if ($action eq "tempfail") {
action_tempfail("Problem running virus-scanner");
md_syslog('warning', "Problem running virus scanner: code=$code,
category=$category, action=$action");
}
}
Anybody have any ideas why this could be happening?
Thanks,
Scott Oertel
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
