Email File protection not working (MTA Mode)

here is a log

SFVH_VM01_SFOS 18.0.1 MR-1-Build396# tail -f /log/smtpd_main.log
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
2020-07-03 07:40:05.129 [25024] SMTP connection from [40.107.8.80]:63918 I=[192.168.2.2]:25 (TCP/IP connection count = 1)
2020-07-03 07:40:07.323 [1124] [40.107.8.80] F=<ALindl@xxxx.de> R=<andreas@yyyy.de> DKIM: dkim_verfy
2020-07-03 07:40:07.323 [1124] [40.107.8.80] F=<ALindl@xxxx.de> R=<andreas@yyyy.de> Accepted: upstream host
2020-07-03 07:40:07.593 [1124] 1jrEQh-0000I8-Cd DKIM verificaton done successfully.
2020-07-03 07:40:07.593 [1124] 1jrEQh-0000I8-Cd DKIM: d=BorderComputerC.onmicrosoft.com s=selector2-BorderComputerC-onmicrosoft-com c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
2020-07-03 07:40:07.595 [1124] 1jrEQh-0000I8-Cd <= ALindl@xxxx.de H=mail-eopbgr80080.outbound.protection.outlook.com (EUR04-VI1-obe.outbound.protection.outlook.com) [40.107.8.80]:63918 I=[192.168.2.2]:25 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=103612 M8S=0 DKIM=BorderComputerC.onmicrosoft.com RT=0.200s id=AM0PR01MB6130CC2784DABFF0E47AB548A36A0@AM0PR01MB6130.eurprd01.prod.exchangelabs.com T="Test6" from <ALindl@xxxx.de> for andreas@yyyy.de
MSG Jul 03 07:40:07 [ T_SMTPD-M]: new mail queued, add to inqueue '1jrEQh-0000I8-Cd-D'
2020-07-03 07:40:07.668 [1124] SMTP connection from mail-eopbgr80080.outbound.protection.outlook.com (EUR04-VI1-obe.outbound.protection.outlook.com) [40.107.8.80]:63918 I=[192.168.2.2]:25 closed by QUIT
2020-07-03 07:40:08.087 [25024] SMTP connection from [24.134.166.77]:57364 I=[192.168.2.2]:25 (TCP/IP connection count = 1)
MSG Jul 03 07:40:08 [ T_SMTPD-W]: Mail assigned to 'MS-25010' for scanning '1jrEQh-0000I8-Cd-D'
MSG Jul 03 07:40:08 [ MS-25010]: scan request 1jrEQh-0000I8-Cd-D
MSG Jul 03 07:40:08 [ MS-25010]: S='ALindl@xxxx.de' R='andreas@yyyy.de' Subject='Test6' Size='103612' Status='Mail has been queued for delivery.' src_ip='40.107.8.80' src_port=63918 user_id=0 user_grp_id=0 fw_id=4 src_zone_id=2
2020-07-03 07:40:08.174 [1125] SMTP connection from vpn.xxxx.de (BCSWATCH01) [24.134.166.77]:57364 I=[192.168.2.2]:25 closed by QUIT
2020-07-03 07:40:08.174 [1125] no MAIL in SMTP connection from vpn.xxxx.de (BCSWATCH01) [24.134.166.77]:57364 I=[192.168.2.2]:25 D=0.086s C=EHLO,QUIT
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: spam scanning result: 'not spam'
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: Sophos Antivirus Scanned result: Clean (file number:0)
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: Avira Antivirus Scanned result: Clean (file number:0)
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: Sophos Antivirus Scanned result: Clean (file number:-1)
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: Avira Antivirus Scanned result: Clean (file number:-1)
CRT Jul 03 07:40:08 [ MS-25010]: missing filename in this MIME part or filter_by_extension!!!
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: [0x8ebde900] FROM: ALindl@xxxx.de , TO: andreas@yyyy.de
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: [0x8ebde900](andreas@yyyy.de)SF Policy Action: ACCEPT
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: move '0GYO6D-Coh74e-9k' to forwarder queue
MSG Jul 03 07:40:08 [1jrEQh-0000I8-Cd]: 0GYO6D-Coh74e-9k <= ALindl@xxxx.de R=1jrEQh-0000I8-Cd
MSG Jul 03 07:40:08 [ MS-25010]: processing for 1jrEQh-0000I8-Cd completed
MSG Jul 03 07:40:08 [ T_SMTPD-W]: [SMTPD] mail '1jrEQh-0000I8-Cd-D' processed sucessfully
25023 1 queue-runner process running
1140 locking /sdisk/spool/output//db/retry.lockfile
1140 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
1140 Considering: andreas@yyyy.de
1140 unique = andreas@yyyy.de
1140 andreas@yyyy.de: queued for routing
1140 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
1140 routing andreas@yyyy.de
1140 --------> router_for_notifications router <--------
1140 local_part=andreas domain=yyyy.de
1140 checking "condition" "${if and{{bool_lax{0}}{bool_lax{${if eq{$acl_c1}{1}{1}{0}}}}}}"...
1140 router_for_notifications router skipped: condition failure
1140 --------> batv_redirect router <--------
1140 local_part=andreas domain=yyyy.de
1140 checking domains
1140 calling batv_redirect router
1140 expanded:
1140 file is not a filter file
1140 parse_forward_list:
1140 batv_redirect router declined for andreas@yyyy.de
1140 --------> static_route_hostlist_for_email router <--------
1140 local_part=andreas domain=yyyy.de
1140 checking "condition" "${if match_address{$local_part@$domain}{+hostlist_route_emails}{1}{0}}"...
1140 calling static_route_hostlist_for_email router
1140 static_route_hostlist_for_email router called for andreas@yyyy.de
1140 domain = yyyy.de
1140 static_route_hostlist_for_email router declined for andreas@yyyy.de
1140 --------> static_route_hostlist router <--------
1140 local_part=andreas domain=yyyy.de
1140 checking domains
1140 calling static_route_hostlist router
1140 static_route_hostlist router called for andreas@yyyy.de
1140 domain = yyyy.de
1140 original list of hosts = "<;192.168.1.215;" options =
1140 expanded list of hosts = "<;192.168.1.215;" options =
1140 set transport static_smtp
1140 finding IP address for 192.168.1.215
1140 calling host_find_byname
1140 queued for static_smtp transport: local_part = andreas
1140 domain = yyyy.de
1140 errors_to=NULL
1140 domain_data=NULL localpart_data=NULL
1140 routed by static_route_hostlist router
1140 envelope to: andreas@yyyy.de
1140 transport: static_smtp
1140 host 192.168.1.215 [192.168.1.215]
1140 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
1140 After routing:
1140 Local deliveries:
1140 Remote deliveries:
1140 andreas@yyyy.de
1140 Failed addresses:
1140 Deferred addresses:
1141 T: Static_smtp: for andreas@yyyy.de
1141 locking /sdisk/spool/output//db/retry.lockfile
1141 I can not find c7, Not attempting firewall relate
1141 LOG: MAIN
1141 [192.168.1.215] SSL verify error: certificate name mismatch: DN="/CN=yyyy.de" H="192.168.1.215"
2020-07-03 07:40:12.963 [1141] 0GYO6D-Coh74e-9k [192.168.1.215] SSL verify error: certificate name mismatch: DN="/CN=yyyy.de" H="192.168.1.215"
1141 locking /sdisk/spool/output//db/wait-static_smtp.lockfile
1140 LOG: MAIN
1140 => andreas@yyyy.de F=<ALindl@xxxx.de> P=<ALindl@xxxx.de> R=static_route_hostlist T=static_smtp S=105320 H=192.168.1.215 [192.168.1.215]:25 I=[192.168.1.1]:45574 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=yyyy.de" C="250 2.6.0 <AM0PR01MB6130CC2784DABFF0E47AB548A36A0@AM0PR01MB6130.eurprd01.prod.exchangelabs.com> [InternalId=59240483913731, Hostname=ALEX001.lindl.tld] 106605 bytes in 0.111, 933,061 KB/sec Queued mail for delivery" QT=6s DT=0.185s
2020-07-03 07:40:13.144 [1140] 0GYO6D-Coh74e-9k => andreas@yyyy.de F=<ALindl@xxxx.de> P=<ALindl@xxxx.de> R=static_route_hostlist T=static_smtp S=105320 H=192.168.1.215 [192.168.1.215]:25 I=[192.168.1.1]:45574 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=yyyy.de" C="250 2.6.0 <AM0PR01MB6130CC2784DABFF0E47AB548A36A0@AM0PR01MB6130.eurprd01.prod.exchangelabs.com> [InternalId=59240483913731, Hostname=ALEX001.lindl.tld] 106605 bytes in 0.111, 933,061 KB/sec Queued mail for delivery" QT=6s DT=0.185s
1140 LOG: MAIN
1140 Completed QT=6s
2020-07-03 07:40:13.144 [1140] 0GYO6D-Coh74e-9k Completed QT=6s

Hi,

there is already a profile with those suffix included. Why create a new one? Did you add the mime headers?

Ian

hi,

this was a test.

no mime headers, only suffix

only suffix not working

here is a another sample, with *.vcv

SFVH_VM01_SFOS 18.0.1 MR-1-Build396# tail -f /log/smtpd_main.log
25023 LOG: MAIN
25023 exim 4.91 daemon started: pid=25023, -q15s, not listening for SMTP
2020-07-03 11:14:01.810 [25023] exim 4.91 daemon started: pid=25023, -q15s, not listening for SMTP
25023 daemon running with uid=0 gid=0 euid=0 egid=0
25023 1 queue-runner process running
2020-07-03 11:14:01.816 [25024] exim 4.91 daemon started: pid=25024, no queue runs, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) port 24 (IPv6 and IPv4)
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
25023 1 queue-runner process running
2020-07-03 11:15:08.241 [25024] SMTP connection from [24.134.166.77]:58918 I=[192.168.2.2]:25 (TCP/IP connection count = 1)
2020-07-03 11:15:08.380 [25205] SMTP connection from vpn.bcsag.de (BCSWATCH01) [24.134.166.77]:58918 I=[192.168.2.2]:25 closed by QUIT
2020-07-03 11:15:08.380 [25205] no MAIL in SMTP connection from vpn.bcsag.de (BCSWATCH01) [24.134.166.77]:58918 I=[192.168.2.2]:25 D=0.138s C=EHLO,QUIT
25023 1 queue-runner process running
25023 1 queue-runner process running
2020-07-03 11:15:41.157 [25024] SMTP connection from [40.107.22.51]:6729 I=[192.168.2.2]:25 (TCP/IP connection count = 1)
2020-07-03 11:15:41.671 [25262] [40.107.22.51] F=<ALindl@bcsag.de> R=<andreas@lindl-net.de> DKIM: dkim_verfy
2020-07-03 11:15:41.671 [25262] [40.107.22.51] F=<ALindl@bcsag.de> R=<andreas@lindl-net.de> Accepted: upstream host
2020-07-03 11:15:41.768 [25262] 1jrHnJ-0006ZS-MR DKIM verificaton done successfully.
2020-07-03 11:15:41.768 [25262] 1jrHnJ-0006ZS-MR DKIM: d=BorderComputerC.onmicrosoft.com s=selector2-BorderComputerC-onmicrosoft-com c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
2020-07-03 11:15:41.770 [25262] 1jrHnJ-0006ZS-MR <= ALindl@bcsag.de H=mail-am6eur05on2051.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com) [40.107.22.51]:6729 I=[192.168.2.2]:25 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=52563 M8S=0 DKIM=BorderComputerC.onmicrosoft.com RT=0.071s id=AM0PR01MB6130273A2D7E71630E481035A36A0@AM0PR01MB6130.eurprd01.prod.exchangelabs.com T="Test 7" from <ALindl@bcsag.de> for andreas@lindl-net.de
MSG Jul 03 11:15:41 [ T_SMTPD-M]: new mail queued, add to inqueue '1jrHnJ-0006ZS-MR-D'
2020-07-03 11:15:41.798 [25262] SMTP connection from mail-am6eur05on2051.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com) [40.107.22.51]:6729 I=[192.168.2.2]:25 closed by QUIT
MSG Jul 03 11:15:41 [ T_SMTPD-W]: Mail assigned to 'MS-25010' for scanning '1jrHnJ-0006ZS-MR-D'
MSG Jul 03 11:15:41 [ MS-25010]: scan request 1jrHnJ-0006ZS-MR-D
MSG Jul 03 11:15:41 [ MS-25010]: S='ALindl@bcsag.de' R='andreas@lindl-net.de' Subject='Test 7' Size='52563' Status='Mail has been queued for delivery.' src_ip='40.107.22.51' src_port=6729 user_id=0 user_grp_id=0 fw_id=4 src_zone_id=2
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: spam scanning result: 'not spam'
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: Sophos Antivirus Scanned result: Clean (file number:0)
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: Avira Antivirus Scanned result: Clean (file number:0)
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: Sophos Antivirus Scanned result: Clean (file number:-1)
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: Avira Antivirus Scanned result: Clean (file number:-1)
CRT Jul 03 11:15:42 [ MS-25010]: missing filename in this MIME part or filter_by_extension!!!
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: [0x8ec3a300] FROM: ALindl@bcsag.de , TO: andreas@lindl-net.de
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: [0x8ec3a300](andreas@lindl-net.de)SF Policy Action: ACCEPT
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: move 'zqhP9v-velR7E-g1' to forwarder queue
MSG Jul 03 11:15:42 [1jrHnJ-0006ZS-MR]: zqhP9v-velR7E-g1 <= ALindl@bcsag.de R=1jrHnJ-0006ZS-MR
MSG Jul 03 11:15:42 [ MS-25010]: processing for 1jrHnJ-0006ZS-MR completed
MSG Jul 03 11:15:42 [ T_SMTPD-W]: [SMTPD] mail '1jrHnJ-0006ZS-MR-D' processed sucessfully
25023 1 queue-runner process running
25267 locking /sdisk/spool/output//db/retry.lockfile
25267 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
25267 Considering: andreas@lindl-net.de
25267 unique = andreas@lindl-net.de
25267 andreas@lindl-net.de: queued for routing
25267 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
25267 routing andreas@lindl-net.de
25267 --------> router_for_notifications router <--------
25267 local_part=andreas domain=lindl-net.de
25267 checking "condition" "${if and{{bool_lax{0}}{bool_lax{${if eq{$acl_c1}{1}{1}{0}}}}}}"...
25267 router_for_notifications router skipped: condition failure
25267 --------> batv_redirect router <--------
25267 local_part=andreas domain=lindl-net.de
25267 checking domains
25267 calling batv_redirect router
25267 expanded:
25267 file is not a filter file
25267 parse_forward_list:
25267 batv_redirect router declined for andreas@lindl-net.de
25267 --------> static_route_hostlist_for_email router <--------
25267 local_part=andreas domain=lindl-net.de
25267 checking "condition" "${if match_address{$local_part@$domain}{+hostlist_route_emails}{1}{0}}"...
25267 calling static_route_hostlist_for_email router
25267 static_route_hostlist_for_email router called for andreas@lindl-net.de
25267 domain = lindl-net.de
25267 static_route_hostlist_for_email router declined for andreas@lindl-net.de
25267 --------> static_route_hostlist router <--------
25267 local_part=andreas domain=lindl-net.de
25267 checking domains
25267 calling static_route_hostlist router
25267 static_route_hostlist router called for andreas@lindl-net.de
25267 domain = lindl-net.de
25267 original list of hosts = "<;192.168.1.215;" options =
25267 expanded list of hosts = "<;192.168.1.215;" options =
25267 set transport static_smtp
25267 finding IP address for 192.168.1.215
25267 calling host_find_byname
25267 queued for static_smtp transport: local_part = andreas
25267 domain = lindl-net.de
25267 errors_to=NULL
25267 domain_data=NULL localpart_data=NULL
25267 routed by static_route_hostlist router
25267 envelope to: andreas@lindl-net.de
25267 transport: static_smtp
25267 host 192.168.1.215 [192.168.1.215]
25267 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
25267 After routing:
25267 Local deliveries:
25267 Remote deliveries:
25267 andreas@lindl-net.de
25267 Failed addresses:
25267 Deferred addresses:
25268 T: Static_smtp: for andreas@lindl-net.de
25268 locking /sdisk/spool/output//db/retry.lockfile
25268 I can not find c7, Not attempting firewall relate
25268 LOG: MAIN
25268 [192.168.1.215] SSL verify error: certificate name mismatch: DN="/CN=lindl-net.de" H="192.168.1.215"
2020-07-03 11:15:46.830 [25268] zqhP9v-velR7E-g1 [192.168.1.215] SSL verify error: certificate name mismatch: DN="/CN=lindl-net.de" H="192.168.1.215"
25268 locking /sdisk/spool/output//db/wait-static_smtp.lockfile
25267 LOG: MAIN
25267 => andreas@lindl-net.de F=<ALindl@bcsag.de> P=<ALindl@bcsag.de> R=static_route_hostlist T=static_smtp S=53608 H=192.168.1.215 [192.168.1.215]:25 I=[192.168.1.1]:54392 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=lindl-net.de" C="250 2.6.0 <AM0PR01MB6130273A2D7E71630E481035A36A0@AM0PR01MB6130.eurprd01.prod.exchangelabs.com> [InternalId=59257663782916, Hostname=ALEX001.lindl.tld] 54892 bytes in 0.114, 467,799 KB/sec Queued mail for delivery" QT=6s DT=0.188s
2020-07-03 11:15:47.011 [25267] zqhP9v-velR7E-g1 => andreas@lindl-net.de F=<ALindl@bcsag.de> P=<ALindl@bcsag.de> R=static_route_hostlist T=static_smtp S=53608 H=192.168.1.215 [192.168.1.215]:25 I=[192.168.1.1]:54392 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no DN="/CN=lindl-net.de" C="250 2.6.0 <AM0PR01MB6130273A2D7E71630E481035A36A0@AM0PR01MB6130.eurprd01.prod.exchangelabs.com> [InternalId=59257663782916, Hostname=ALEX001.lindl.tld] 54892 bytes in 0.114, 467,799 KB/sec Queued mail for delivery" QT=6s DT=0.188s
25267 LOG: MAIN
25267 Completed QT=6s
2020-07-03 11:15:47.011 [25267] zqhP9v-velR7E-g1 Completed QT=6s
^C

can anyone help?

Hi,

I setup a mail policy similar to your requirements and it blocked the outgoing docx file except I am using standard mode mail proxy

The blocked file message

MIME-Filter has removed this attachment
Filtered by file name extension: SAC AGM 2015-16.docx

Ian

Tried using MTA and my ISPs do not mail relay for home users, so failed.

and incoming Mails ?

what XG version do you have?

Hi,

I am running XG V18.0.1 MR-1 build 396.

Incoming mail neither imap or pop, I cannot see a way of adding scanning for unwanted items in those messages other than spam or virus, which would appear to be a major defect.

I know it did work in the past because I had trouble with XG blocking small exe files, which is now not issue because the software builder has a web site download.

Ian

Hi,

I tried adding a block to the mail scanning firewall rule and found that doesn't work, now not sure about the mail firewall configuration. Something to experiment with later when the internet is not being used by my my wife.

Ian