The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mail rejected when contains the text "com?"

Discussion in 'E-mail Discussions' started by erinspice, May 9, 2007.

  1. erinspice

    erinspice Well-Known Member

    Joined:
    Feb 12, 2006
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16
    I'm having a problem on one of my servers where any email containing the string "com" is rejected and the sender is sent an error message about their email containing an executable attachment, even when the email contains no attachment at all. About half of the emails to that server are being rejected. Is there something I can turn off or a filter I can disable or something else I can do to stop this behavior?
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    It is /etc/antivirus.exim
    Might be corrupted. Run thess commands:
    /scripts/reseteximtodefaults
    /scripts/eximup --force
    and the system will reset /etc/antivirus.exim file back to default
    If you are using clamAV, double check its conf file: /etc/clamd.conf
     
    #2 AndyReed, May 9, 2007
    Last edited: May 9, 2007
  3. erinspice

    erinspice Well-Known Member

    Joined:
    Feb 12, 2006
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16
    Thanks, I'll try that!
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Not a good idea at all:

    /scripts/reseteximtodefaults was deprecated some years ago and you should not use it.

    If you want to restore your exim configuration back to the defaults use:

    mv /etc/exim.conf.local /etc/exim.conf.local.old
    /scripts/eximup --force


    That said, there's no need to reset the exim configuration at all just for /etc/antivirus.exim, just remove the file and then run:

    /scripts/eximup --force

    Note that /etc/antivirus.exim is deprecated in v11 of cPanel which now uses /etc/cpanel_exim_system_filter

    Having said all that. You should not start out by resetting configuration files and potentially wiping out useful configuration changes. Instead, just watch /var/log/exim_mainlog when such an email comes in and look for messages that might indicate where the problem is occuring and then work from there.
     
  5. erinspice

    erinspice Well-Known Member

    Joined:
    Feb 12, 2006
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16
    Neither of those solutions worked. When I renamed antivirus.exim, it was regenerated by exim. This showed up in the log:

    I changed each error msg in antivirus.exim to see which part of it is catching these emails, and it looks like this code is the culprit:

    Code:
    # same again using unquoted filename [body_unquoted_fn_match]
    if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
    then
      fail text "This message has been rejected (4) because it has\n\
                 a potentially executable attachment $1\n\
                 This form of attachment has been used by\n\
                 recent viruses or other malware.\n\
                 If you meant to send this file then please\n\
                 package it up as a zip file and resend it."
      seen finish
    endif
    I guess I could just comment this section out, but I'd rather correct it so that it catches emails that really do have viruses and let's through those that don't. Anybody know how to do that?
     
  6. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Go into whm => Service Config => Exim Config Editor => uncheck the attachments system filter option.
     
Loading...

Share This Page