Directadmin – block zip attachments with ClamAV and Exim

A lot of viruses and malware is sent in emails with zip attachments. Sometimes your antivirus like ClamAV wont catch nasty email. This is a big problem when you receiving tons of this kind of messages. So if you’re receiving tons of nasty emails containing zip attachments with viruses in it, good way to solve this is by simply reject emails with zip attachments. This was done on Directadmin server with Custombuild 2.0. Even if you’re not using Directadmin, configuration for ClamAV should be very identical.

  • If you built Exim and Clamav with Custombuild 2.0, than you should see this line in your /etc/exim.conf. Uncomment if it’s not already. If you’re using Custombuild 1.2, then this should be changed in /etc/exim.conf directly – settings in step 2 bellow.
    .include_if_exists /etc/exim.clamav.conf
  • Open file /etc/exim.clamav.conf and find word demime within that file. Then simply add zip to it. It should look like this:
    #1.0
    deny message = This message contains malformed MIME ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}
    deny message = This message contains a virus or other harmful content ($malware_name)
    demime = *
    malware = *
    deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
    demime = bat:com:pif:prf:scr:vbs:zip
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

Now any email with zip attachment will be rejected. Sender will receive error message like this:

The error that the other server returned was: 
550 This message contains an attachment of a type which we do not accept (.zip)

Mass email migration with imapsync

You may want to migrate larger number of email accounts to another server. If there are even different types of mail servers, than imapsync is one of the best solutions for migration. With script below, you’ll be able to migrate multi accounts without repeating and running imapsync again and again.

Here is the script. Just create file, e.g. mail-migration.sh, and paste code below in it.

#!/bin/bash

# Source and destination mail server setting
SERVER1=post.literal.si
SERVER2=cp2.hosterdam.com

# Select appropriate auth mechanism.
#AUTHMECH1="--authmech1 LOGIN"
#AUTHMECH2="--authmech2 LOGIN"

# Uncomment if you want to start test/dryrun only. No emails will be transfered!
#TESTONLY="--dry"

# Path to imapsync
imapsync=/usr/bin/imapsync

# Users file
if [ -z "$1" ]
then
echo "No users text file given." 
exit
fi

if [ ! -f "$1" ]
then
echo "Given users text file \"$1\" does not exist" 
exit
fi

# start loop
{ while IFS=';' read  u1 p1 u2 p2; do
	$imapsync ${TESTONLY} ${AUTHMECH1} --host1 ${SERVER1} --user1 "$u1" --password1 "$p1" ${AUTHMECH2} --host2 ${SERVER2} --user2 "$u2" --password2 "$p2"
done ; } < $1

Don’t forget to chmod your script so that will be executable.

chmod +x mail-migration.sh

Now you’ll have to create a simple text file that will contain login informations for each email account that you want to transfer. Create text file, for example, mail-users.txt and add login informations like shown bellow. Login informations must be separated with ;. username1 is username on old server, username2 is username on new server.

username1@domain.com;password1;username2;password2
anotheruser1@domain.com;password1;anotheruser2@domain.com;password2
.
.
.

Finaly, lets transfer emails. Simply run your script like shown below. Use text file with login informations that you created. Imapsync will try to transfer all accounts that are in mail-users.txt.

root@myserver [~]# ./migrate-mail.sh mail-users.txt

Exim – delete specific emails from queue

Sometimes your exim mail queue can grow quite large. Especially when some website (WordPress!) is hacked and is sending tons of spam mail. Or when you end up with thousands of frozen mails. You probably don’t want to remove all emails from queue. That would mean legit emails too. You want to specify and delete only specific ones.

For sake of this demonstration we want to delete all emails that contains string domain.com

18h   60K 1b33Uz-000LkN-48 <info@domain.com> (someuser)
          info@somedomain.com

Just run command below and all mails with string match doman.com will be deleted from mail queue.

exim -bp |  grep "domain.com" | awk {'print $3'} | xargs exim -Mrm

Or for example, in case of frozen mails:

exim -bp |  grep froz | awk {'print $3'} | xargs exim -Mrm

© 2019 geegkytuts.net
Hosted by Hosterdam


About author