policy violation found in sent message

dietcheese · **Joined:** Wed Jan 24, 2007 10:07 pm **Posts:** 59

Does anyone know what the message:

policy-violation_found_in_sent_message_

Means exactly?

Spamassassin is filtering out valid local mail, I believe it has something to do with bad or strange mail headers (which are actually there on purpose, used to import information into Goldmine)

Mar 21 11:38:28 109839-app1 qmail-scanner[15395]: Clear:RC:1(127.0.0.1): 0 1100 root@109839-app1.domain.com <> policy-violation_found_in_sent_message_"{$GM-WebImport$}" 109839-app1.domain.com11744915087631539 ... -event.txt:1000
Mar 21 11:38:28 109839-app1 qmail-scanner[15395]: Clear:RC:1(127.0.0.1): 0 1100 root@109839-app1.domain.com <> policy-violation_found_in_sent_message_"{$GM-WebImport$}" 109839-app1.domain.com11744915087631539 ... domain.com quarantine-event.txt:1000
Mar 21 11:38:28 109839-app1 qmail-scanner[15395]: Policy:Bad_MIME:RC:1(127.0.0.1): 0.295026 1066 testfrom@test.com goldmine@foobar.com {$GM-WebImport$} <20070321153828.15390.qmail@109839-app1.domain.com> 1174491508.15401-0.109839-app1.domain.com:684

Thanks
DC

dietcheese · **Joined:** Wed Jan 24, 2007 10:07 pm **Posts:** 59

This is a real problem for me. I have whitelisted the sending domain and of course the local IP is whitelisted and still these emails are getting filtered out.

Anyone have any ideas? Is there a way to ignore certain headers?

Thanks,
DC

dietcheese · **Joined:** Wed Jan 24, 2007 10:07 pm **Posts:** 59

I get the policy violation errors even when SA is off. Is this part of qmail-scanner or qmail itself???

dietcheese · **Joined:** Wed Jan 24, 2007 10:07 pm **Posts:** 59

The only way I was able to fix this was by setting the qmail-scanner option:

FIX_MIME="no"

Maybe that'll help someone...

DC

scott · **Posted:** Wed Mar 21, 2007 1:11 pm

This could be language related, are those messages in straight ASCII (english) or some other language involving MIME encodings?

dietcheese · **Joined:** Wed Jan 24, 2007 10:07 pm **Posts:** 59

Here is how I format the headers and body (not sure if this helps you) .

I'm assuming qmail-scanner is choking on the "Content-Type: application/x-gm-impdata", but it's needed in this casee. Maybe there is a way of adding this to a list of valid headers?

Mail created in PHP:
-----------------------

$header = "From: ". $firstname . " " . $lastname ." <".$email.">\r\n";
$header .= "Reply-To: Agent Registration <register@foobar.com>\r\n";
$header .= "Content-Type: application/x-gm-impdata\r\n";
$header .= "Return-Path: " . $email . "\r\n";

mail($to, $sub, $message, $header);

Header
--------
Return-Path: <jwelby@asdf.net>
Delivered-To: 124-clabd@asdf.com
Received: (qmail 7209 invoked by uid 10066); 22 Mar 2007 12:39:52 -0400
Received: from 127.0.0.1 by 109839-app1.foobar.com (envelope-from <jwelby@asdf.net>, uid 48) with qmail-scanner-2.01st
(clamdscan: 0.88.7/2899. spamassassin: 3.1.7. perlscan: 2.01st.
Clear:RC:1(127.0.0.1):.
Processed in 0.021399 secs); 22 Mar 2007 16:39:52 -0000
Date: 22 Mar 2007 12:39:52 -0400
Message-ID: <20070322163952.7198.qmail@109839-app1.foobar.com>
To: blah@blah.tv

Subject: {$GM-WebImport$}
From: Jim Welby <jwelby@asdf.net>
Reply-To: Agent Registration <register@uauaua.com>
Content-Type: application/x-gm-impdata

Body
------
[Instructions]

[Data]

[ContSupp]
cs1_RecType=P
cs1_ACCOUNTNO=A5012849154&N)ZAf32
cs1_ContSupRef=John Smith
cs1_DEAR=
cs1_EXT=Female
cs1_LINKACCT=TX
cs1_ZIP=19770619
cs1_COUNTRY=none
cs1_MERGECODES=02d3d2e

scott · **Posted:** Fri Mar 23, 2007 3:21 pm

You'd want to talk to the q-s folks about it, but I'll bet that you're creating a non-rfc compliant mime header. Keep in mind that when you do that, its not just qmail-scanner thats going to cause it to be rejected, but also all the other MTA's on the internet that also check for that kind of compliance. Obviously if its only ever going to localhost, then thats not really an issue.

dietcheese · **Joined:** Wed Jan 24, 2007 10:07 pm **Posts:** 59

Multipurpose Internet Mail Extensions June 1992
different communities using "Content-Type:
application/foobar" to mean two different things. The
process of defining new content-subtypes, then, is not
intended to be a mechanism for imposing restrictions, but
simply a mechanism for publicizing the usages. There are,
therefore, two acceptable mechanisms for defining new
Content-Type subtypes:

1. Private values (starting with "X-") may be
defined bilaterally between two cooperating
agents without outside registration or
standardization.

luribe · **Joined:** Thu Dec 28, 2006 9:07 pm **Posts:** 10

dietcheese wrote:

The only way I was able to fix this was by setting the qmail-scanner option:

FIX_MIME="no"

Maybe that'll help someone...

DC

Where did you put that option? In /var/qmail/bin/qmail-scanner-queue.pl?

scott · **Posted:** Sat Mar 24, 2007 1:59 pm

Yep thats the RFC all right. Which is exactly what I'm talking about, I just ran the following test script successfully through qmail-scanner with FIX_BAD_MIME set to 2. This is through a CentOS 4 box, with no CPAN modules mixed in:

$firstname="Scott";
$lastname="Shinn";
$email="scott@atomicrocketturtle.com";
$message="This is a test message";
$to="scott@shinn.net";
$sub="Test Message #1";

$header = "From: ". $firstname . " " . $lastname ." <".$email.">\r\n";
$header .= "Reply-To: Agent Registration <register@foobar.com>\r\n";
$header .= "Content-Type: application/x-gm-impdata\r\n";
$header .= "Return-Path: " . $email . "\r\n";

mail($to, $sub, $message, $header);

I ran the same message through a RH9 CPAN'd box, and it failed. So I removed the \r's from the code, and ran it again, this time successfully through both CentOS4 and the RH9 box:

$header = "From: ". $firstname . " " . $lastname ." <".$email."> \n";
$header .= "Reply-To: Agent Registration <register@foobar.com> \n";
$header .= "Content-Type: application/x-gm-impdata \n";
$header .= "Return-Path: " . $email;

Just to make sure, I ran the first script through a MS exchange 2003, and a Lotus Notes 5 server. In both cases, mimesweeper on MS exchange, and the mime check on Lotus Notes 5.5 rejected the message. The second script worked on these systems correctly.

dietcheese · **Joined:** Wed Jan 24, 2007 10:07 pm **Posts:** 59

Hrm, I always used "\r\n" as an EOL for mail headers in PHP.

The "Content-Type: application/x-gm-impdata" is unusual but meets RFC requirements, right?

What's the disadvantage of leaving FIX_MIME="no" ?

Thanks for looking into this. You do great work

DC

scott · **Posted:** Wed Mar 28, 2007 8:06 am

Its mainly good at blocking spam/virii from badly written MTA's, like zombie'd windows boxes, or cgi-bin perl mailers. The 2 setting is the less restrictive of the checks.

coolemail · **Posted:** Wed Oct 13, 2010 4:23 am

Can anyone help. We are having the same problem with X-Mailer emails not being sent from the server. Maillog shows:

Quote:

Oct 13 08:59:43 plesk2 qmail-scanner[3452]: Clear:RC:1(127.0.0.1): 0 1100 root@plesk2.mydomain.co.uk <> policy-violation_found_in_sent_message_"test_message" plesk2.mydomain.co.uk12869567827903452- ... main.co.uk quarantine-event.txt:1000
Oct 13 08:59:43 plesk2 qmail-scanner[3452]: Clear:RC:1(127.0.0.1): 0 1100 root@plesk2.mydomain.co.uk <> policy-violation_found_in_sent_message_"test_message" plesk2.mydomain.co.uk12869567837903452- ... main.co.uk quarantine-event.txt:1000
Oct 13 08:59:43 plesk2 qmail-scanner[3452]: Policy:Bad_MIME:RC:1(127.0.0.1): 0.22149 342 root@plesk2.mydomain.co.uk external-email@hotmail.com test_message <20101013075942.3451.qmail@plesk2.mydomain.co.uk> 1286956782.3454-0.plesk2.mydomain.co.uk:5 orig-plesk2.mydomain.co.uk12869567827903452:342

and I think my qmail-scanner config is set to FIX_MIME="2" as Scott said, so I have put all of the incidents of FIX below. Can someone tell me how to make these emails go through?

Quote:

[plesk2.expat-email.co.uk ~]# grep FIX -R /usr/share/qmail-scanner
/usr/share/qmail-scanner/qmail-scanner-reconfigure.psa: --fix-mime $FIX_MIME \
/usr/share/qmail-scanner/qmail-scanner-queue.template:my $BAD_MIME_CHECKS='FIX_MIME';
/usr/share/qmail-scanner/qmail-scanner-reconfigure.project-gamera: --fix-mime $FIX_MIME \
/usr/share/qmail-scanner/contrib/check_AV_daemons: SUFFIX => '.com');
/usr/share/qmail-scanner/configure:FIX_MIME="2"
/usr/share/qmail-scanner/configure: --fix-mime) if [ "$2" != "" -a "`echo $2|grep '\-'`" = "" ] ; then shift ; if [ "`echo $1|egrep -i '^0|^no'`" != "" ]; then FIX_MIME="0" ; fi ; if [ "`echo $1|egrep -i '^[1-9]+$'`" != "" ]; then FIX_MIME="$1" ; fi ; fi ;;
/usr/share/qmail-scanner/configure:CMDLINE="$CMDLINE --admin $USERNAME --domain $MAILDOMAIN --admin-description \"$ADMIN_DESCRIPTION\" --notify $NOTIFY_ADDRESSES --local-domains $LOCAL_DOMAINS_ARRAY --silent-viruses $SILENT_VIRUSES --virus-to-delete $VIRUS_DELETE --skip-text-msgs $SKIP_TEXT_MSGS --lang $QSLANG --debug $DEBUG_LEVEL --minidebug $MINI_DEBUG --add-dscr-hdrs $DESCRIPTIVE_HEADERS --dscr-hdrs-text \"$DESCR_HEADERS_TEXT\" --normalize $NORMALIZE_MSG --archive $ARCHIVEIT --settings-per-domain $SETTINGS_P_D --max-scan-size $MAX_SCAN_SIZE --unzip $FORCE_UNZIP --max-zip-size $MAX_ZIP_SIZE --max-unpacked-files $MAX_UNPACKED_FILES --redundant $REDUNDANT --log-details $LOG_DETAILS --log-crypto $LOG_CRYPTO --fix-mime $FIX_MIME --ignore-eol-check $DISABLE_EOL_CHECK"
/usr/share/qmail-scanner/configure:if [ "$FIX_MIME" != "" ]; then
/usr/share/qmail-scanner/configure: echo "fix-mime=$FIX_MIME"
/usr/share/qmail-scanner/configure:s?FIX_MIME?$FIX_MIME?g;
[plesk2.expat-email.co.uk ~]#

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1843

Don't forget that you need to run the qmail-scanner-reconfigure script after changing fix_mime to 2.

Faris.

coolemail · **Posted:** Wed Oct 13, 2010 4:51 pm

we were already on fix-mime 2 so did not change anything. We did change it to 1 and that appears to have worked for us so far, but we then got a flood of Spam emails through so for now we have put it back to 2.

policy violation found in sent message

Who is online