Rob Sterenborg (Lists)
lists at sterenborg.info
Tue Aug 28 23:10:43 CEST 2018
On 28/08/18 19:05, Dominic Raferd wrote:
> Are you sure that the file you are trying to release is a valid email
> which specifies a recipient?
Well.. Amavisd put it there, so I sure hope so.
That said, I checked the email headers in the file and to me it looks
like a valid email. I see the following fields that I guess are important:
X-Envelope-From: <sndr at remotedomain.tld>
X-Envelope-To: <rcpt at ourdomain.tld>
X-Envelope-To-Blocked: <rcpt at ourdomain.tld>
Received: (a numebr of them)
From: <sndr at remotedomain.tld>
To: <rcpt at ourdomain.tld>
Date: Mon, 27 Aug 2018 11:06:14 +0200
There are others but I don't think they matter much for
releasing/sending the email. This all is followed by the actual mail
content, mime, etc.
> Did you try:
> # amavisd-release virus/virus-20180827T110127-45477-09 ziXFTUeDuvT7
> user at domain.tld
I did. But I tried again, just to be sure:
# amavisd-release virus/virus-20180827T110127-45477-09 ziXFTUeDuvT7
user at ddomain.tld
450 4.5.0 Failure: Secret_id ziXFTUeDuvT7 does not match mail_id
virus-20180827T110127-45477-09 at (eval 128) line 308, <GEN55> line 7.
> If this works it reveals a vulnerability in the 'secret-id' system
> used by amavisd-release, but it would enable you to move forward.
Yeah, it would. But (un)fortunately it doesn't work.
More information about the amavis-users