[clamav-users] clamav milter + sendmail, sendmail not reporting reject

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Feb 8 09:04:05 UTC 2022 

On 07.02.22 21:36, Marc wrote:
>Normally when a client connection is reject by my sendmail server, the
> client is notified of the Reject message and the client server is
> generating a NDR.  This is listed in my log as [1]

> however when I send a virus

what's the difference between "you" and a "client connection"?

> it looks like sendmail is not reporting the reject back to the
> client server.  How should I 'enable' this?
>[1]
>xxxxx sendmail[3880]: 217LNkNB003880: ruleset=check_rcpt, arg1=<xxxx.xxxxxxxx at xxxxx.xxx>, relay=hosting.unibit.bg [194.141.8.30], reject=550 5.7.1 < xxxx.xxxxxxxx at xxxxx.xxx>... Relaying denied
>
>[2]
>Feb  7 22:24:18 xxxxx clamav-milter[27526]: Message from <aaaa at aaaaa.aa> to <xxxx.xxxxxxxx at xxxxx.xxx> infected by Eicar-Signature
>Feb  7 22:24:18 xxxxx sendmail[27607]: 217LOGRO027607: Milter insert (1): header: X-Virus-Scanned: clamav-milter 0.103.5 at xxxxx
>Feb  7 22:24:18 xxxxx sendmail[27607]: 217LOGRO027607: Milter insert (1): header: X-Virus-Status: Infected (Eicar-Signature)
>Feb  7 22:24:18 xxxxx sendmail[27607]: 217LOGRO027607: Milter: data, reject=554 5.7.1 Command rejected
>Feb  7 22:24:18 xxxxx sendmail[27607]: 217LOGRO027607: to=<xxxx.xxxxxxxx at xxxxx.xxx>, delay=00:00:00, pri=31328, stat=Command rejected

this looks like your sendmail DID reject mail from client.

btw. I set up my server to give information about virus rejection:

clamav-milter.conf:
...
RejectMsg Clamav detected %v

Jan 31 03:45:56 fantomas sm-mta[2056]: 20V2jeaN002056: Milter: data, reject=550 5.7.1 Clamav detected Sanesecurity.Malware.21241.ZipHeur.UNOFFICIAL
Jan 31 03:45:56 fantomas sm-mta[2056]: 20V2jeaN002056: to=<uhlar at fantomas.sk>, delay=00:00:08, pri=616456, stat=Clamav detected Sanesecurity.Malware.21241.ZipHeur.UNOFFICIAL


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...

More information about the clamav-users mailing list