policy violation found in sent message

[dietcheese]

Does anyone know what the message:

policy-violation_found_in_sent_message_

Means exactly?

Spamassassin is filtering out valid local mail, I believe it has something to do with bad or strange mail headers (which are actually there on purpose, used to import information into Goldmine)

Mar 21 11:38:28 109839-app1 qmail-scanner[15395]: Clear:RC:1(127.0.0.1): 0 1100 root@109839-app1.domain.com <> policy-violation_found_in_sent_message_"{$GM-WebImport$}" 109839-app1.domain.com117449150876315395-root@109839-app1.domainquarantine-event.txt:1000
Mar 21 11:38:28 109839-app1 qmail-scanner[15395]: Clear:RC:1(127.0.0.1): 0 1100 root@109839-app1.domain.com <> policy-violation_found_in_sent_message_"{$GM-WebImport$}" 109839-app1.domain.com117449150876315395-root@109839-app1.domain.com quarantine-event.txt:1000
Mar 21 11:38:28 109839-app1 qmail-scanner[15395]: Policy:Bad_MIME:RC:1(127.0.0.1): 0.295026 1066 testfrom@test.com goldmine@foobar.com {$GM-WebImport$} <20070321153828.15390.qmail@109839-app1.domain.com> 1174491508.15401-0.109839-app1.domain.com:684

Thanks
DC

[dietcheese]

This is a real problem for me. I have whitelisted the sending domain and of course the local IP is whitelisted and still these emails are getting filtered out.

Anyone have any ideas? Is there a way to ignore certain headers?

Thanks,
DC

[dietcheese]

I get the policy violation errors even when SA is off. Is this part of qmail-scanner or qmail itself???

[dietcheese]

The only way I was able to fix this was by setting the qmail-scanner option:

FIX_MIME="no"

Maybe that'll help someone...

DC

[scott]

This could be language related, are those messages in straight ASCII (english) or some other language involving MIME encodings?

[dietcheese]

Here is how I format the headers and body (not sure if this helps you) .

I'm assuming qmail-scanner is choking on the "Content-Type: application/x-gm-impdata", but it's needed in this casee. Maybe there is a way of adding this to a list of valid headers?

Mail created in PHP:
-----------------------

$header = "From: ". $firstname . " " . $lastname ." <".$email.">\r\n";
$header .= "Reply-To: Agent Registration <register@foobar.com>\r\n";
$header .= "Content-Type: application/x-gm-impdata\r\n";
$header .= "Return-Path: " . $email . "\r\n";

mail($to, $sub, $message, $header);


Header
--------
Return-Path: <jwelby@asdf.net>
Delivered-To: 124-clabd@asdf.com
Received: (qmail 7209 invoked by uid 10066); 22 Mar 2007 12:39:52 -0400
Received: from 127.0.0.1 by 109839-app1.foobar.com (envelope-from <jwelby@asdf.net>, uid 48) with qmail-scanner-2.01st
(clamdscan: 0.88.7/2899. spamassassin: 3.1.7. perlscan: 2.01st.
Clear:RC:1(127.0.0.1):.
Processed in 0.021399 secs); 22 Mar 2007 16:39:52 -0000
Date: 22 Mar 2007 12:39:52 -0400
Message-ID: <20070322163952.7198.qmail@109839-app1.foobar.com>
To: blah@blah.tv

Subject: {$GM-WebImport$}
From: Jim Welby <jwelby@asdf.net>
Reply-To: Agent Registration <register@uauaua.com>
Content-Type: application/x-gm-impdata


Body
------
[Instructions]

[Data]

[ContSupp]
cs1_RecType=P
cs1_ACCOUNTNO=A5012849154&N)ZAf32
cs1_ContSupRef=John Smith
cs1_DEAR=
cs1_EXT=Female
cs1_LINKACCT=TX
cs1_ZIP=19770619
cs1_COUNTRY=none
cs1_MERGECODES=02d3d2e

[scott]

You'd want to talk to the q-s folks about it, but I'll bet that you're creating a non-rfc compliant mime header. Keep in mind that when you do that, its not just qmail-scanner thats going to cause it to be rejected, but also all the other MTA's on the internet that also check for that kind of compliance. Obviously if its only ever going to localhost, then thats not really an issue.

[dietcheese]

Multipurpose Internet Mail Extensions June 1992
different communities using "Content-Type:
application/foobar" to mean two different things. The
process of defining new content-subtypes, then, is not
intended to be a mechanism for imposing restrictions, but
simply a mechanism for publicizing the usages. There are,
therefore, two acceptable mechanisms for defining new
Content-Type subtypes:

1. Private values (starting with "X-") may be
defined bilaterally between two cooperating
agents without outside registration or
standardization.

[luribe]

The only way I was able to fix this was by setting the qmail-scanner option:

FIX_MIME="no"

Maybe that'll help someone...

DC

Where did you put that option? In /var/qmail/bin/qmail-scanner-queue.pl?

[scott]

Yep thats the RFC all right. Which is exactly what I'm talking about, I just ran the following test script successfully through qmail-scanner with FIX_BAD_MIME set to 2. This is through a CentOS 4 box, with no CPAN modules mixed in:


$firstname="Scott";
$lastname="Shinn";
$email="scott@atomicrocketturtle.com";
$message="This is a test message";
$to="scott@shinn.net";
$sub="Test Message #1";

$header = "From: ". $firstname . " " . $lastname ." <".$email.">\r\n";
$header .= "Reply-To: Agent Registration <register@foobar.com>\r\n";
$header .= "Content-Type: application/x-gm-impdata\r\n";
$header .= "Return-Path: " . $email . "\r\n";

mail($to, $sub, $message, $header);

I ran the same message through a RH9 CPAN'd box, and it failed. So I removed the \r's from the code, and ran it again, this time successfully through both CentOS4 and the RH9 box:

$header = "From: ". $firstname . " " . $lastname ." <".$email."> \n";
$header .= "Reply-To: Agent Registration <register@foobar.com> \n";
$header .= "Content-Type: application/x-gm-impdata \n";
$header .= "Return-Path: " . $email;


Just to make sure, I ran the first script through a MS exchange 2003, and a Lotus Notes 5 server. In both cases, mimesweeper on MS exchange, and the mime check on Lotus Notes 5.5 rejected the message. The second script worked on these systems correctly.

[dietcheese]

Hrm, I always used "\r\n" as an EOL for mail headers in PHP.

The "Content-Type: application/x-gm-impdata" is unusual but meets RFC requirements, right?

What's the disadvantage of leaving FIX_MIME="no" ?

Thanks for looking into this. You do great work

DC

[scott]

Its mainly good at blocking spam/virii from badly written MTA's, like zombie'd windows boxes, or cgi-bin perl mailers. The 2 setting is the less restrictive of the checks.

[coolemail]

Can anyone help. We are having the same problem with X-Mailer emails not being sent from the server. Maillog shows:

Oct 13 08:59:43 plesk2 qmail-scanner[3452]: Clear:RC:1(127.0.0.1): 0 1100 root@plesk2.mydomain.co.uk <> policy-violation_found_in_sent_message_"test_message" plesk2.mydomain.co.uk12869567827903452-root@plesk2.mydomain.co.uk quarantine-event.txt:1000
Oct 13 08:59:43 plesk2 qmail-scanner[3452]: Clear:RC:1(127.0.0.1): 0 1100 root@plesk2.mydomain.co.uk <> policy-violation_found_in_sent_message_"test_message" plesk2.mydomain.co.uk12869567837903452-root@plesk2.mydomain.co.uk quarantine-event.txt:1000
Oct 13 08:59:43 plesk2 qmail-scanner[3452]: Policy:Bad_MIME:RC:1(127.0.0.1): 0.22149 342 root@plesk2.mydomain.co.uk external-email@hotmail.com test_message <20101013075942.3451.qmail@plesk2.mydomain.co.uk> 1286956782.3454-0.plesk2.mydomain.co.uk:5 orig-plesk2.mydomain.co.uk12869567827903452:342

and I think my qmail-scanner config is set to FIX_MIME="2" as Scott said, so I have put all of the incidents of FIX below. Can someone tell me how to make these emails go through?

[plesk2.expat-email.co.uk ~]# grep FIX -R /usr/share/qmail-scanner
/usr/share/qmail-scanner/qmail-scanner-reconfigure.psa: --fix-mime $FIX_MIME \
/usr/share/qmail-scanner/qmail-scanner-queue.template:my $BAD_MIME_CHECKS='FIX_MIME';
/usr/share/qmail-scanner/qmail-scanner-reconfigure.project-gamera: --fix-mime $FIX_MIME \
/usr/share/qmail-scanner/contrib/check_AV_daemons: SUFFIX => '.com');
/usr/share/qmail-scanner/configure:FIX_MIME="2"
/usr/share/qmail-scanner/configure: --fix-mime) if [ "$2" != "" -a "`echo $2|grep '\-'`" = "" ] ; then shift ; if [ "`echo $1|egrep -i '^0|^no'`" != "" ]; then FIX_MIME="0" ; fi ; if [ "`echo $1|egrep -i '^[1-9]+$'`" != "" ]; then FIX_MIME="$1" ; fi ; fi ;;
/usr/share/qmail-scanner/configure:CMDLINE="$CMDLINE --admin $USERNAME --domain $MAILDOMAIN --admin-description \"$ADMIN_DESCRIPTION\" --notify $NOTIFY_ADDRESSES --local-domains $LOCAL_DOMAINS_ARRAY --silent-viruses $SILENT_VIRUSES --virus-to-delete $VIRUS_DELETE --skip-text-msgs $SKIP_TEXT_MSGS --lang $QSLANG --debug $DEBUG_LEVEL --minidebug $MINI_DEBUG --add-dscr-hdrs $DESCRIPTIVE_HEADERS --dscr-hdrs-text \"$DESCR_HEADERS_TEXT\" --normalize $NORMALIZE_MSG --archive $ARCHIVEIT --settings-per-domain $SETTINGS_P_D --max-scan-size $MAX_SCAN_SIZE --unzip $FORCE_UNZIP --max-zip-size $MAX_ZIP_SIZE --max-unpacked-files $MAX_UNPACKED_FILES --redundant $REDUNDANT --log-details $LOG_DETAILS --log-crypto $LOG_CRYPTO --fix-mime $FIX_MIME --ignore-eol-check $DISABLE_EOL_CHECK"
/usr/share/qmail-scanner/configure:if [ "$FIX_MIME" != "" ]; then
/usr/share/qmail-scanner/configure: echo "fix-mime=$FIX_MIME"
/usr/share/qmail-scanner/configure:s?FIX_MIME?$FIX_MIME?g;
[plesk2.expat-email.co.uk ~]#

[faris]

Don't forget that you need to run the qmail-scanner-reconfigure script after changing fix_mime to 2.

Faris.

[coolemail]

we were already on fix-mime 2 so did not change anything. We did change it to 1 and that appears to have worked for us so far, but we then got a flood of Spam emails through so for now we have put it back to 2.