amavisd-new woes

From: David White 
In case anyone was interested, I found the solution:

The "blocked anywhere" directive included this line:
qr'^\.(exe|lha|cab|tnef|dll)$'. I reexamined the logs, bounce messages, and
the info I pasted into this question, and saw a consistent theme: they all
contained something with a .tnef extension. I researched it, and it turns
out its coming from Microsoft Outlook, and was considered a potential
security vulnerability. I'm researching now how "unsafe" it would be for me
to turn it off, but in the mean time, I have done so.

- Me, about a week ago (on

Thus far, my (limited) research indicates that this was a security
vulnerability in older versions of Outlook, but that Microsoft released a
patch and fixed this a long time ago. I suppose it makes sense to still
block them by default.... but for now, I'm not blocking tnef files unless I
read a really good reason not to in the future.

Ok, I need to get back to getting ready to go out of town.... lots to do,
little time to do it in (headed out soon for a week+).

On Thu, Sep 6, 2012 at 6:34 PM, David White  wrote:

> I occasionally have a client who tries to email me and says his email gets
> blocked by my server. When I check the logs, I see this:
> *Sep  6 18:12:52 myers amavis[15197]: (15197-08) p.path BANNED:1
> "P=p003,L=1,M=multipart/mixed |
> P=p002,L=1/2,M=application/ms-tnef,T=tnef,N=winmail.dat |
> P=p004,L=1/2/1,T=image,T=gif,N=image001.gif,N=image001.gif",
> matching