First, these new patches include a new Zimbra package, "zimbra-mta-patch" which must be installed manually on all MTA nodes as it is an entirely new package. If you just run " apt-get update && apt-get dist-upgrade" you won't get this new MTA patch.
Second, this new MTA patch is to fix the problem with files having blocked extensions getting through because the filenames have spaces at the end. I downloaded the deb package, unpacked it and as I suspected it contains a replacement /opt/zimbra/conf/amavisd.conf.in file with a modified regex like so (the patch file is listed first):
Code: Select all
< %%uncomment VAR:zimbraMtaBlockedExtension%%qr{.\.(?:%%list VAR:zimbraMtaBlockedExtension |%%)\s*$}i,
---
> %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list VAR:zimbraMtaBlockedExtension |%%)$'i,
Here's the process I used after running "apt-get update":
Code: Select all
root@my:~# mkdir mta-patch
root@my:~# cd mta-patch/
root@my:~/mta-patch# apt-get download zimbra-mta-patch
Get:1 https://repo.zimbra.com/apt/8810 xenial/zimbra amd64 zimbra-mta-patch amd64 8.8.10.1551265076.p7-1.u16 [15.9 kB]
Fetched 15.9 kB in 0s (67.3 kB/s)
W: Can't drop privileges for downloading as file '/root/zimbra-mta-patch_8.8.10.1551265076.p7-1.u16_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
root@my:~/mta-patch# ar -x zimbra-mta-patch_8.8.10.1551265076.p7-1.u16_amd64.deb
root@my:~/mta-patch# cd ~/mta-patch/opt/zimbra/lib/patches/mta
root@my:~/mta-patch/opt/zimbra/lib/patches/mta# ls
amavisd.conf.in
root@my:~/mta-patch/opt/zimbra/lib/patches/mta# diff amavisd.conf.in /opt/zimbra/conf/amavisd.conf.in
150c150,152
< $sa_mail_body_size_limit = 512*1024; # don't waste time on SA if mail is larger
---
> # $sa_mail_body_size_limit = 512*1024; # don't waste time on SA if mail is larger
> $sa_mail_body_size_limit = 768*1024; # don't waste time on SA if mail is larger
270c272
< %%uncomment VAR:zimbraMtaBlockedExtension%%qr{.\.(?:%%list VAR:zimbraMtaBlockedExtension |%%)\s*$}i,
---
> %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list VAR:zimbraMtaBlockedExtension |%%)$'i,
372a375
> (our custom whitelist and blacklist entries)
root@my:~/mta-patch/opt/zimbra/lib/patches/mta#
Mark