Sorry if this has already been brought up and I missed it in my searches.
With the influx of word/excel based macro phishing and the pretense of users to click first and read later what I am trying to accomplish is.
Block all emails with attached word/excel docs with a NDR of "You email is blocked as you have not been authorized to send Office Documents to our users, please either PDF your attachment or send a request to techsupport@.... to be whitelisted" unless they are on the whitelist (or any list) which will let the email through.
Possible?
Block Attachments unless email Whitelisted
-
zthephoenixz
- Posts: 26
- Joined: 28 May 2015 01:55
Re: Block Attachments unless email Whitelisted
I have been playing with MailScanner.conf and setting up filename.rules which I can get to work the way I want, I just can't get Notify Senders to actually reply to the sender and email them anything let alone a custom report with my message.
-
zthephoenixz
- Posts: 26
- Joined: 28 May 2015 01:55
Re: Block Attachments unless email Whitelisted
Solved it after i released there was an issue with the EFA default MailScanner.conf. It has
#
# Notifications back to the senders of blocked messages
# -----------------------------------------------------
#
# Do you want to notify the people who sent you messages containing
# viruses or badly-named filenames?
# This can also be the filename of a ruleset.
Notify Senders = no
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing viruses?
# The default value has been changed to "no" as most viruses now fake
# sender addresses and therefore should be on the "Silent Viruses" list.
# This can also be the filename of a ruleset.
Notify Senders = no
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing attachments that are blocked due to
# their filename or file contents?
# This can also be the filename of a ruleset.
Notify Senders = no
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing attachments that are blocked due to
# being too small or too large?
# This can also be the filename of a ruleset.
Notify Senders = no
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing other blocked content, such as
# partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders = no
.......................
You can't just change "Notify Senders" to yes for a section as the last one if you leave it as "Notify Senders = no" then it is no for everything, I wanted filename & filetype replies to senders so I had to add lookup the setting and add manually
Notify Senders Of Blocked Filenames Or Filetypes = yes
and then comment out all the "Notify Senders = no" to get it to work, I got caught in a noob trap.
#
# Notifications back to the senders of blocked messages
# -----------------------------------------------------
#
# Do you want to notify the people who sent you messages containing
# viruses or badly-named filenames?
# This can also be the filename of a ruleset.
Notify Senders = no
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing viruses?
# The default value has been changed to "no" as most viruses now fake
# sender addresses and therefore should be on the "Silent Viruses" list.
# This can also be the filename of a ruleset.
Notify Senders = no
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing attachments that are blocked due to
# their filename or file contents?
# This can also be the filename of a ruleset.
Notify Senders = no
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing attachments that are blocked due to
# being too small or too large?
# This can also be the filename of a ruleset.
Notify Senders = no
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing other blocked content, such as
# partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders = no
.......................
You can't just change "Notify Senders" to yes for a section as the last one if you leave it as "Notify Senders = no" then it is no for everything, I wanted filename & filetype replies to senders so I had to add lookup the setting and add manually
Notify Senders Of Blocked Filenames Or Filetypes = yes
and then comment out all the "Notify Senders = no" to get it to work, I got caught in a noob trap.
-
shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Block Attachments unless email Whitelisted
This is actually a bug...
https://github.com/E-F-A/v3/issues/203
In your case I recommend applying the fix by changing each of these back to what they should be as described in the issue.
https://github.com/E-F-A/v3/issues/203
In your case I recommend applying the fix by changing each of these back to what they should be as described in the issue.