Whitelist of Deny Filename
Whitelist of Deny Filename
Hi all,
We have enabled Deny Filename = \.zip$ recently for safety reasons. How can we add few exceptions (or whitelist) in order to receive zip files from our customers?
Thanks.
We have enabled Deny Filename = \.zip$ recently for safety reasons. How can we add few exceptions (or whitelist) in order to receive zip files from our customers?
Thanks.
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Whitelist of Deny Filename
You can create a ruleset in MailScanner.
If you need help or an example, let me know.
If you need help or an example, let me know.
Re: Whitelist of Deny Filename
Thanks for reply, plesase kindly provide the syntax requirements and samples of ruleset.
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Whitelist of Deny Filename
1) Create new rule sets for the zip attachment
Example:
/etc/MailScanner/custom-deny-zips.conf
(items must be tab separated)
/etc/MailScanner/custom-allow-zips.conf
(items must be tab separated)
2) Create a new rule set for the domains to allow or deny
/etc/MailScanner/custom-ruleset-deny-filenames.conf
(items must be tab separated)
3) Add ruleset to MailScanner
Deny Filenames = %etc-dir%/custom-rulset-deny-filenames.conf
4) Restart MailScanner
Example:
/etc/MailScanner/custom-deny-zips.conf
Code: Select all
deny \.zip$ Deny Zips
/etc/MailScanner/custom-allow-zips.conf
Code: Select all
allow \.zip$ Allow Zips
2) Create a new rule set for the domains to allow or deny
/etc/MailScanner/custom-ruleset-deny-filenames.conf
Code: Select all
From: example.com %etc-dir%/custom-allow-zips.conf
From: default %etc-dir%/custom-deny-zips.conf
3) Add ruleset to MailScanner
Deny Filenames = %etc-dir%/custom-rulset-deny-filenames.conf
4) Restart MailScanner
Code: Select all
sudo service MailScanner restart
Re: Whitelist of Deny Filename
Thank you so much.
If we have multiple allowed domains / email addresses, should we put them in separate line as below?
If we have multiple allowed domains / email addresses, should we put them in separate line as below?
Code: Select all
From: example.com %etc-dir%/custom-allow-zips.conf
From: allow@allow.com %etc-dir%/custom-allow-zips.conf
From: default %etc-dir%/custom-deny-zips.conf
Re: Whitelist of Deny Filename
Wow. That's easier than the way I went about it.
I realise you probably have nothing better to do but some more how-tos like this would be so useful for those of us unfamiliar with the syntax for Mailscanner. Having said that, this one gives me some great hints on how to approach other tasks.
Thanks heaps Shawn.
I realise you probably have nothing better to do but some more how-tos like this would be so useful for those of us unfamiliar with the syntax for Mailscanner. Having said that, this one gives me some great hints on how to approach other tasks.
Thanks heaps Shawn.
Re: Whitelist of Deny Filename
I tried the configurations but all zip files passed the EFA afterward
Then, I changed /etc/MainScanner/Mailscanner.conf as below
with /etc/MainScanner/custom-deny-zips.conf
Items are separated by TAB, but all zip attachments still pass EFA.
Do you have any idea?
Then, I changed /etc/MainScanner/Mailscanner.conf as below
Code: Select all
Deny Filenames = %etc-dir%/custom-deny-zips.conf
Code: Select all
deny \.zip$ No Zips No Zips
Do you have any idea?
Re: Whitelist of Deny Filename
I used the above methodology successfully Tabootest. It is stating the bleeding obvious (which you sound like you are well beyond) but you did restart mailscanner after making the changes, didn't you?tabootest wrote:I tried the configurations but all zip files passed the EFA afterward
Then, I changed /etc/MainScanner/Mailscanner.conf as below
Re: Whitelist of Deny Filename
After made a change at config files, I restart the service by:
Code: Select all
sudo service MailScanner restart
Re: Whitelist of Deny Filename
Do all your edits pass a lint test okay?
Re: Whitelist of Deny Filename
Sorry, what is a lint test? how to recognize a lint test is ok?
Re: Whitelist of Deny Filename
if you go to "Tools/Links" you'll find the LINT tests for SpamAssassin and MailSacnner. They run basically through your configuration and ensure that there are no error essentially. They will display the output on the page that you can then go through and look for any errors and ensure your changes are valid.
I'm not sure why they're called a LINT test in here as LINT was a 'C' Program construct tester. I'm sure there's some logical reason, but I don't know it. Regardless, it is a good testing tool that has saved my bacon a few times with poorly written changes I have made, that it has found for me.
I'm not sure what "correct protocol" is, but i always do them after any changes to config.
I'm not sure why they're called a LINT test in here as LINT was a 'C' Program construct tester. I'm sure there's some logical reason, but I don't know it. Regardless, it is a good testing tool that has saved my bacon a few times with poorly written changes I have made, that it has found for me.
I'm not sure what "correct protocol" is, but i always do them after any changes to config.
Re: Whitelist of Deny Filename
Thanks.
Furthermore, how could I only block ZIP files whose size are smaller than 1MB while zipped files with size greater than 1MB are allowed.
Furthermore, how could I only block ZIP files whose size are smaller than 1MB while zipped files with size greater than 1MB are allowed.