Whitelist of Deny Filename

[tabootest]

Hi all,

We have enabled Deny Filename = \.zip$ recently for safety reasons. How can we add few exceptions (or whitelist) in order to receive zip files from our customers?
Thanks.

[shawniverson]

You can create a ruleset in MailScanner.

If you need help or an example, let me know.

[tabootest]

Thanks for reply, plesase kindly provide the syntax requirements and samples of ruleset.

[shawniverson]

1) Create new rule sets for the zip attachment

Example:

/etc/MailScanner/custom-deny-zips.conf

Code: Select all

deny    \.zip$          Deny Zips

(items must be tab separated)

/etc/MailScanner/custom-allow-zips.conf

Code: Select all

allow    \.zip$          Allow Zips

(items must be tab separated)

2) Create a new rule set for the domains to allow or deny

/etc/MailScanner/custom-ruleset-deny-filenames.conf

Code: Select all

From:      example.com      %etc-dir%/custom-allow-zips.conf
From:      default          %etc-dir%/custom-deny-zips.conf

(items must be tab separated)

3) Add ruleset to MailScanner

Deny Filenames = %etc-dir%/custom-rulset-deny-filenames.conf

4) Restart MailScanner

Code: Select all

sudo service MailScanner restart

[tabootest]

Thank you so much.
If we have multiple allowed domains / email addresses, should we put them in separate line as below?

Code: Select all

From:      example.com      %etc-dir%/custom-allow-zips.conf
From:	allow@allow.com	%etc-dir%/custom-allow-zips.conf
From:      default          %etc-dir%/custom-deny-zips.conf

[ramtech]

Wow. That's easier than the way I went about it.
I realise you probably have nothing better to do but some more how-tos like this would be so useful for those of us unfamiliar with the syntax for Mailscanner. Having said that, this one gives me some great hints on how to approach other tasks.
Thanks heaps Shawn.

[tabootest]

I tried the configurations but all zip files passed the EFA afterward
Then, I changed /etc/MainScanner/Mailscanner.conf as below

Code: Select all

Deny Filenames = %etc-dir%/custom-deny-zips.conf

with /etc/MainScanner/custom-deny-zips.conf

Code: Select all

deny	\.zip$	No Zips	No Zips

Items are separated by TAB, but all zip attachments still pass EFA.

Do you have any idea?

[ramtech]

I tried the configurations but all zip files passed the EFA afterward
Then, I changed /etc/MainScanner/Mailscanner.conf as below

I used the above methodology successfully Tabootest. It is stating the bleeding obvious (which you sound like you are well beyond) but you did restart mailscanner after making the changes, didn't you?

[tabootest]

After made a change at config files, I restart the service by:

Code: Select all

sudo service MailScanner restart

[ramtech]

Do all your edits pass a lint test okay?

[tabootest]

Sorry, what is a lint test? how to recognize a lint test is ok?

[ramtech]

if you go to "Tools/Links" you'll find the LINT tests for SpamAssassin and MailSacnner. They run basically through your configuration and ensure that there are no error essentially. They will display the output on the page that you can then go through and look for any errors and ensure your changes are valid.

I'm not sure why they're called a LINT test in here as LINT was a 'C' Program construct tester. I'm sure there's some logical reason, but I don't know it. Regardless, it is a good testing tool that has saved my bacon a few times with poorly written changes I have made, that it has found for me.

I'm not sure what "correct protocol" is, but i always do them after any changes to config.

[tabootest]

Thanks.
Furthermore, how could I only block ZIP files whose size are smaller than 1MB while zipped files with size greater than 1MB are allowed.