Releasing blocked files

Questions and answers about how to do stuff
Post Reply
elfranko
Posts: 19
Joined: 03 Sep 2018 08:03

Releasing blocked files

Post by elfranko »

Hi
I have created a blocked file rule in filenames.rules.conf

Code: Select all

deny	\.doc$		Stop Older Office Docs coming in							Older Office files in emails
deny	\.xls$		Stop Older Office Docs coming in							Older Office files in emails
deny	\.ppt$		Stop Older Office Docs coming in							Older Office files in emails
deny	\.pub$		Stop Older Office Docs coming in							Older Office files in emails
I want to stop the older files come in, as we are getting a lot of emails arriving that have a file attached. An example below:
The file is called inv-0OW073.doc with the text
Morning,



I would like to know if Invoice no. 0OW073 Dated 10.09.2018, is paid or not. if paid kindly inform me the date of payment and total amount you paid Copy of invoice is attached.



Sincerely,
------
Mica Purchase


Clearly spam, but the EFA is letting it through.( It does vary - it stops some, and then lets a few through. The above example came direct into my inbox)

So to prevent users opening it we want to quarantine the email, and release any legitimate mails. Yet we are finding they just plain don't release.
The documents are in the /var/spool/mailscanner/quarantine/DATE/EMAIL-ID and you can get them using WinSCP or something, but the release function doesnt work.


Does anyone have any thoughts as to why this is happening. Emails without attachments release OK.

Thanks in Advance

ElFranko
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Releasing blocked files

Post by shawniverson »

Do you have exceptions for localhost as described here?

https://docs.mailwatch.org/using/faq.html

Also, are you using the following in /var/www/html/mailscanner/conf.php to send content as an attachment? (required for attachments)...

Code: Select all

define('QUARANTINE_USE_SENDMAIL', false);
elfranko
Posts: 19
Joined: 03 Sep 2018 08:03

Re: Releasing blocked files

Post by elfranko »

Just to confirm, all the mailscanner settings were in and as described on the linked page.

I think this is the bit that fixed it:
Also, are you using the following in /var/www/html/mailscanner/conf.php to send content as an attachment? (required for attachments)...

Code: Select all

define('QUARANTINE_USE_SENDMAIL', false);
Because now they are getting stopped. and you can release them.

I did try to get clever with the regex in etc/mailscanner/filename.rules.conf
I used a page that helped me create a working regex:

Code: Select all

(inv-)|(.doc) 
which worked on here https://regexr.com/
for detecting inv-A123R.doc but in the EFA it stopped all files with the extension .doc.

And I couldn't fathom out why.

But Thanks for the other tip worked great.

elfranko
elfranko
Posts: 19
Joined: 03 Sep 2018 08:03

Re: Releasing blocked files

Post by elfranko »

This works, but I have hit on a small issue. it releases the message and forwards it as an attachment just called message. Is there any way I can force it to add .eml to the end of it so it can be opened in Outlook.

I have tried adding a couple of entries to the rules.conf

Code: Select all

rename to 	*		*.eml
or 
Vice versa
and also

Code: Select all

rename to 	message		message.eml
or
vice versa
Neither of which appeared to work.


Thanks in advance
Post Reply