Page 1 of 1

Send notification to admin that an incoming attachememt was blocked

Posted: 23 Apr 2020 15:59
by kidtriton
Is there a way to have an email alert go to admin when there is a file type blocked? We block certain file types like .doc, .zip, using the /etc/mailscanner/filename.rules.conf method and no one has any idea a blocked file has been sent to them until they find out from the external sender that they missed something. Is there a way to set it up where I as the admin could get a message saying a file has been blocked so that I can look at it and decide whether to release it or not? Or either have all blocked files come to me or another address for review?

Re: Send notification to admin that an incoming attachememt was blocked

Posted: 25 Apr 2020 06:52
by pdwalker
Yes there is. My system is configured to do just that.

Only, it's been so long since I configured that, that I forget how I did it.

I expect that it is a setting in /etc/MailScanner/MailScanner.conf

[edit] Yes, it looks like the "Notify Senders*" configuration options is what you are looking for. However, that suggests to me it should notify the senders, not the administrators, and my system only notifys the admins, not the senders - so there must be another option to look for...

still looking.

[edit 2] Ah. The sender did receive a message about the rejected filename.

[edit 3] Changing the "Nofify Senders" to no results in the sender not getting the blocked message, but the admin account still receives the notification of blocked content.

At this point, I am out of time to follow up further. Perhaps someone else remembers what the setting is?

Re: Send notification to admin that an incoming attachememt was blocked

Posted: 26 Apr 2020 14:39
by shawniverson
Configure this section :)

/etc/MailScanner/MailScanner.conf

Code: Select all

# Notify the local system administrators ("Notices To") when any infections
# are found?
# This can also be the filename of a ruleset.
Send Notices = no

# Include the full headers of each message in the notices sent to the local
# system administrators?
# This can also be the filename of a ruleset.
Notices Include Full Headers = yes

# Hide the directory path from all the system administrator notices.
# The extra directory paths give away information about your setup, and
# tend to just confuse users but are still useful for local sys admins.
# This can also be the filename of a ruleset.
Hide Incoming Work Dir in Notices = no

# What signature to add to the bottom of the notices.
# To insert a line-break in there, use the sequence "\n".
Notice Signature = -- \neFa\nemail Filter appliance\nwww.efa-project.org

# The visible part of the email address used in the "From:" line of the
# notices. The <user@domain> part of the email address is set to the
# "Local Postmaster" setting.
Notices From = eFa

# Where to send the notices.
# This can also be the filename of a ruleset.
Notices To = postmaster

# Address of the local Postmaster, which is used as the "From" address in
# virus warnings sent to users.
# This can also be the filename of a ruleset.
Local Postmaster = postmaster

Re: Send notification to admin that an incoming attachememt was blocked

Posted: 28 Apr 2020 11:19
by pdwalker
Doh!

That's it. I overlooked this because I forgot I had "postmaster" aliased to the actual email@example.com address I was using for receiving the messages.

The confusion was because I couldn't find any references to email@example.com in the mailscanner configuration when I should have been looking in /etc/aliases.

Double Doh!

Re: Send notification to admin that an incoming attachememt was blocked

Posted: 28 Apr 2020 13:27
by kidtriton
Thanks guys, I got it working!

Re: Send notification to admin that an incoming attachememt was blocked

Posted: 29 Apr 2020 14:06
by kidtriton
Is there a way to get these notification emails for blocked files but not for viruses? I'm getting what I wanted as far as being notified a .doc or .zip has been blocked but I'm getting a bunch of virus warning emails due to porcupine.junk and would like to not get those.