Send Messagecopy of quarantined Mail with blocked Attachments

Questions and answers about how to do stuff
Post Reply
JanF
Posts: 4
Joined: 05 Apr 2022 09:08

Send Messagecopy of quarantined Mail with blocked Attachments

Post by JanF »

Hello Guys,

i got a request to allow only specific filetypes and block everthing else. Additionally the Security-Team wants a Copy of the blocked Mail with the original attachments.

Is this possible? I created a new filename.rule and -.conf for the first condition which works fine. But i dont know how to send the Copy. I knew about the report but the security-team also wants the attachments.

Another Idea is to use SA "High Scoring Spam Actions = store forward mail@domain.tld". But i havnt that much experience with that and this would forward a copy of every High Scoring Spam, wouldnt it?

Has anyone an idea or solution for this?

Greetings Jan
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Send Messagecopy of quarantined Mail with blocked Attachments

Post by pdwalker »

I looked at the filetype.rules.conf and saw this at the top:

Code: Select all

# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny/deny+delete/email-addresses, then regular expression,
#           then log text, then user report text.
So it appears that you can forwarded messages with the blocked attachments to the Security Team. Not a copy, but a redirected original. You can easily test this yourself.

Also, using the High Scoring Spam Actions is a good thing to do if you don't like the security team. I am sure they would love to get lots and lots of spam.

Maybe the MCP actions could be used instead?
JanF
Posts: 4
Joined: 05 Apr 2022 09:08

Re: Send Messagecopy of quarantined Mail with blocked Attachments

Post by JanF »

Hi pdwalker,

thanks for your advise.
The redirect works fine!
I realized it with a filename-rule.

Now i solved a request, there is the next one...
They want that the Subject to get modified. I saw in the mailscanner.conf parameters to modify the subjectline.

Filename Modify Subject = start
Filename Subject Text = {Filename?}


But the Config wont work.
In the maillog i see the following event:
Apr 8 13:52:14 S13114 MailScanner[3637]: Filetype Checks: Forwarding 4KZc701VTcz5CnW5 Microsoft 365 .7z to postmaster@test.ads

Is that the problem, that this is a filetype check and no filename check? But in the mailscanner.conf is no parameter for Filetype Subject Text.

Do you got an idea for this one too?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Send Messagecopy of quarantined Mail with blocked Attachments

Post by pdwalker »

Interesting, I never knew about this feature before as I have never used it.

>Is that the problem, that this is a filetype check and no filename check? But in the mailscanner.conf is no parameter for Filetype Subject Text.

Good question, as I have no idea. I'll need to test it to see what happens.
Post Reply