Hello Guys,
i got a request to allow only specific filetypes and block everthing else. Additionally the Security-Team wants a Copy of the blocked Mail with the original attachments.
Is this possible? I created a new filename.rule and -.conf for the first condition which works fine. But i dont know how to send the Copy. I knew about the report but the security-team also wants the attachments.
Another Idea is to use SA "High Scoring Spam Actions = store forward mail@domain.tld". But i havnt that much experience with that and this would forward a copy of every High Scoring Spam, wouldnt it?
Has anyone an idea or solution for this?
Greetings Jan
Send Messagecopy of quarantined Mail with blocked Attachments
Re: Send Messagecopy of quarantined Mail with blocked Attachments
I looked at the filetype.rules.conf and saw this at the top:
So it appears that you can forwarded messages with the blocked attachments to the Security Team. Not a copy, but a redirected original. You can easily test this yourself.
Also, using the High Scoring Spam Actions is a good thing to do if you don't like the security team. I am sure they would love to get lots and lots of spam.
Maybe the MCP actions could be used instead?
Code: Select all
# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny/deny+delete/email-addresses, then regular expression,
# then log text, then user report text.
Also, using the High Scoring Spam Actions is a good thing to do if you don't like the security team. I am sure they would love to get lots and lots of spam.
Maybe the MCP actions could be used instead?
Re: Send Messagecopy of quarantined Mail with blocked Attachments
Hi pdwalker,
thanks for your advise.
The redirect works fine!
I realized it with a filename-rule.
Now i solved a request, there is the next one...
They want that the Subject to get modified. I saw in the mailscanner.conf parameters to modify the subjectline.
Filename Modify Subject = start
Filename Subject Text = {Filename?}
But the Config wont work.
In the maillog i see the following event:
Apr 8 13:52:14 S13114 MailScanner[3637]: Filetype Checks: Forwarding 4KZc701VTcz5CnW5 Microsoft 365 .7z to postmaster@test.ads
Is that the problem, that this is a filetype check and no filename check? But in the mailscanner.conf is no parameter for Filetype Subject Text.
Do you got an idea for this one too?
thanks for your advise.
The redirect works fine!
I realized it with a filename-rule.
Now i solved a request, there is the next one...
They want that the Subject to get modified. I saw in the mailscanner.conf parameters to modify the subjectline.
Filename Modify Subject = start
Filename Subject Text = {Filename?}
But the Config wont work.
In the maillog i see the following event:
Apr 8 13:52:14 S13114 MailScanner[3637]: Filetype Checks: Forwarding 4KZc701VTcz5CnW5 Microsoft 365 .7z to postmaster@test.ads
Is that the problem, that this is a filetype check and no filename check? But in the mailscanner.conf is no parameter for Filetype Subject Text.
Do you got an idea for this one too?
Re: Send Messagecopy of quarantined Mail with blocked Attachments
Interesting, I never knew about this feature before as I have never used it.
>Is that the problem, that this is a filetype check and no filename check? But in the mailscanner.conf is no parameter for Filetype Subject Text.
Good question, as I have no idea. I'll need to test it to see what happens.
>Is that the problem, that this is a filetype check and no filename check? But in the mailscanner.conf is no parameter for Filetype Subject Text.
Good question, as I have no idea. I'll need to test it to see what happens.