Block outgoing e-mail based on attachment type

Discussion in 'Server Operation' started by tode, Apr 29, 2020.

  1. tode

    tode New Member

    We are running CenOS 6.5 and ISPConfig 3.0.5.4p3
    I need to block only outgoing e-mail with a .MKV (and others in future) attachment; with a reject message to the sender.
    I tried 2 solutions but they are not working:

    1. postfix
    I edited the "/etc/postfix/main.cf" file:
    Code:
    [...]
    smtp_header_checks = pcre:/etc/postfix/smtp_mime_header_checks.pcre
    smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks.pcre
    smtp_nested_header_checks = pcre:/etc/postfix/smtp_mime_header_checks.pcre
    # also tried 
    header_checks = pcre:/etc/postfix/smtp_mime_header_checks.pcre
    mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks.pcre
    nested_header_checks = pcre:/etc/postfix/smtp_mime_header_checks.pcre
    [...]
    with this "/etc/postfix/smtp_mime_header_checks.pcre" file:
    Code:
    /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
    mkv
    ))(\?=)?"?\s*(;|$)/x
        REJECT Attachment type ".$4" not allowed
    and restarted postfix. No luck...

    2. amavis-new
    I edited the "/etc/amavisd/amavisd.conf" file:
    Code:
    $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
      originating => 1,  # is true in MYNETS by default, but let's make it explicit
      allow_disclaimers => 1,
      os_fingerprint_method => undef,  # don't query p0f for internal clients
      banned_namepath_re => new_RE(
          qr'T=(mkv|avi)'xmi,
          qr'.\.(mkv|avi)$'i,
      ),
    };
    and tried both the rules inside "banned_namepath_re". I tried also the same rules inside the block "$policy_bank{'ORIGINATING'}" with no luck (after restarting amavisd).
    The only rule working in "/etc/amavisd/amavisd.conf" file is the following:
    Code:
    [...]
    $banned_filename_re = new_RE(
      qr'.\.(mkv|avi)$'i,   # banned extensions - rudimentary
    [...]
    but it rejects outbound and also inbound emails.

    Any help?
    Thanks,
    tode
     
  2. tode

    tode New Member

    Solved with postfix.
    First, the content of the "/etc/postfix/smtp_mime_header_checks.pcre" file must be on two lines, like:
    Code:
    "/^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(mkv))(\?=)?"?\s*(;|$)/x
       REJECT Attachment type ".$4" not allowed
    
    and, after a postfix reload, it blocks outgoing and ingoing e-mail (with correct message to sender).

    To restrict the filter only for the outgoing e-mail you can disable this filter in the "/etc/postfix/master.cf" file
    Code:
    [...]
    smtp      inet  n       -       n       -       -       smtpd
      -o receive_override_options=no_header_body_checks
    [...]
    then run "postfix reload" and the block will work.
    So the filter will work only for submission process and not for normal email receiving on standard port 25.

    smtp_*_checks filters are useless for this goal.

    Hope this help someone,
    tode
     

Share This Page