Hi Guys I think recently someone opened one of the nice attachements that runs an exe and installed ransomware through a network share on a clients server. It wiped though local backups also. Luckily the off site backups were in play and its restoring now. In light of this, I am going to block certain file types. I have seen a couple of posts about content filtering. I tried to large bulk sql library version, but it wouldn't work, and am considering typing everything manually. Is it best to filter through postfix or amasvid? Please can someone give an example on how to block .exe and .zip please. Kind Regards Lee
I would filter it trough amavisd, it has already filters for that "aboard", take a look inti the amavisd config file, there should be some config options about filtering specific attachments that you can uncomment there.
Thanks Till, I found out what i need to be doing. Am i right in saying that i should only edit conf.d/50-user and nothing else in conf.d I added the part below, $banned_filename_re = new_RE( qr'.\.(bat|exe|scr)$'i, qr'^\.(exe|zip|lha|tnef)$'i, ); What is weird is .docx are being banned also, that's still not the weirdest part. Other users on localhost can send the same email, with the same attachment and it get through, but other users cannot? Any Ideads. All i want to do for now is block .zip and .exe KRs Lee
You can set a higher log level in amavis 50-user file and then check the mail.log to see what amavis is doing in detail with the email. Ensure that you restart amavis after each config change.
Thanks Till, I have enabled a higher level and will wait. Does items in the 50-user file override options in, say, 20-debian_defaults? L
Thanks Till. I think I have it working. I adjusted what I wanted. I will allow zips but block banned contents. Out of interest is there going to be a more intuitive interface for blocking content in 3.1? Thanks once again for your help. Lee