config questions

[Greg Borders]

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Juan Ramón Gonzalez wrote:
> 1) How could be emails bigger than for example 10Mb been delivered 
> without being filtered/scanned?
> We know about:
> Maximum Message Size = X
> but that option doesn't solve our needs (deliver with no filter/scan).
>
> 2) We have set at:
> filename.rules.conf
> delete+deny \.scr$
>
> We want that kind of emails filtered would be deleted and not 
> quarantined if we have
> "MailScanner.conf"
> Quarantine Infections = yes
>
> Any way to do it (delete if we have quarantine = yes)?
>
> Thank you.
I've got a system in place that does the basics.  I thought I'd share my 
efforts with the MailScanner community, to help make it easier for the 
next person to implement.

The MailScanner.conf file has a "Quarantine Permissions" variable that 
mentions setting it to 644 for allowing the web server to have access to 
the files.  (It caused me a lot of frustration until I found that setting.)

The MailScanner.conf also has the "Maximum Attachment Size" setting.  
This is typically set to -1 for unlimited size, or any number of bytes 
for a system wide restriction.  Of course being a SysAdmin, we don't 
want to limit ourselves, so I created a separate rule set for indivduals 
/ groups.  So the MailScanner.conf line looks like :
Maximum Attachment Size = %rules-dir%/max.attachment.size.rules

And the rules file contains:

#list of users and the max file bytes they can receive before they are 
quarantined.
#Fred 100meg for special courier file
FromOrTo:       fred at comany-x.com     104857600

#test user max size for testuser 1 meg!
FromOrTo:       testuser at company-x.com 1048576

#everybodyelse gets default (no scan=-1)
FromOrTo:       default -1

Note you can set various levels of file sizes depending on what you 
want.  I tested my settings with my testuser account, and it didn't 
affect the live users.  Later I can set the default to a comfortable limit.

Next, we need to change a couple of reports in
/etc/MailScanner/reports/en/

 From my tests, send.error.report.txt and stored.virus.message.txt were 
sent to the sender / recipient respectively when the "Attachment is too 
large" flag is tripped..  I included some lines in the 
stored.virus.message.txt that recreated the URL to the file. The 
available perl variables make this a cinch.

URL: for direct download:
http://www.company-x/pickup/$datenumber/$id/$filename

Lastly, Note the above url path doesn't have the full 
/var/spool/MailScanner/quarantine/ in it.  For Apache users. this is 
easy to do.  With an alias in the httpd.conf file, you can better 
protect the quarantine area from malicious types.

Alias /pickup/ "/var/spool/MailScanner/quarantine/"
<Directory "/var/spool/MailScanner/quarantine/">
   Options Indexes MultiViews
   AllowOverride None
   Order allow,deny
   Allow from all
</Directory>

Restart your MS and HTTPD daemons and all is good.
Hope this helps anyone that needs to have automated access to their 
quarantine files!


--
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!