Confusion with Allow Filenames
Julian Field
MailScanner at ecs.soton.ac.uk
Fri May 12 14:28:50 IST 2006
On 12 May 2006, at 12:10, Max Kipness wrote:
> I've been trying to find the answers from archived posts, but I'm
> still
> not sure if the following should work or not. I definitely doesn't
> based
> on emails with .bmp files attached sent from other mail servers (that
> don't block .bmp on outbound mail).
>
> In mailscanner.conf:
> Allow Filenames = /etc/MailScanner/rules/allow.filename.conf
> Allow Filetypes = /etc/MailScanner/rules/allow.filename.conf
>
> In /etc/MailScanner/rules/allow.filename.conf:
> FromOrTo: myemailaddress at domain.com \.bmp
> FromOrTo: default
>
> There are no errors being produced in the maillog, but the rule is
> being
> ignored completely.
>
> I saw another reference to creating the allow.filename.conf back to
> individual filename.rule.conf files per domain, but I'd rather not
> do it
> that way unless necessary.
>
> Can the above work? Or what am I doing wrong?
A few months ago I created an alternative way of doing all this which
you may find much easier to use when creating simple sets of
restrictions for different groups of users. One of the few things you
cannot do with this new method is to have rules containing any tabs
or spaces. But that's not a problem most of the time.
First of all these configuration options are considered. If nothing
matched, then the filename.rules.conf file is used as it always has
been.
There is course a similar set of options for filetypes as well as
filenames.
Can someone write some documentation for the wiki pointing out this
alternative method please?
Here is the documentation about it, taken directly from
MailScanner.conf.
# To simplify web-based configuration systems, there are now two extra
# settings here. They are both intended for use with normal rulesets
# that you would expect to find in %rules-dir%. The first gives a list
# of patterns to match against the attachment filenames, and a filename
# is allowed if it matches any of these patterns. The second gives the
# the equivalent list for patterns that are used to deny filenames.
# If either of these match at all, then filename.rules.conf is ignored
# for that filename.
# So you can easily have a set like this:
# Allow Filenames = \.txt$ \.pdf$
# Deny Filenames = \.com$ \.exe$ \.cpl$ \.pif$
# which is a lot simpler than having to handle filename.rules.conf!
# It is far simpler when you want to change the allowed+denied list for
# different domains/addresses, as you can use the filename of a simple
# ruleset here instead.
# NOTE: The filename and filetype rules are separate, so if you want to
# allow executable *.exe files you will need at least
# Allow Filenames = \.exe$
# Allow Filetypes = executable
# to make it pass both tests. If either test denies the attachment
# then it will be blocked.
# Allow any attachment filenames matching any of the patters listed
here.
# If this setting is empty, it is ignored and no matches are made.
# This can also be the filename of a ruleset.
Allow Filenames =
# Deny any attachment filenames matching any of the patters listed here.
# If this setting is empty, it is ignored and no matches are made.
# This can also be the filename of a ruleset.
Deny Filenames =
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
More information about the MailScanner
mailing list