Allow and block filenames on same domain

[Glenn Steen]

On 30/11/06, Corne Kotze <Cornek at synaq.com> wrote:
> Hi,
>
> Maybe my question was bit vague.
> I should have said it like this:
> I have just under 500 email accounts on my system(mail server), all on
> one domain, and all incoming emails are being scanned by MailScanner.
> My Question:
> How can I allow certain file attachments in emails sent to 40 of the
> email accounts on the domain through, and then still block those
> attachments for all the other email accounts on that same domain?
>
> Example:
> pete at work.com is a director
> joe at work.com is a clerk
>
> Now a "movie.avi" is sent to both, pete at work.com should receive the file
> BUT
> That file must be blocked for joe at work.com
>
> Thanks
>
>
>
> Glenn Steen wrote:
(snip)
> > Take a look at the EXAMPLES in
> > the rules directory, and also look at the wiki...
> > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets
> >
> > and more specifically
> > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading
> >
Afraid of reading are we:-). The above is still the answer to your question;-).

But fair enough, I can mumble a bit and see if things clear up a bit...
There are two distinct mechanisms in MailScanner you can use to block
that AVI, and they in turn have two distinct configuration options...
The link above gives you what you need to do this with the more ...
flexible... method for filename and filetype blocking (which are the
two distinct mechanisms).

What you do is that you create a ruleset for each mechanism (a ruleset
is a file that details different "behaviour", returning different
results, that make sense in the context of the setting the ruleset is
defined for... We'll get to an example below:-) depending on things
like recipient, sender, sending server IP address etc). In that
ruleset you define a default entry that will do the "most common"
action, and then detail all the rest as "exceptions to the default
rule".
When it comes to the filename and filetype rule files, you have an
added bonus by the overloading feature, making it possible to maintain
the exceptions as a file with just the differences, instead of two
separate sets of nearly identical rules.
It also helps when you update, since the update will never touch your
"overloading" files.

So (if we stick with filenames for the moment), if you want the above,
you would create a file /etc/MailScanner/rules/filename.rules which
would look something like (watch out for linewrapping... I'll put
comments between the lines)
# Overload exceptions for directors
FromOrTo: pete at work.com %etc-dir%/filename.exceptions.rules.conf
%etc-dir%/filename.rules.conf
# Default rules
FromOrTo: default %etc-dir%/filename.rules.conf
# End of file
... And you would create the file
%etc-dir%/filename.exceptions.rules.conf with the exceptions you want
(the file is very specifically formatted... It needs <TAB> as column
separator... Just copy the original, remove all lines you will not
change, then change those to "allow"...). For AVI, the filename rule
would be:
allow   \.avi$                  -       -
... and nothing more in
/etc/MailScanner/filename.exceptions.rules.conf (I'm assuming an RPM
install here:-).

Doing the same for filetype rules doesn't really differ...;)

Now, one final gotcha: Since mails addressed to more than one
recipient will be acted upon as if they were sent only to the first
recipient, the above will not be of much use... Unless you configure
your MTA to split mails into one mail/recipient. Once you do that
(it'll increase your resource use somewhat), the above rule would act
exactly as you want it to. For information on how to split
mails/recipient, gor read that section in the MAQ (it links to the
relevant sections in other parts of the wiki):
http://wiki.mailscanner.info/doku.php?id=maq:index#multiple_recipient_message_-_how_to_apply_different_rules

Hope you find my rambling mumbles useful;-)
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se