Exchange/Outlook Specific Settings?

Drew Marshall drew at technologytiger.net
Thu Mar 29 11:25:55 CEST 2007


On Wed, March 28, 2007 14:15, Glenn Steen wrote:
> On 28/03/07, Paul Hutchings <paul.hutchings at mira.co.uk> wrote:
>> Martin,
>>
>> I've been reading the manual on the dangerous content checking and it
>> does look useful, though I would probably want to disable the
>> phishing/tag type of checks.
>>
>> I guess I'm trying to understand how MailScanner recognizes file types
>> to block vs. Postfix?
>>
>> Paul
> Postfix - on-the-fly, meaning it can't be as thorough as MailScanner.
> MailScanner - full decoding/unpacking of the message and possibly any
> contained archive, meaning it can do a thorough job of filename,
> filetype, virus and spam scanning (and then some:-).

You also have to remember that Postfix is checking MIME header for
attachments that match your block list, eg *.exe, *.bat etc. Providing the
sender has been kind enough to use a decent client, which has attached the
attachment correctly, described it properly etc you will be fine. However
if they have tried to disguise the file e.g. *.ex, *.exe.doc then Postfix
will be quite happy and let it through.

MailScanner uses (If you have it set up and installed correctly) the file
command to try to magically identify any file, no matter what the
extension. It will also allow more sophisticated file name blocking too
because it is scanning 'off line' as opposed to on the fly.

What I would suggest is to keep your Postfix MIME attachment block (But
don't make the list too big or you will suffer speed issues. Postfix is a
great MTA but not a wonderful filtering tool) so you get rejection at SMTP
for obvious files saving you some CPU and then tailor the file name/ type
filtering in MailScanner to catch any thing that slips through.

You might want to consider that if you reject MIME attachments at SMTP
stage you then have no record of the file or mail. If MailScanner does it,
you have the offending item(s) in quarantine so you can always get them
back/ release them if you need to.

The challenge is that you will never totally understand the impact until
it happens. Sometimes learning the hard way should be reserved for theory
books and someone else's experience! :-)

Regards

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ



More information about the MailScanner mailing list