Need to allow blackberry EPT.DAT files
Robert Lopez
rlopezcnm at gmail.com
Fri Sep 11 22:34:01 IST 2009
On Fri, Sep 11, 2009 at 3:07 PM, Glenn Steen <glenn.steen at gmail.com> wrote:
> 2009/9/11 Robert Lopez <rlopezcnm at gmail.com>:
>> Some offices of the college are being affected by some blocked data
>> files. They are .dat files and we do not want to unblock .dat files.
>> I am told in this case the data files are part of syncing blackberry
>> applications to desktop applications.
>> I considered allowing EPT.DAT, but that seems like too much of an
>> opportunity for the wrong persons.
>>
>> Here are some of the facts:
>>
>> Report: MailScanner: No programs allowed (ETP.DAT)
>>
>> Received: from mailrouter1104.na.blackberry.net
>> (mailrouter1104.na.blackberry.net [204.187.87.55])
>> by xxxx.cnm.edu (Postfix) with SMTP id 625296604E2
>> for <slederle at cnm.edu>; Fri, 11 Sep 2009 06:56:02 -0600 (MDT)
>> Received: from ETP1107.etp.prod.on.blackberry
>> (etp1107.etp.prod.on.blackberry [172.23.40.50])
>> by mailrouter1104.na.blackberry.net (Postfix) with ESMTP id 65EBA2E257F
>> for <xxxxxx at cnm.edu>; Fri, 11 Sep 2009 12:55:46 +0000 (UTC)
>>
>> Would it take a custom modification to 'allow EPT.DAT files only from
>> *.na.blackberry.net' or could a file rule accomplish it?
>>
>> The filename.rules.conf seems to not be able to deal with the domain
>> restriction.
>>
>> Looking at CustomConfig.pm it seems there could be a
>> /etc/MailScanner/spam.bydomain/whitelist/blackberry file if everything
>> from na.blackberry.net and from prod.on.blackberry was wanted to be
>> allowed. As I have no idea what mail could come from
>> those it does not seem wise to just open for everything from them. [I
>> have not found a way to ask blackberry/rim any questions.]
>
> Not really a custom thing, but unpalatable any which way you look at it.
> The problem isn't the filename, which is trivially handled via a
> normal ruleset (multiple filename.rules.conf, where you can allow the
> relevant filename for the blaberry domain (bevare the subdomains...
> aieee!!! Yes, I truly hate RIM/blackberry for this lunacy), but the
> fact that they send a BINARY file without ascii armor. Oh they send
> that too, but that is entirely beside the point, since they rely on
> the binary attachment getting through.
> The problem is that the "encrypted stuff" in that file can (and will,
> as you have noticed)trigger ANY filetype line. So one need use a
> "filetypewhitelist" for the blackberry domain (they, of course, have
> too many sending servers to be able to keep up with using only IPs, so
> you need bare yourself to forgeries here... AAAARRRGH!). It is a PITA.
> It is either this, or stop using blackberries... Try selling that to
> the CEOs:-).
> BTW, the file is for BB activations, not synchronization.
>
> Cheers (yeah, Am slightly drunk, so ... letting some pent-up stem loose here:-)
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
You have been so helpful to me and others I believe you are entitled
to some steam.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
More information about the MailScanner
mailing list