Attachment block
Mailborder at Gmail
mailborder at gmail.com
Fri Jan 4 18:35:27 GMT 2013
- Go here: http://demo.mailborder.com
- The user name and password is on the page. Navigate to: Dashboard >
Global Policy > File Policy
- Click on the pencil next to a domain name to see the files. (You can't
change anything.)
Based on what you are seeing, the following config would be built on a
Mailborder system:
This is the filename rules. Keep scrolling for how the MailScanner config
is setup to read the filename rules.
# Built by Mailborder Systems
# Build Time: Fri, 04 Jan 2013 18:20:02 UTC
deny \.bak$ - -
allow \.bz2$ - -
deny \{[a-hA-H0-9-]{25,}\} - -
allow \.Z$ - -
deny \s{10,} - -
deny \.fdf$ - -
allow \.(mon|tue|wed|thu|fri|sat|sun)\.[a-z0-9]{3}$ - -
allow \.x\d+\.rel$ - -
deny \.shb$ - -
allow \.vcf$ - -
deny \.lnk$ - -
deny \.mhtml$ - -
deny \.xnk$ - -
allow \.gif$ - -
allow \.t?gz$ - -
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ - -
deny \.ins$ - -
deny \.its$ - -
allow \.jpg$ - -
deny .{150,} - -
allow \.hqx$ - -
allow \.sea$ - -
allow \.sit.bin$ - -
deny \.md[az]$ - -
deny \.vs[stw]$ - -
deny \.mau$ - -
deny \.ma[dfgmqrsvw]$ - -
deny \.cab$ - -
allow \.xml\d*\.rel$ - -
deny \.hta$ - -
deny \.jse?$ - -
deny \.pst$ - -
deny \.prf$ - -
deny \.pif$ - -
deny \.job$ - -
deny \.tmp$ - -
deny \.vsmacros$ - -
allow
\.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$
- -
allow \.gpg$ - -
allow \.pgp$ - -
allow \.asc$ - -
allow \.sig$ - -
allow \.rpm$ - -
allow (\.[a-z0-9]{3})\1$ - -
allow \.rtf$ - -
deny \.cer$ - -
deny \.shs$ - -
deny \.cnf$ - -
allow \.sit$ - -
allow \.tex$ - -
allow \.txt$ - -
deny \.vb[es]$ - -
allow \.url$ - -
deny \.cmd$ - -
deny \.cpl$ - -
deny \.cur$ - -
deny \.scf$ - -
deny \.chm$ - -
deny \.hlp$ - -
deny \.ani$ - -
deny \.ico$ - -
deny \.reg$ - -
deny \.scr$ - -
deny \.ws$ - -
deny \.sct$ - -
deny \.ws[cfh]$ - -
deny \.com$ - -
deny \.exe$ - -
deny \.bat$ - -
allow \.zip$ - -
This is a MailScanner/conf.d/mailborder.conf (an extension of
MailScanner.conf) You can see the logic by looking and the config values.
Built by Mailborder Systems
# Build Time: Fri, 04 Jan 2013 18:20:02 UTC
%etc-dir% = /etc/MailScanner
%mcp-dir% = /etc/MailScanner/mcp
%org-long-name% = Mailborder Systems
%org-name% = Mailborder
%report-dir% = /etc/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%web-site% = www.mailborder.com
Add Envelope From Header = yes
Add Envelope To Header = no
Add Text Of Doc = no
Add Watermark = yes
Allow External Message Bodies = %rules-dir%/aemb.rules
Allow File MIME Types =
Allow Filenames =
Allow Filetypes =
Allow Form Tags = %rules-dir%/aft.rules
Allow IFrame Tags = %rules-dir%/ait.rules
Allow Multiple HTML Signatures = no
Allow Object Codebase Tags = %rules-dir%/aoct.rules
Allow Partial Messages = %rules-dir%/apm.rules
Allow Password-Protected Archives = %rules-dir%/appa.rules
Allow Script Tags = %rules-dir%/ast.rules
Allow WebBugs = %rules-dir%/awb.rules
Also Find Numeric Phishing = %rules-dir%/fnp.rules
Always Include MCP Report = no
Always Include SpamAssassin Report = yes
Always Looked Up Last = &MailWatchLogging
Antiword = /usr/bin/antiword -f
Antiword Timeout = 50
Archive Mail =
Archives Are = zip rar ole
Archives: Allow File MIME Types =
Archives: Allow Filenames =
Archives: Allow Filetypes =
Archives: Deny File MIME Types =
Archives: Deny Filenames =
Archives: Deny Filetypes =
Archives: Filename Rules = %etc-dir%/frules/filename.rules
Archives: Filetype Rules = %etc-dir%/frules/filetype.rules
Attach Image To HTML Message Only = yes
Attach Image To Signature = no
Attachment Encoding Charset = ISO-8859-1
Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe
.mpeg .mp3 .rpm .htm .html .eml
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
Attachments Min Total Size To Zip = 100k
Attachments Zip Filename = Attachments.zip
Block Encrypted Messages = %rules-dir%/bem.rules
Block Unencrypted Messages = %rules-dir%/bum.rules
Bounce MCP As Attachment = no
Bounce Spam As Attachment = no
Cache SpamAssassin Results = yes
Check Filenames In Password-Protected Archives = %rules-dir%/cfippa.rules
Check SpamAssassin If On Spam List = yes
Check Watermarks To Skip Spam Checks = yes
Check Watermarks With No Sender = yes
ClamAV Full Message Scan = no
ClamAVmodule Maximum Compression Ratio = 250
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum Recursion Level = 8
Clamd Lock File = /var/lock/subsys/clamd
Clamd Port = 3310
Clamd Socket = 127.0.0.1
Clamd Use Threads = yes
Clean Header Value = Found to be clean
Content Modify Subject = start
Content Subject Text = [Warning]
Convert Dangerous HTML To Text = %rules-dir%/cdht.rules
Convert HTML To Text = %rules-dir%/cht.rules
Country Sub-Domains List = %etc-dir%/country.domains.conf
Custom Spam Scanner Timeout = 20
Custom Spam Scanner Timeout History = 20
Dangerous Content Scanning = %rules-dir%/dcs.rules
DB DSN =
DB Password =
DB Username =
Default Rename Pattern = __FILENAME__.disarmed
Definite MCP Is High Scoring = no
Definite Spam Is High Scoring = no
Deleted Bad Content Message Report =
%report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report =
%report-dir%/deleted.filename.message.txt
Deleted Size Message Report = %report-dir%/deleted.size.message.txt
Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt
Deliver Cleaned Messages = no
Deliver Disinfected Files = no
Deliver Unparsable TNEF = yes
Deny File MIME Types =
Deny Filenames =
Deny Filetypes =
Detailed MCP Report = yes
Detailed Spam Report = yes
Disarmed Modify Subject = start
Disarmed Subject Text = [Disarmed]
Disinfected Header Value = Disinfected
Disinfected Report = %report-dir%/disinfected.report.txt
Dont Sign HTML If Headers Exist = # In-Reply-To: References:
Envelope From Header = X-%org-name%-Mailborder-From:
Envelope To Header = X-%org-name%-Mailborder-To:
Expand TNEF = yes
File Command = /usr/bin/file
File Timeout = 20
Filename Modify Subject = start
Filename Rules = %etc-dir%/frules/filename.rules
Filename Subject Text = [Bad File]
Filetype Rules = %etc-dir%/frules/filetype.rules
Find Archives By Content = %rules-dir%/fac.rules
Find Phishing Fraud = %rules-dir%/fpf.rules
Find UU-Encoded Files = yes
First Check = spam
Gunzip Command = /bin/gunzip
Gunzip Timeout = 50
Hide Incoming Work Dir = yes
Hide Incoming Work Dir in Notices = no
High Scoring MCP Actions = deliver
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = [MCP]
High Scoring Spam Actions = %rules-dir%/hspam.rules
High Scoring Spam Modify Subject = start
High Scoring Spam Subject Text = [Spam]
High SpamAssassin Score = 15
Highlight Phishing Fraud = yes
Hostname = %org-name% ($HOSTNAME)
ID Header = X-%org-name%-Mailborder-ID:
Ignore Spam Whitelist If Recipients Exceed = 20
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim
Include Binary Attachments In SpamAssassin = no
Include Scanner Name In Reports = yes
Include Scores In MCP Report = no
Include Scores In SpamAssassin Report = yes
Incoming Queue Dir = /var/spool/postfix/hold
Incoming Work Dir = /var/spool/MailScanner/incoming
Incoming Work Group = mtagroup
Incoming Work Permissions = 0660
Incoming Work User = clamav
Infected Header Value = Found to be infected
Information Header = X-%org-name%-Mailborder-Information:
Information Header Value = Please contact your admin for more information
Inline HTML Signature = %report-dir%/inline.sig.html
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Inline Text Signature = %report-dir%/inline.sig.txt
Inline Text Warning = %report-dir%/inline.warning.txt
IP Protocol Version Header = X-%org-name%-Mailborder-IP-Protocol:
Is Definitely MCP = no
Is Definitely Not MCP = no
Is Definitely Not Spam = %rules-dir%/whitelist.rules
Is Definitely Spam = %rules-dir%/blacklist.rules
Keep Spam And MCP Archive Clean = no
Known Web Bug Servers = msgtag.com
Language Strings = %report-dir%/languages.conf
Local Postmaster = postmaster
Log Dangerous HTML Tags = no
Log Delivery And Non-Delivery = no
Log MCP = no
Log Non Spam = no
Log Permitted File MIME Types = no
Log Permitted Filenames = no
Log Permitted Filetypes = no
Log Silent Viruses = no
Log Spam = no
Log SpamAssassin Rule Actions = yes
Log Speed = yes
Mail Header = X-%org-name%-Mailborder:
Mark Infected Messages = yes
Mark Unscanned Messages = yes
Max Children = 2
Max Custom Spam Scanner Size = 20k
Max Custom Spam Scanner Timeouts = 10
Max Normal Queue Size = 800
Max Spam Check Size = 200k
Max Spam List Timeouts = 5
Max SpamAssassin Size = 40k
Max SpamAssassin Timeouts = 10
Max Unsafe Bytes Per Scan = 50m
Max Unsafe Messages Per Scan = 30
Max Unscanned Bytes Per Scan = 100m
Max Unscanned Messages Per Scan = 30
Maximum Archive Depth = 8
Maximum Attachment Size = %rules-dir%/mas.rules
Maximum Attachments Per Message = 200
Maximum Message Size = %rules-dir%/mms.rules
Maximum Processing Attempts = 6
MCP Actions = deliver
MCP Checks = no
MCP Error Score = 1
MCP Header = X-%org-name%-Mailborder-MCPCheck:
MCP High SpamAssassin Score = 10
MCP Max SpamAssassin Size = 100k
MCP Max SpamAssassin Timeouts = 20
MCP Modify Subject = start
MCP Required SpamAssassin Score = 1
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin Timeout = 10
MCP SpamAssassin User State Dir =
MCP Subject Text = [MCP]
Minimum Attachment Size = 1
Minimum Stars If On Spam List = 0
Missing Mail Archive Is = directory
Monitors for ClamAV Updates = /var/clamav/*.cld /var/clamav/*.cvd
MTA = postfix
Multiple Headers = append
Never Notify Senders Of Precedence = list bulk
Non MCP Actions = deliver
Non Spam Actions = deliver header "X-Spam-Status: No"
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar
Notices Include Full Headers = yes
Notices To = %rules-dir%/vn.rules
Notify Senders = yes
Notify Senders Of Blocked Filenames Or Filetypes = yes
Notify Senders Of Blocked Size Attachments = yes
Notify Senders Of Other Blocked Content = yes
Notify Senders Of Viruses = no
Outgoing Queue Dir = /var/spool/postfix/incoming
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Phishing Modify Subject = yes
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Subject Text = [Phishing]
PID file = /var/run/MailScanner.pid
Place New Headers At Top Of Message = yes
Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db
Quarantine Dir = /var/spool/MailScanner/quarantine
Quarantine Group = mtagroup
Quarantine Infections = %rules-dir%/qi.rules
Quarantine Modified Body = no
Quarantine Permissions = 0660
Quarantine Silent Viruses = no
Quarantine User = postfix
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes
Queue Scan Interval = 6
Rebuild Bayes Every = 0
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Reject Message = no
Rejection Report = %report-dir%/rejection.report.txt
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
Required SpamAssassin Score = %rules-dir%/rsas.rules
Restart Every = 7200
Run As Group = postfix
Run As User = postfix
Scan Messages = %rules-dir%/scan.messages.rules
Scanned Modify Subject = no
Scanned Subject Text = [Scanned]
Send Notices = %rules-dir%/sn.rules
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Content Report = %report-dir%/sender.content.report.txt
Sender Error Report = %report-dir%/sender.error.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
Sender Size Report = %report-dir%/sender.size.report.txt
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
Sender Spam Report = %report-dir%/sender.spam.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Sender Virus Report = %report-dir%/sender.virus.report.txt
Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail
Sign Clean Messages = %etc-dir%/rules/scm.rules
Sign Messages Already Processed = no
Signature Image <img> Filename = signature.jpg
Signature Image Filename = %report-dir%/sig.jpg
Silent Viruses = HTML-IFrame All-Viruses
Size Modify Subject = start
Size Subject Text = [Size]
Spam Actions = %rules-dir%/spam.rules
Spam Checks = %rules-dir%/sc.rules
Spam Domain List =
Spam Header = X-%org-name%-Mailborder-SpamCheck:
Spam List = # spamhaus-ZEN # You can un-comment this to enable them
Spam List Definitions = %etc-dir%/spam.lists.conf
Spam List Timeout = 4
Spam List Timeouts History = 10
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 3
Spam Modify Subject = no
Spam Score = yes
Spam Score Character = s
Spam Score Header = X-%org-name%-Mailborder-SpamScore:
Spam Subject Text = [Spam]
Spam-Virus Header = X-%org-name%-Mailborder-SpamVirus-Report:
SpamAssassin Auto Whitelist = no
SpamAssassin Cache Database File =
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
SpamAssassin Default Rules Dir =
SpamAssassin Install Prefix =
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Rule Actions =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Temporary Dir =
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin Timeout = 75
SpamAssassin Timeouts History = 30
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamScore Number Instead Of Stars = yes
SQL Config =
SQL Debug = no
SQL Quick Peek =
SQL Ruleset =
SQL Serial Number =
SQL SpamAssassin Config =
Still Deliver Silent Viruses = no
Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report =
%report-dir%/stored.filename.message.txt
Stored Size Message Report = %report-dir%/stored.size.message.txt
Stored Virus Message Report = %report-dir%/stored.virus.message.txt
Syslog Facility = mail
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120
Treat Invalid Watermarks With No Sender as Spam = spam
Unpack Microsoft Documents = no
Unrar Command = /usr/bin/unrar
Unrar Timeout = 50
Unscanned Header Value = Not scanned
Unzip Filenames = *.txt *.ini *.log *.csv
Unzip Maximum File Size = 50k
Unzip Maximum Files Per Archive = 0
Unzip MimeType = text/plain
Use Custom Spam Scanner = no
Use SpamAssassin = yes
Use Stricter Phishing Net = yes
Use TNEF Contents = replace
Use Watermarking = %rules-dir%/wm.rules
Virus Modify Subject = start
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
Virus Scanner Timeout = 300
Virus Scanners = clamd
Virus Scanning = yes
Virus Subject Text = [Warning]
Wait During Bayes Rebuild = no
Warning Is Attachment = no
Watermark Header = X-%org-name%-Mailborder-Watermark:
Watermark Lifetime = 604800
Watermark Secret = %org-name%-Mailborder-Watermark-Secret
Web Bug Replacement = http://cdn.mailscanner.info/1x1spacer.gif
Zip Attachments = %rules-dir%/zipa.rules
On Fri, Jan 4, 2013 at 7:03 PM, Oliveiros Peixoto (Netinho) <
oliveiros at gmail.com> wrote:
> Hello All.
>
> I would like to notify you that I am having some problems in attachment
> blocking. I set the Filename Rules mailscanner.conf policy. I have two
> rules in this file.
>
> FromOrTo: rafael at mymail.com % etc-dir%/rules/filename.liberado.rules.conf
> FromOrTo: default %etc-dir%/regras/filename.restrito.rules.conf
>
> rafael where the user can send and receive files. zip.I also have a
> default rule where users can not send or receive files.zip. When I send
> an email with file.zip attached to a default user the attachment is
> blocked, but if sending the same email to the user rafael cc with a
> default user to both receive the email with the attachment.
>
> Can anyone tell me if this is a bug?
>
> MailScanner Version: MailScanner-4.84.5-2
>
> Thanks
> Oliveiros Peixoto!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130104/248b4157/attachment.html
More information about the MailScanner
mailing list