New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Block attachments based on file extension #5076
Comments
I think the right approach would be a filter in Sieve. This filter could also be adjusted more precisely. Rspamd seems to me to be a possible approach here, which however strongly generalizes, so that I recommend you to have a closer look at the filters in Sieve. edit: try this. I added some kind of reject message, so "honest" senders will know precisely why it was rejected.
Let me know if this worked for you :) |
I have about 200 hundreds email used only for working contacts. Thanks |
I used the template prefilter for the list of blocked attatchments and customized it.
But with this filter it blocks EVERY mail with EVERY file extensions. What is wrong with this filter? Please help :( |
This filter doesn't work for me. |
Did you manage to solve the problem of blocking all attachments? Full reinstall didn't help. (I thought the problem was that I broke the configuration file somewhere) |
Unfortunly not. I don't have more ideas. I Hope someone can help with that problem. |
As an option:
You just need to write it down correctly or bring it to mind. Split into two filters. So that one skips the necessary attachments, the second blocks |
Friends! After long and exhausting attempts, I found a solution to the problem:
|
It might work but the sender won't be notified about the blocked mail with a bad file extension. |
|
But what if the sender is not from our mailcow? |
This is a general rule for every user. Change only the mailto address |
Mailcow says "Unexpected tag :options". |
I also tried that filter: and it doesn't work... whats wrong with that hell..... |
#5246 fix it |
Ok now Mailcow accepts the syntax but the filter doens't work. Mails with a .zip file are normally delivered without any notification to the sender. |
I raised another mail server with sieve support for the test, and the rule we needed normally worked there, but with mime and enotify.
We need to fix the problem with "mime" and "enotify" and everyone will be happy. |
Summary
I'm requesting to add to "Global filter maps" a new map to block some file extension. Actually I added do rspamd multimap.conf file this rule:
BAD_FILE_EXT {
type = "filename";
filter = "extension";
map = "${LOCAL_CONFDIR}/custom/bad_file_ext.map";
symbol = "FILENAME BLACKLISTED"
action = "reject";
}
Motivation
Sometimes, phishing attack it's based on opening the attached file to email. The file extension is .ISO, .IMG, .ARJ, .LZH, .R01, .R02, .001 but also .REG, .EXE, .JS and many others. If an email have a file with these extension, I want do reject it. No virus check but simply reject it.
Now for updating this file I must login to my server console.
The rule can also be used to block some file for policy reason.
Many thanks
Alessandro
Additional context
No response
The text was updated successfully, but these errors were encountered: