Accepting Only Allowed Attachments

[ibrahimayhan]

Hi Proxmox Team,
I'm Adapting on our Proxmox MG Structure,
Instead of Blocking Individual Mail Attachments,
Accept Only Specific Mail Attachments
How Can I Write the Rule?

 

[t.lamprecht]

Hi,

you could do this by using two rules.
1. A higher priority "accept mails with good attachment"
2. A lower priority than the other rule with "block ALL attachments"

As the "accept good" one has higher priority only the bad ones will come to the "block every mail with any attachment" rule.

 

[ibrahimayhan]

Hi,

you could do this by using two rules.
1. A higher priority "accept mails with good attachment"
2. A lower priority than the other rule with "block ALL attachments"

As the "accept good" one has higher priority only the bad ones will come to the "block every mail with any attachment" rule.

Hi @t.lamprecht
I Didn't Understand What To Do Because I Used Proxmox MG For The First Time,
Can You Tell With A Screen Shot Or A Small Video?

 

[t.lamprecht]

There's a "Installation and Configuration of Proxmox Mail Gateway" video here which touches the mail filter rules a bit:
https://youtu.be/Dr3-BeY0V1k?t=410

Also there's the documentation available:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#chapter_mailfilter

You would need to add a "what object" for the good attachments:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_what

Sorry, I'm on the go, so cannot provide more in depth help, try to search the forum and docs, youtube has also some videos.
Maybe some other forum member can help a bit

 

[koby]

Hello

Hi,

you could do this by using two rules.
1. A higher priority "accept mails with good attachment"
2. A lower priority than the other rule with "block ALL attachments"

As the "accept good" one has higher priority only the bad ones will come to the "block every mail with any attachment" rule.

I have almost the same problem , I have tried your option without luck so far , what I did is this :
Rule 90 : allowed pdf + tiff + txt
Rule 80 : block all
If i send mail with ALL the attachment meaning pdf + tiff + txt it is pass
BUT : sending only pdf it is blocked

I am using ver 8.2.0
Thank you for any help
Koby Peleg Hen

 

[t.lamprecht]

Rule 90 : allowed pdf + tiff + txt

How does your rule, and what object match looks like? It might be, that you need to change to the "any match" policy for the allow-pdf+tiff+txt what object (or rule).

 

[koby]

Yes I need to , but no other can do the job...
Any advice.

 

[Badej]

Add a rule in custom.cf

mimeheader    __HAS_ATTACHMENT    Content-Type =~ /name=/i
mimeheader    __HAS_MIME_PDF        Content-Type =~ /name\*?=["']?.*\.pdf["']?/i
mimeheader    __HAS_MIME_TIFF        Content-Type =~ /name\*?=["']?.*\.tiff["']?/i
mimeheader    __HAS_MIME_TXT        Content-Type =~ /name\*?=["']?.*\.txt["']?/i
meta        SUSPICIOUS_MIME_TYPE    __HAS_ATTACHMENT && !(__HAS_MIME_PDF || __HAS_MIME_TIFF || __HAS_MIME_TXT)
describe    SUSPICIOUS_MIME_TYPE    Message contains attachment other than pdf/tiff/txt
score        SUSPICIOUS_MIME_TYPE    7.0
tflags        SUSPICIOUS_MIME_TYPE    noautolearn

spamassassin -D --lint
systemctl restart pmg-smtp-filter.service

 

[t.lamprecht]

Yes I need to , but no other can do the job...
Any advice.

As mentioned, we'd need to see your configured rule(s) and what objects to give any concrete advice.

 

[Badej]

If the attachment is not a PDF, TIFF, TXT - quarantine. (GUI)

 

[koby]

Hello @Badej ,
Thank you for your tring very hard to help,
I did tried that too , when you send mail with more than one attachment the rule will not apply.
That because proxmox check all the mail at one not looping inside of the attach and not test each of them accordiglly.
But either way you cannot achieve this with current proxmox avail options (I would love to be wrong on this)
What is seems logic to me is that Proxmox will add an "In allowed List" etc , as an option that can easilly solve the problem
By the way , In the mean time , to solve this issue , I am going to write a python script to do this and mark the mail as spam to block it.
I will published it here for everyone to see and use until better option from proxmox would be avial.

 

[koby]

Add a rule in custom.cf

mimeheader    __HAS_ATTACHMENT    Content-Type =~ /name=/i
mimeheader    __HAS_MIME_PDF        Content-Type =~ /name\*?=["']?.*\.pdf["']?/i
mimeheader    __HAS_MIME_TIFF        Content-Type =~ /name\*?=["']?.*\.tiff["']?/i
mimeheader    __HAS_MIME_TXT        Content-Type =~ /name\*?=["']?.*\.txt["']?/i
meta        SUSPICIOUS_MIME_TYPE    __HAS_ATTACHMENT && !(__HAS_MIME_PDF || __HAS_MIME_TIFF || __HAS_MIME_TXT)
describe    SUSPICIOUS_MIME_TYPE    Message contains attachment other than pdf/tiff/txt
score        SUSPICIOUS_MIME_TYPE    7.0
tflags        SUSPICIOUS_MIME_TYPE    noautolearn

spamassassin -D --lint
systemctl restart pmg-smtp-filter.service

Nice option but not very maintainable

 

[koby]

Hello @t.lamprecht

Here is my testing so far ,

This is the list of file extantion to pass.



Here is the rule it self.




Here is the block rule



As I mentioned , this scenario is working with ONLY one attached file.
Can someone advice otherwise ?

Koby Peleg Hen.

 

[Badej]

Hello @t.lamprecht

Here is my testing so far ,

This is the list of file extantion to pass.

View attachment 95071

Caution.
1. The Content-Type=pdf (tiff, etc.) value may not work.
These attachments may be transmitted with the header:
Content-Type: application/octet-stream
2. The 'Archive Filter' type checks the contents of archives (zip, rar, etc.).


I'm confused )) What should I allow?
Accept the message if:
1. Contains any PDF, TIFF, or TXT attachment
2. Contains all attachments (3) PDF + TIFF + TXT
3. Contains an archive (zip, rar, etc.) with PDF, TIFF, or TXT