Remove all attachments except the ones I allow...

poetry

Active Member
May 28, 2020
206
57
33
Hello,
Anyone has an advice how to do this in the most simple way possible.

I would like to make a mail filter rule that will remove all attachments except the ones I allow. This is a much better policy then the one that is defined by default.

Example on this mail filter rule I would allow attachments .docx .doc .odt .xlsx .txt .csv .pdf .zip and so on (I would add more allowed attachments type over time)

Mail flow:
If someone sends an email with attachment that is on allowed list the attachment is not removed
If someone sends an email with attachment that is not on the allowed list the attachment is removed.

As far as I can see there is no way to do this in a simple way. If I create a new Action Object with Remove all attachments then all the attachments are removed.
1621336512058.png

If I create a rule without remove all attachments then how can I specify that all attachments expect the ones that I allow are removed?
1621336714014.png

Then match filename maybe?
1621336821688.png

Any advice would be appreciated. Thank you.
 
I just create a rules to quarantine mails with below attachment.

1621349798077.png

.*\.(ace|adp|app|asp|ba[st]|cer|chm|cmd|cnt|com|cpl|crt|csh|der|dll|exe|fxp|gadget|hlp|hpj|hta|in[fs]|img|isp|its|jse?|ksh|lnk|ma[dfgmqrstuvw]|md[detwz]|msc|msh|mshxml|msh[12]|msh[12]xml|ms[ipt]|ops|osd|pcd|pif|plg|prf|prg|pst|reg|sc[frt]|sh[bs]|ps[12]|ps[12]xml|psc[12|]tmp|url|vb[eps]?|vsmacros|vsw|ws[cfh]?|xnk|ade|cla|class|grp|jar|mcf|ocx|pl|xbap)
 
Example on this mail filter rule I would allow attachments .docx .doc .odt .xlsx .txt .csv .pdf .zip and so on (I would add more allowed attachments type over time)
as a side-note - depending how you create the What objects keep in mind that the content type filter could cause some unexpected side-effects - e.g. all 'new' MS office documents are also recognized as zip (since they are zipped xml-documents).

Mail flow:
If someone sends an email with attachment that is on allowed list the attachment is not removed
If someone sends an email with attachment that is not on the allowed list the attachment is removed.
I would try the following - create 2 rules with appropriate priority (meaning after all blocking and quarantine rules):
* first rule (higher prio):
** what object containing all your allowed attachment types
** action object accept
* second rule (lower prio):
** action object: Remove Attachement/Attachment Quarantine

I hope this helps!
 
  • Like
Reactions: hata_ph
@hata_ph & @Stoiko Ivanov Thank you very much! This seems reasonable and will test on our systems and let you know the results and how I managed to set it up but need some time to do the testing.

I was also looking in the documentation that it's possible to scan inside the archived attachments so I am interested how I can enforce so if someone is sending not allowed attachments in the zip file can we also make it so it will remove that file and in the description it will be noted it was removed because inside the archive there was not allowed attachment.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!