Selective filtering of password protected archives

Kobi 6666

New Member
Jan 18, 2022
3
0
1
42
Hello,
Is there any way for selective filtering of attachments (password protected archives in my case) ? (i checked all the docs after every pmg update to no avail)
I'm considering switching from mailscanner to pmg but i don't seem to find a way to handle zip protected password in corellation with the sending / receiving domain.
I want to allow password protected files from some domains, but block them by default.
In mailscanner i have the following options:
- block all encrypted docs (pdfs in my case)

Block Encrypted Messages = %etc-dir%/password_encrypted_docs_allow_gdpr.conf
- selective permit of password protected archives
Allow Password-Protected Archives = %etc-dir%/password_protected_archives_allow_gdpr.conf
And in the files specified i can selective allow / block the files from and to various domains / addresses.
Thanks in advance.
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,862
1,039
164
No this is currently not directly configurable per domain/recipient
You can enable 'Block encrypted archives and documents' (GUI->Configuration->Virus Detector->Options)- then the mails with such an attachment will get the Heuristic Score as Spampoints assigned ((GUI->Configuration->Spam Detector->Options) - you could use this information in the rule syste
(set the heuristic score to something very high - e.g. 20 and create 2 rules - one with those recipients which should get it - and put the mails for them in to quarantine, one without any who object (default) - and use the action Block)

I hope this helps!
 

Kobi 6666

New Member
Jan 18, 2022
3
0
1
42
Hi,
I've checked your solution and i can confirm it's working, thanks very much for your help. I am now considering to switching to PMG, that was an important matter that was holding me back.
However, are there any further side effects, like increasing the spam score for a sender / domanin that was blocked using this rule, even if, in general, he/she is a legitimate sender or coming from a trusted domain ?
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,862
1,039
164
However, are there any further side effects, like increasing the spam score for a sender / domanin that was blocked using this rule, even if, in general, he/she is a legitimate sender or coming from a trusted domain ?
I think the only 'side-effect' is that it might skew bayes filtering (and it will skew autowhitelist scores) - but in both cases I would suggest to simply disable both features (GUI->Configuration->Spam Detector->Options) - as in my experience - they do not help too much (or rather sometimes even have a negative effect on detection rates)
 

Kobi 6666

New Member
Jan 18, 2022
3
0
1
42
Are you considering implementing these kind of rules ? Nowadays a lot of dangerous content come in form of encrypted documents. Also, due to eu gdpr rules, we are forced to encrypt trusted documents which contain personal informations. In my opinion, having been able to apply such rules would allow a lot of sys admins to ban / filter / permit encrypted docs more easily and in a more concise way.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!