Eventhough it's 5 years old: Is there no option? We have a bunch of people still trying to send .xls/doc documents instead of the XML pendants, which are a security risk. Currently the UTMs just quarantine them - I'd like to reject them!
The sender doesn't know he's sending 13 years depricated stuff and expects it to be delivered.
Any solutions for that?
There's no way to do this at present. I bet there's a way to do it at the command line, but I don't know it. Maybe a Sophos guy will come by and tell us...
Cheers - Bob
Reflecting on this, I came up with a workaround...
One could find the quarantined items with:
grep 'reason="ext"' /var/log/smtp.log
Or, if you wanted to look at the ones from yesterday:
zgrep 'reason="ext"' /var/log/smtp/2020/06/*24*
An example (personal information obfuscated) I got with that was:
2020:06:24-02:20:00 secure smtpd: SCANNER: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="140.xxx.yyy.103" from="firstname.lastname@example.org" to="email@example.com" subject="QUOTATION" queueid="1eJFxw-0001cS-9h" size="1054608" reason="ext" extra="exe"
If the number of such cases is small, a standardized manual email could be sent to the sender précising the date, time, subject and extension. Easy also to delete the message in the Mail Manager.
No, but actually we have exactly the same problem. It's a shame that Sophos does not offer a solution to this. Especially as this would be a considerable gain in security. So +1 ( even if this is not the platform for ideas)
I neither see a solution, nor even a workaround for that.
How does a manual "grep" replace/workaround a rejection of (specific) attachments? It's out of my logic. We don'T want to delete that, we want to REJECT.
Reject means that the sender gets informed, that he's (probably) sending risky crap and hopefully learns and retries with a filetype, that is acceptable (PDF, .docx...).
Don't +1 here, there's a fuction on the top-right side of this page... maybe if a billion people ring that bell, Sophos will do something (overdue) for their money. ;-)
Thanks for pointing that out, I was the second one that already did that. Unfortunately Sophos seems to push more development power into XG since years and still XG can’t replace UTM. But that’s another story. I think one will need a separate mail gateway to use such functions in the near future too.
The workaround I suggested allows you to inform the sender that their email was not received as it was deleted because of an unsafe attachment.
Guys, there might be a way to do this with exim, but you won't find it here. Maybe on exim.org or github.
You know if The XG things can do this? Someone else I know - who's obviously not using Sophos - has a 'replacement' function, that gives the receiver a textfile telling what's missing and that it got blocked and could be released by admin.That's at least better than just dropping the mail into quarantine.