Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 3592 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reject mail with specific file extensions

Globba
Hi!

I need to reject mail that contains files with special extensions (for example, .exe).
When I put .exe into email protection -> smtp -> antivirus -> file extention filter, UTM begins to quarantine mails with .exe files.
But how can I   reject such mails?

Thanks!


This thread was automatically locked due to age.
Parents
  • 0

    Eventhough it's 5 years old: Is there no option? We have a bunch of people still trying to send .xls/doc documents instead of the XML pendants, which are a security risk. Currently the UTMs just quarantine them - I'd like to reject them!

    The sender doesn't know he's sending 13 years depricated stuff and expects it to be delivered.

    Any solutions for that?

  • 0 in reply to cgi

    Reflecting on this, I came up with a workaround...

    One could find the quarantined items with:

    grep 'reason="ext"' /var/log/smtp.log

    Or, if you wanted to look at the ones from yesterday:

    zgrep 'reason="ext"' /var/log/smtp/2020/06/*24*

    An example (personal information obfuscated) I got with that was:

    2020:06:24-02:20:00 secure smtpd[6228]: SCANNER[6228]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="140.xxx.yyy.103" from="badguy@criminal.com" to="me@domain.com" subject="QUOTATION" queueid="1eJFxw-0001cS-9h" size="1054608" reason="ext" extra="exe"

    If the number of such cases is small, a standardized manual email could be sent to the sender précising the date, time, subject and extension.  Easy also to delete the message in the Mail Manager.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to cgi

    Reflecting on this, I came up with a workaround...

    One could find the quarantined items with:

    grep 'reason="ext"' /var/log/smtp.log

    Or, if you wanted to look at the ones from yesterday:

    zgrep 'reason="ext"' /var/log/smtp/2020/06/*24*

    An example (personal information obfuscated) I got with that was:

    2020:06:24-02:20:00 secure smtpd[6228]: SCANNER[6228]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="140.xxx.yyy.103" from="badguy@criminal.com" to="me@domain.com" subject="QUOTATION" queueid="1eJFxw-0001cS-9h" size="1054608" reason="ext" extra="exe"

    If the number of such cases is small, a standardized manual email could be sent to the sender précising the date, time, subject and extension.  Easy also to delete the message in the Mail Manager.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    I neither see a solution, nor even a workaround for that.

    How does a manual "grep" replace/workaround a rejection of (specific) attachments? It's out of my logic. We don'T want to delete that, we want to REJECT.

    Reject means that the sender gets informed, that he's (probably) sending risky crap and hopefully learns and retries with a filetype, that is acceptable (PDF, .docx...).

     - Christof

  • 0 in reply to cgi

    Christof,

    The workaround I suggested allows you to inform the sender that their email was not received as it was deleted because of an unsafe attachment.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML