Eventhough it's 5 years old: Is there no option? We have a bunch of people still trying to send .xls/doc documents instead of the XML pendants, which are a security risk. Currently the UTMs just quarantine them - I'd like to reject them!
The sender doesn't know he's sending 13 years depricated stuff and expects it to be delivered.
Any solutions for that?
Reflecting on this, I came up with a workaround...
One could find the quarantined items with:
grep 'reason="ext"' /var/log/smtp.log
Or, if you wanted to look at the ones from yesterday:
zgrep 'reason="ext"' /var/log/smtp/2020/06/*24*
An example (personal information obfuscated) I got with that was:
2020:06:24-02:20:00 secure smtpd[6228]: SCANNER[6228]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="140.xxx.yyy.103" from="badguy@criminal.com" to="me@domain.com" subject="QUOTATION" queueid="1eJFxw-0001cS-9h" size="1054608" reason="ext" extra="exe"
If the number of such cases is small, a standardized manual email could be sent to the sender précising the date, time, subject and extension. Easy also to delete the message in the Mail Manager.
Cheers - Bob
I neither see a solution, nor even a workaround for that.
How does a manual "grep" replace/workaround a rejection of (specific) attachments? It's out of my logic. We don'T want to delete that, we want to REJECT.
Reject means that the sender gets informed, that he's (probably) sending risky crap and hopefully learns and retries with a filetype, that is acceptable (PDF, .docx...).
- Christof
Christof,
The workaround I suggested allows you to inform the sender that their email was not received as it was deleted because of an unsafe attachment.
Cheers - Bob
Christof,
The workaround I suggested allows you to inform the sender that their email was not received as it was deleted because of an unsafe attachment.
Cheers - Bob