1

Topic: Block attachments to all domain except allowed domains

==== Required information ====
- iRedMail version: iRedMail Pro - v1.9.0 (LDAP)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: CentOS 6.3 Final
- Related log if you're reporting an issue:
====

Hi,

I would like to block all attachments (Outgoing only) on mail server and allow only sending to some domains which I allow specifically.

We have approx 15 domains and out of 15 three domains are in iRedMail server, rests are on Google. Many users are sending sensitive attachments to their personal E-mail IDs which we want to restrict and only allow sending attachments to all our 15 domains. However users will not be restricted with attachment when they receive from anywhere on internet.

I think we can do this via amavis but I do not how to do it, your kind help is highly appreciated.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Block attachments to all domain except allowed domains

Did you try this?
http://www.iredmail.org/forum/post17303.html#p17303

NOTE: Please try it on a testing machine first.

3

Re: Block attachments to all domain except allowed domains

Yes, i tried applying below things:

- Add below content in /etc/amavisd/amavisd.conf and restart Amavisd service:

%banned_rules = (
  'BLOCK_ALL' =>  new_RE(
    [ qr'^text/plain$'i => 0 ],
    [ qr'^\.[a-zA-Z0-9]*$'   => 1 ] ),
  'DEFAULT' => $banned_filename_re,
);

- Login to phpLDAPadmin, add below LDAP attribute and value for your user:

amavisBannedRuleNames=BLOCK_ALL

But it is not blocking attachments on applied user. Is there anything else need to look at it?

However I need this blocking on entire domain not on single user as I think blocking will have to add LDAP attribute on each users.

4

Re: Block attachments to all domain except allowed domains

Please turn on debug mode in Amavisd and check its log file, try to figure out why it doesn't work.
We cannot help without related log.

5

Re: Block attachments to all domain except allowed domains

hi Zhang,

Here is the mail log copy when i send email from test account but it is not showing anything:

[root@mail1 log]# tail -F /var/log/maillog
Aug 15 09:27:53 mail1 postfix/smtpd[25660]: connect from mymailserver.com[127.0.0.1]
Aug 15 09:27:53 mail1 postfix/smtpd[25660]: C18881C0BC6: client=mymailserver.com[127.0.0.1]
Aug 15 09:27:53 mail1 postfix/cleanup[25656]: C18881C0BC6: message-id=<00a901ce9991$5d7a3200$186e9600$@co.uk>
Aug 15 09:27:53 mail1 postfix/smtpd[25660]: disconnect from mymailserver.com[127.0.0.1]
Aug 15 09:27:53 mail1 postfix/qmgr[25649]: C18881C0BC6: from=<sys-admin@mymailserver.com>, size=109568, nrcpt=1 (queue active)
Aug 15 09:27:53 mail1 amavis[25340]: (25340-08) Passed CLEAN, MYUSERS LOCAL [172.16.1.96] [172.16.1.96] <sys-admin@mymailserver.com> -> <ketan@mygoogledomain.com>, Message-ID: <00a901ce9991$5d7a3200$186e9600$@co.uk>, mail_id: DNw2uAaFQyRE, Hits: -9.998, size: 108609, queued_as: C18881C0BC6, 3021 ms
Aug 15 09:27:53 mail1 postfix/smtp[25657]: B58BA1C0BC5: to=<ketan@mygoogledomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.2, delays=0.14/0.01/0/3.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C18881C0BC6)
Aug 15 09:27:53 mail1 postfix/qmgr[25649]: B58BA1C0BC5: removed
Aug 15 09:27:56 mail1 postfix/smtp[25661]: C18881C0BC6: to=<ketan@mygoogledomain.com>, relay=aspmx.l.google.com[74.125.25.26]:25, delay=2.6, delays=0.1/0.01/0.72/1.8, dsn=2.0.0, status=sent (250 2.0.0 OK 1376555276 bv1si31030800pbb.114 - gsmtp)
Aug 15 09:27:56 mail1 postfix/qmgr[25649]: C18881C0BC6: removed

6

Re: Block attachments to all domain except allowed domains

now for incoming emails on that particular E-mail user its showing logs as stated below:

Aug 15 16:57:21 mail1 amavis[2261]: (02261-07) Passed BANNED (application/pdf,.pdf,janssen cilag dispatch note.pdf), MYUSERS LOCAL [212.250.141.180] [212.250.141.180] <umesh@googledomain.com> -> <sys-admin@myiredmailserverdomain.com>, quarantine: banned-ixM5xTugn7CW, Message-ID: <004801ce99d0$1c3425f0$549c71d0$@co.uk>, mail_id: ixM5xTugn7CW, Hits: -8.374, size: 443533, queued_as: 139191C0BC8, 273 ms
Aug 15 16:57:21 mail1 postfix/smtp[2300]: 292751C0BC6: to=<sys-admin@myiredmailserverdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.2, delays=4.3/1.6/0/0.31, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 139191C0BC8)
Aug 15 16:57:21 mail1 postfix/pipe[2308]: 139191C0BC8: to=<sys-admin@myiredmailserverdomain.com>, relay=dovecot, delay=0.59, delays=0.08/0/0/0.51, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 17:40:24 mail1 amavis[3250]: (03250-06) Passed BANNED (text/html,.asc), MYUSERS LOCAL [212.250.141.180] [212.250.141.180] <helpdesk@myiredmailserverdomain.com> -> <sys-admin@myiredmailserverdomain.com>, quarantine: banned-i4fjDpfZWa5l, Message-ID: <7245939.60551376584819749.JavaMail.SYSTEM@10.0.0.7>, mail_id: i4fjDpfZWa5l, Hits: -8.259, size: 2167, queued_as: 3F00B1C0BC8, 2398 ms
Aug 15 17:40:24 mail1 postfix/smtp[3278]: 78FD41C0BC5: to=<sys-admin@myiredmailserverdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.1, delays=0.6/0/0/2.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3F00B1C0BC8)
Aug 15 17:40:25 mail1 postfix/pipe[3284]: 3F00B1C0BC8: to=<sys-admin@myiredmailserverdomain.com>, relay=dovecot, delay=1.3, delays=0.06/0.03/0/1.2, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 17:45:18 mail1 amavis[3356]: (03356-05) Passed BANNED (text/html,.asc), MYUSERS LOCAL [212.250.141.180] [212.250.141.180] <alert@myiredmailserverdomain.com> -> <sys-admin@myiredmailserverdomain.com>, quarantine: banned-JatTkKhbIsu6, Message-ID: <D7C5DC97F2A047D8A5DA092E147F1EB8@bns.com>, mail_id: JatTkKhbIsu6, Hits: -9.207, size: 16850, queued_as: E45491C0BCE, 185 ms
Aug 15 17:45:19 mail1 postfix/smtp[3371]: B8F391C0BC5: to=<sys-admin@myiredmailserverdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=14, delays=12/2.1/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E45491C0BCE)
Aug 15 17:45:19 mail1 postfix/pipe[3328]: E45491C0BCE: to=<sys-admin@myiredmailserverdomain.com>, relay=dovecot, delay=0.71, delays=0.03/0/0/0.67, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 17:52:36 mail1 amavis[3325]: (03325-20) Passed BANNED (text/html,.asc), MYUSERS LOCAL [212.250.141.180] [212.250.141.180] <helpdesk@myiredmailserverdomain.com> -> <sys-admin@myiredmailserverdomain.com>, quarantine: banned-Kt7xD24KEwFx, Message-ID: <5851839.60641376585554099.JavaMail.SYSTEM@10.0.0.7>, mail_id: Kt7xD24KEwFx, Hits: -8.259, size: 2732, queued_as: 87C1B1C0BC8, 884 ms
Aug 15 17:52:36 mail1 postfix/smtp[3463]: 3213A1C0BC5: to=<sys-admin@myiredmailserverdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=0.71/0.01/0/0.93, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 87C1B1C0BC8)
Aug 15 17:52:37 mail1 postfix/pipe[3470]: 87C1B1C0BC8: to=<sys-admin@myiredmailserverdomain.com>, relay=dovecot, delay=1.3, delays=0.06/0.04/0/1.2, dsn=2.0.0, status=sent (delivered via dovecot service)


I think its banning incoming mails Am I Right? I thought it would impact on outgoing email only.

7

Re: Block attachments to all domain except allowed domains

ketan.aagja wrote:

I think its banning incoming mails Am I Right? I thought it would impact on outgoing email only.

If you want to apply on outgoing email only, try to move related settings inside $policy_bank{'MYUSERS'} in Amavisd config file.

I didn't test this before, but i guess it should work with below steps (based on your current settings):

1. Remove amavisBannedRuleNames for this user in LDAP.

2. Add below setting inside $policy_bank{'MYUSERS'} block:

@banned_filename_maps = ({
  'user@domain.ltd' => 'BLOCK_ALL',
  '.' => 'DEFAULT',
});

3. restart Amavisd service.