Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page [SOLVED] Modify Content Filter

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-22-2009, 02:19 PM
Intermediate Member
  
Posts: 24
Default [SOLVED] Modify Content Filter
We are getting alot of banned mail because of the embedded .wmf's that are in office 2007 docx's, un-be-knownst to the users who are sending the docs...

and our users are starting to complain...

How can I remove or at least alter this rule?

Thanx...

NE 601
Reply With Quote
  #2 (permalink)  
Old 10-22-2009, 03:26 PM
Moderator
  
Posts: 1,147
Default
Which "rule" are you talking about that is causing these banned messages? A spamassasin rule?

How are these messages "banned"?
Reply With Quote
  #3 (permalink)  
Old 10-23-2009, 03:50 AM
Intermediate Member
  
Posts: 24
Default
Sorry.. should have put more detail in the message....

Which rule.. that is part of my problem.. I don't know which package is actaully doing the rejection...

Here is what I get as an admin (w/ header)
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Return-Path: admin@xxx.net
Received: from zimbra.xxx.net (LHLO
zimbra.xxx.net) (X.X.X.X) by zimbra.xxx.net
with LMTP; Thu, 22 Oct 2009 11:02:43 -0400 (EDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
by zimbra.xxx.net (Postfix) with ESMTP id 34297290034
for <steveg@yyy.com>; Thu, 22 Oct 2009 11:02:43 -0400 (EDT)
MIME-Version: 1.0
From: "Content-filter at zimbra.xxx.net"
<admin@xxx.net>
Date: Thu, 22 Oct 2009 11:02:42 -0400 (EDT)
Subject: BANNED contents (.wmf,word/media/image1.wmf) in mail TO YOU from
<zzz@citrix.com>
To: "'steveg@yyy.com'" <steveg@yyy.com>
Message-ID: <VRKE0K4GM+nPw5@zimbra.xxx.net>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

BANNED CONTENTS ALERT

Our content checker found
banned name: .wmf,word/media/image1.wmf

in an email to you from:
zzz@citrix.com

Content type: Banned
Our internal reference code for your message is 28786-09/KE0K4GM+nPw5

First upstream SMTP client IP address: [66.165.176.63] smtp02.citrix.com
According to a 'Received:' trace, the message apparently originated at:
[66.165.176.63], FTLPMAILBOX01.citrite.net [10.13.98.208]

Return-Path: <zzz@citrix.com>
From: Daria Robinson <zzz@citrix.com>
Message-ID:
<F40D1F28D0945448B4FFE861BFD8FD6E777E662E5E@FTLPMA ILBOX01.citrite.net>
Subject: FW: Citrix Technical Support Renewal
Networks
The message has been quarantined as: banned-KE0K4GM+nPw5

Please contact your system administrator for details.
~~~~~~~~~~~~~~~~~

Thanx....
Reply With Quote
  #4 (permalink)  
Old 10-23-2009, 04:15 AM
Moderator
  
Posts: 7,928
Default
Check in Admin GUI -> Global Settings -> Currently Blocked Extensions to see if wmf has been listed by somebody.
__________________
Reply With Quote
  #5 (permalink)  
Old 10-30-2009, 05:03 AM
Intermediate Member
  
Posts: 24
Default
thanx... should have been able to find that myself.. sigh... :-)
Reply With Quote
  #6 (permalink)  
Old 05-03-2011, 05:19 AM
Junior Member
  
Posts: 7
Default
Hello,
is this solution (allowing wmf from extensions) ok "security wise" ?
I mean could it be a security risk by allowing it globally ?
Is there any other way to allow it per user (zimbra account) or per domain ?

Thank you,
Panagiotis
Reply With Quote
  #7 (permalink)  
Old 09-23-2011, 02:02 AM
Member
  
Posts: 14
Default Allow wmf only if inside docx or pptx: how to
wmf are blocked by the following rule in amavis.conf

Code:
$banned_filename_re = new_RE(
  # banned extension - basic
  qr'.\.(asd|bat|chm|cmd|com|dll|do|exe|hlp|hta|js|jse|lnk|mov|ocx|pif|reg|rm|scr|shb|shm|shs|vbe|vbs|vbx|vxd|wav|wmf|wsf|wsh|xl)$'i,
);
the modified rule should be

Code:
$banned_filename_re = new_RE(
  # banned extension - basic
  qr'.\.(asd|bat|chm|cmd|com|dll|do|exe|hlp|hta|js|jse|lnk|mov|ocx|pif|reg|rm|scr|shb|shm|shs|vbe|vbs|vbx|vxd|wav|wsf|wsh|xl)$'i,
 [ qr'.\.(docx|pptx)$'=> 0 ],  # allow docx and pptx
 qr'.\.wmf$'i,  # ban wmf
);
So wmf are checked after allowing docx or pptx.

You can do that in 3 steps:

1) from admin panel remove wmf from attachment ban

2) edit /opt/zimbra/conf/amavis.conf.in and change the following lines

Code:
$banned_filename_re = new_RE(
  # banned extension - basic
  %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list  VAR:zimbraMtaBlockedExtension |%%)$'i,
);
to

Code:
$banned_filename_re = new_RE(
  # banned extension - basic
  %%uncomment VAR:zimbraMtaBlockedExtension%%qr'.\.(%%list VAR:zimbraMtaBlockedExtension |%%)$'i, 
xtension |%%)$'i, 
 [ qr'.\.(docx|pptx)$'=> 0 ],  # allow docx and pptx
 qr'.\.wmf$'i,  # ban wmf
);
3) as zimbra execute zmamavisdctl reload to reload amavis

Done.

Now if a docx or a pptx has inside a wmf it is allowed.

Remember to check after upgrade if the rule has been overwritten.

A special thanks to Samuele Tognini ( not a forum member ) for support and suggestions.

Mario
Last edited by mario; 09-28-2011 at 03:44 AM..
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.