Results 1 to 2 of 2

Thread: how to block inbound EXE attachments, but allow them outbound?

  1. #1
    darx is offline New Member
    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    2

    Default Whitelisting: how to block inbound EXE attachments, but allow them outbound?

    Hi.

    I've got zimbra 8.0.4 set up to block .EXE attachments on inbound.

    Apparently, it also blocks them on OUTBOUND. Forwarding a blocked email+attachment to a legit phish-reporting address, for example, gets blocked:

    Code:
    Jun 18 07:26:47 zimbra amavis[30613]: (30613-08) ESMTP::10026 /opt/zimbra/data/amavisd/tmp/amavis-20130617T215959-30613-_TdL9pyA: <me@mydomain.com> -> <reportphish@wellsfargo.com> Received: from zimbra.mydomain.com ([127.0.0.1]) by localhost (zimbra.mydomain.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <reportphish@wellsfargo.com>; Tue, 18 Jun 2013 07:26:46 -0700 (PDT)
    Jun 18 07:26:47 zimbra amavis[30613]: (30613-08) Checking: H4drGtpCnrAP ORIGINATING/MYNETS [10.10.10.7] <me@mydomain.com> -> <reportphish@wellsfargo.com>
    Jun 18 07:26:47 zimbra amavis[30613]: (30613-08) p.path BANNED:1 reportphish@wellsfargo.com: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=message/rfc822,T=asc,N=IMPORTANT Documents - WellsFargo.eml | P=p004,L=1/2/1,T=zip,N=WellsFargo.client.zip | P=p005,L=1/2/1/1,T=exe,T=exe-ms,N=WellsFargo_Doc_06152013.exe", matching_key="(?^i:.\134.(b64|bat|bhx|com|exe|hqx|mim|pif|pss|scr|uu|vbe|vbs|vbx|xxe)$)"
    Jun 18 07:26:47 zimbra postfix/amavisd/smtpd[3897]: connect from localhost.localdomain[127.0.0.1]
    Jun 18 07:26:47 zimbra postfix/amavisd/smtpd[3897]: 67FCC100D1A: client=localhost.localdomain[127.0.0.1]
    ...
    Jun 18 07:26:47 zimbra amavis[30613]: (30613-08) SEND from <admin@zimbra.mydomain.com> -> <admin@zimbra.mydomain.com>,ENVID=AM.30613-08.20130618T155047Z@zimbra.mydomain.com 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 85EB7100D1C
    Jun 18 07:26:47 zimbra amavis[30613]: (30613-08) Blocked BANNED (.exe,.exe-ms,WellsFargo_Doc_06152013.exe) {DiscardedOutbound,Quarantined}, ORIGINATING/MYNETS LOCAL [10.10.10.7]:49825 [10.0.0.1] <me@mydomain.com> -> <reportphish@wellsfargo.com>, quarantine: admin@zimbra.mydomain.com, Queue-ID: D61C3100015, Message-ID: <51C081D6.1070803@mydomain.com>, mail_id: H4drGtpCnrAP, Hits: -, size: 148223, 624 ms
    Jun 18 07:26:47 zimbra postfix/smtp[3890]: D61C3100015: to=<reportphish@wellsfargo.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.78, delays=0.13/0.02/0.01/0.62, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=30613-08 - BANNED: .exe,.exe-ms,WellsFargo_Doc_06152013.exe)
    Somewhere in amavisd.conf, I presume, I can allow the outbound, still leaving the inbound blocked.

    I suspect it's the banned_* clauses ... I'm not clear on which/how.

    1st, can I allow outbound, leaving inbound EXEs blocked, from the Zimbra Admin UI, or at zm* cmd line?

    Or is this done only in amavisd.conf?

    darx
    Last edited by darx; 06-19-2013 at 10:41 AM.

  2. #2
    darx is offline New Member
    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    2

    Default

    This looks like it's the right approach:

    IP Address whitelisting - Zimbra :: Wiki

    Unfortunately, that info's ~ 3 yrs old, and no longer correct for ZCS 8.0.4. E.g., the referenced "postfix_recipient_restrictions.cf" no longer exists.

    Is whitelisting documentation that's newer/correct/relevant available? Haven't found it ... yet.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 06-13-2012, 09:19 AM
  2. Block outbound email
    By pyraxic in forum Administrators
    Replies: 2
    Last Post: 04-09-2012, 01:25 PM
  3. Not able to save block attachments
    By blrk_macet in forum Administrators
    Replies: 4
    Last Post: 10-20-2009, 08:51 AM
  4. block attachments
    By adeel.bashir in forum Administrators
    Replies: 0
    Last Post: 05-14-2009, 05:29 AM
  5. block .dll attachments
    By padraig in forum Administrators
    Replies: 0
    Last Post: 10-03-2008, 07:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •