@bmeeks said in How to block attached files, or infected with virus/malware:
Virus and malware detection now really needs to be done on the endpoint client because that's where the final decryption occurs.
That is, today, mail servers still store the mail in clear text.
So, when received, all mail, incoming and outgoing can be - and should be - filtered. One of the first filters should be a known spam / known antivirus filter. The last filter is typically something called "DKIM" that adds a signature to the mail, so the receiving part can check the origin and validity of a mail. Example : when you send a mail to a gmail account today, using IPv6, gmail will not accept the mail if SPF + DKIM => DMARC doesn't pass the check.
When the mail account user interacts with his mail box, using a mail client, the mail is passed through an SSL layer again.
A mail server belongs on a dedicated device (server) equipped with a 'simple' firewall, fed by a tools like fail2ban so slammers and 'rule breaking mails servers' (read : quick and dirty mail spammer servers) are recognized and blocked.
My advise : never ever run a mail server on pfSense. And also : no need to put pfSense in front of a mail server.