Postfix forwarder + mailscanner NOT blocking attachments but want it to!



  • 2.2.2-RELEASE (amd64)
    built on Mon Apr 13 20:10:22 CDT 2015
    FreeBSD 10.1-RELEASE-p9

    First of all, postfix forwarder + mailscanner - great plugins.  Thanks.

    I'm having a problem though - I want to BLOCK zip attachments among other attachments like .bat, .vbs, .exe, etc.  I first tried to configure postfix forwarder with mime_header_checks and that blew up, it didn't work - it was a regex which does NOT need to be post mapped unlike one commenter said.  I looked it up on the postfix man pages and from what I gather you don't need to postmap command regex files to make a db so postfix can look things up.  This is what I tried:

    https://forums.freebsd.org/threads/postfix-header-check-to-block-executable-files.11393/

    I couldn't get it working.

    So, I then read about mailscanner and saw PFSense had a plugin for that.  Well, same same - out of the box it does NOT block zip attachments and for the life of me I can't figure out how the heck to get it to block them.

    So now I've got both postfix forwarder + mailscanner enabled neither of which is doing what I want.

    Lastly, mailscanner is just letting viruses on in the door.  I assumed it would block then and scan them with clamav however; it did not and AVG which is on the Exchange server caught it.  That's AFTER it went through PFSense + postfix forwader + mailscanner.

    I feel like for the most part, besides blocking spam with RBL's in postfix forwarder that those two modules are almost pointless.

    Is there anyone in the world who has configured postfix forwarder or mailscanner to block attachments on a PFSense?

    HELP!

    Thanks.



  • In Postfix you need to disallow zip etc, go to:

    Services > Postfix relay and antispam > Access Lists > MIME

    PCRE filters that are applied to MIME related message headers only. Hint:
    /^name=[^>]*\.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.
    /^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/ REJECT ".$2" file attachment types not allowed
    
    

    or in Mailscanner go to:

    Services > MailScanner > Attachments > filename.rules.conf

    and change allow to deny for .zip$ and so on.

    and maybe you need to run freshclam first, so clamd can find new viruses.

    in pfSense 2.1.x I had to run:

    pkg_add -r unrar

    so Mailscanner would extract rar's and clam scan it, maybe in 2.2.x unzip or so is missing?

    Good luck.



  • Thanks Bismarck,

    You know, I tested this after bumping in the header and mime sections from that freebsd post, tested by sending a zip file AND mailscanner actually blocked the zip attachment which it wasn't doing before.

    I ran your freshclam command prior to my test also so I wonder if mailscanner was all setup; because I did try mailscanner as a solution also, and all I needed to do was run freshclam OR perhaps freshclam is on a cron automatically and updated.

    Perhaps this was running the whole time on the mailscanner config and I didn't know it!

    I'm going to test some more but it looks like mailscanner is the way to go, it now seems to be working and I"ll have to see if freshclam is running every 8 hours or so.

    Thanks!



  • Is it safe to install postfix forwarder + mailscanner on pfsense 2.2.3 ?

    I have read some place that there are some problems…



  • Nobody knows I bet - if possible, maybe put PFSense on a VM and try it out.  I revisited the forum tonight because of some 2.2.3 issues.  I'm almost changing my philosophy when it comes to complicated PFSense installs that if it's working DON'T UPGRADE!