I use the built-in filter to block unwanted files:

require ["reject","body","regex","notify"];
if anyof (body :raw :regex ["filename=.*\.doc","filename=.*\.exe","filename=.*\.moo"]) {
 redirect "blocked@domain.com";

And all attachments go to the blocked@domain.com mailbox. Even those that are not in the list pdf,rar,zip,xml…
Could I have broken the configuration file if I only changed message_size_limit in data/conf/postfix/extra.cf and main.cf to 30MB. Please help me understand where to fix the problem?

  • 81packet Friends! After long and exhausting attempts, I found a solution to the problem:

    require ["fileinto","reject","body","regex","notify"];
if anyof (body :raw :regex "filename=.*\.rar",
          body :raw :regex "filename=.*\.zip",
	  body :raw :regex "filename=.*\.7z",
	  body :raw :regex "filename=.*\.exe",
          body :raw :regex "filename=.*\.moo")
{
 if not anyof (body :raw :regex "filename=.*\.(jpg|jpeg|pdf|doc)")
    {
 redirect "blocked@domain.com";

    Thanks to everyone who showed interest and helped in the decision! The question can be closed.

    mailcow/mailcow-dockerized5076 Turns out I’m not the only one with this problem. Has anyone else encountered this kind of problem? But with this filter it blocks EVERY mail with EVERY file extensions. What is wrong with this filter? Please help 🙁

    Have something to say?

    Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

    Why don’t you try rspamd as I have written in the other thread?

    Add this to /opt/mailcow-dockerized/data/conf/rspamd/local.d/multimap.conf

    FILENAME_BLACKLISTED {
type = „filename“;
filter = „extension“;
map = „/${LOCAL_CONFDIR}/local.d/badfiles.map“;
symbol = „FILENAME_BLACKLISTED“;
}

    And in the badfiles.map goes one extension to be blocked per line, e.g.

    zip
    rar
    doc
    docx
    ...

    I got this from here

    blog.grufo.com
    Mit RSPAMD Spam und Anhänge aussortieren – Mit voller Hose ist gut stinken…
    blog.grufo.comblog.grufo.comOpnSense Firewall und Check-MK
    , after 2 minutes of googling 😉

      esackbauer Hi. I was asked to make sure that all emails with attachments are redirected to a specific mailbox. So that they themselves looked at the subject of unwanted investments. The task is not trivial. This is the solution that you propose, it will throw off letters to quarantine, after which the user can restore the letter himself.
      For this, I saw a simple solution through sieve. And even solved the problem with notify. Thank you!

      I think this is some kind of bug. Since the filter should block certain attachments. It blocks all attachments.

        esackbauer Fine. How then is the letter with the attachment not discarded, but sent to quarantine? Through rspamd, all letters are simply discarded.

          Rspamd - rapid spam filtering system. Icon Metadata exporter

          Rspamd - rapid spam filtering system. Icon Rspamd - rapid spam filtering system.
          Metadata exporter
          Rspamd is an advanced spam filtering system and email processing framework that allows evaluation of messages by a number of rules including regular expressions, statistical analysis and custom services such as URL black lists.

          They are not discarded if you configure a rule. If you use send_mail you can redirect the full mail with
          formatter = "default";
          I guess you would need a custom selector which is indicating the unwanted file extensions.

          Nobody said it would be easy 😉

          And besides I have some concerns. Those redirected mails are not read by the intended receiver. At least from GDPR perspective in EU this is problematic.

            esackbauer It is necessary to solve the problem with the sieve option. Indeed, the rspamd solution is not suitable for my task. It remains to decide why sieve blocks all attachments. I will look for options. Or I can solve the issue if I write a filter. (If you received a letter to the mailbox blocked@domain.com in the body of which there is name@domain.com, then send a notify message to it). And leave attachment blocking via rspamd. Thank you

              esackbauer Hi. How to write correctly:

              require ["reject","body","regex","notify"];
if anyof (body :raw :regex ["filename=.*\.pdf","filename=.*\.doc","filename=.*\.xls","filename=.*\.gif","filename=.*\.docx","filename=.*\.xlsx"]) {
keep;  # The filter skips the necessary extensions
if anyof (body :raw :regex ["filename=.*\.gz","filename=.*\.exe","filename=.*\.js","filename=.*\.zip","filename=.*\.rar","filename=.*\.7z"]) {
 redirect "blocked@domain.com";  # The filter sends to the desired mail
    notify :low :message " You have 1 mail !" :method "mailto" :options ["user@domain.com"];
}
}

              I think to cheat and do so. one or two filters. This code will save the original to the mailbox and send notify. How to separate them? Thank you for helping. I definitely can’t do it myself

                  81packet Friends! After long and exhausting attempts, I found a solution to the problem:

                  require ["fileinto","reject","body","regex","notify"];
if anyof (body :raw :regex "filename=.*\.rar",
          body :raw :regex "filename=.*\.zip",
	  body :raw :regex "filename=.*\.7z",
	  body :raw :regex "filename=.*\.exe",
          body :raw :regex "filename=.*\.moo")
{
 if not anyof (body :raw :regex "filename=.*\.(jpg|jpeg|pdf|doc)")
    {
 redirect "blocked@domain.com";

                  Thanks to everyone who showed interest and helped in the decision! The question can be closed.

                    a month later

                    esackbauer I raised another mail server with sieve support for the test, and the rule we needed normally worked there, but with mime and enotify.
                    Example:

                    
require ["enotify","fileinto","mime"];
if header :contains "from" "@domain.com"
{
	fileinto "INBOX";
	stop;
}

if header :mime :anychild :param "filename" :matches "Content-Disposition" ["*.pdf","*.doc"]
{
	fileinto "INBOX";
	stop;
}

if header :mime :anychild :param "filename" :matches "content-disposition" ["*.rar","*.zip"]
{
	redirect "blocked@domain.com";
	notify :importance "3" :message "New message in blablabla..." "mailto:name@domain.com";
	stop;
}

                    We need to fix the problem with “mime” and “enotify” and everyone will be happy.

                      6 months later

                      esackbauer
                      I hope it’s okay if I bring up the topic again. I don’t know anything about rspamd or sieve. But I would like to be able to maintain a list of unwanted file extensions.
                      I have now found many different approaches to this.
                      Hence my questions:

                      1. I can simply edit /opt/mailcow-dockerized/data/conf/rspamd/local.d/mime_types.conf and enter my extensions there under “bad_extensions” or is that wrong?
                      2. However, the emails with corresponding attachments first end up on the greylist and are only rejected later
                      3. Your suggested configuration with the customized multimap.conf doesn’t work at all. All emails end up in the inbox with “no action”.
                        Finally, what do I have to do if I want to block file extensions?

                          FuXXz
                          I cannot really help here as I do not use rspamd and sieve for such purposes, I have a Sophos Firewall in front of mailcow, which does all the spam filtering and blocking.

                            No one is typing