The sieve filter blocks all attachments

81packet

I use the built-in filter to block unwanted files:

require ["reject","body","regex","notify"];
if anyof (body :raw :regex ["filename=.*\.doc","filename=.*\.exe","filename=.*\.moo"]) {
 redirect "blocked@domain.com";

And all attachments go to the blocked@domain.com mailbox. Even those that are not in the list pdf,rar,zip,xml…
Could I have broken the configuration file if I only changed message_size_limit in data/conf/postfix/extra.cf and main.cf to 30MB. Please help me understand where to fix the problem?

81packet

mailcow/mailcow-dockerized5076 Turns out I’m not the only one with this problem. Has anyone else encountered this kind of problem? But with this filter it blocks EVERY mail with EVERY file extensions. What is wrong with this filter? Please help 🙁

esackbauer

Why don’t you try rspamd as I have written in the other thread?

Add this to /opt/mailcow-dockerized/data/conf/rspamd/local.d/multimap.conf

FILENAME_BLACKLISTED {
type = „filename“;
filter = „extension“;
map = „/${LOCAL_CONFDIR}/local.d/badfiles.map“;
symbol = „FILENAME_BLACKLISTED“;
}

And in the badfiles.map goes one extension to be blocked per line, e.g.

zip rar doc docx ...

I got this from here, after 2 minutes of googling 😉

81packet

esackbauer Hi. I was asked to make sure that all emails with attachments are redirected to a specific mailbox. So that they themselves looked at the subject of unwanted investments. The task is not trivial. This is the solution that you propose, it will throw off letters to quarantine, after which the user can restore the letter himself.
For this, I saw a simple solution through sieve. And even solved the problem with notify. Thank you!

I think this is some kind of bug. Since the filter should block certain attachments. It blocks all attachments.

81packet

esackbauer Fine. How then is the letter with the attachment not discarded, but sent to quarantine? Through rspamd, all letters are simply discarded.

FuXXz

esackbauer
I hope it’s okay if I bring up the topic again. I don’t know anything about rspamd or sieve. But I would like to be able to maintain a list of unwanted file extensions.
I have now found many different approaches to this.
Hence my questions:

I can simply edit /opt/mailcow-dockerized/data/conf/rspamd/local.d/mime_types.conf and enter my extensions there under “bad_extensions” or is that wrong?
However, the emails with corresponding attachments first end up on the greylist and are only rejected later
Your suggested configuration with the customized multimap.conf doesn’t work at all. All emails end up in the inbox with “no action”.
Finally, what do I have to do if I want to block file extensions?

esackbauer

https://rspamd.com/doc/modules/metadata_exporter.html#metadata-exporter
They are not discarded if you configure a rule. If you use send_mail you can redirect the full mail with
formatter = "default";
I guess you would need a custom selector which is indicating the unwanted file extensions.

Nobody said it would be easy 😉

And besides I have some concerns. Those redirected mails are not read by the intended receiver. At least from GDPR perspective in EU this is problematic.

81packet

esackbauer It is necessary to solve the problem with the sieve option. Indeed, the rspamd solution is not suitable for my task. It remains to decide why sieve blocks all attachments. I will look for options. Or I can solve the issue if I write a filter. (If you received a letter to the mailbox blocked@domain.com in the body of which there is name@domain.com, then send a notify message to it). And leave attachment blocking via rspamd. Thank you

81packet

esackbauer Hi. How to write correctly:

require ["reject","body","regex","notify"];
if anyof (body :raw :regex ["filename=.*\.pdf","filename=.*\.doc","filename=.*\.xls","filename=.*\.gif","filename=.*\.docx","filename=.*\.xlsx"]) {
keep;  # The filter skips the necessary extensions
if anyof (body :raw :regex ["filename=.*\.gz","filename=.*\.exe","filename=.*\.js","filename=.*\.zip","filename=.*\.rar","filename=.*\.7z"]) {
 redirect "blocked@domain.com";  # The filter sends to the desired mail
    notify :low :message " You have 1 mail !" :method "mailto" :options ["user@domain.com"];
}
}

I think to cheat and do so. one or two filters. This code will save the original to the mailbox and send notify. How to separate them? Thank you for helping. I definitely can’t do it myself

81packet

esackbauer I raised another mail server with sieve support for the test, and the rule we needed normally worked there, but with mime and enotify.
Example:


require ["enotify","fileinto","mime"];
if header :contains "from" "@domain.com"
{
	fileinto "INBOX";
	stop;
}

if header :mime :anychild :param "filename" :matches "Content-Disposition" ["*.pdf","*.doc"]
{
	fileinto "INBOX";
	stop;
}

if header :mime :anychild :param "filename" :matches "content-disposition" ["*.rar","*.zip"]
{
	redirect "blocked@domain.com";
	notify :importance "3" :message "New message in blablabla..." "mailto:name@domain.com";
	stop;
}

We need to fix the problem with “mime” and “enotify” and everyone will be happy.

81packet

81packet Friends! After long and exhausting attempts, I found a solution to the problem:

require ["fileinto","reject","body","regex","notify"];
if anyof (body :raw :regex "filename=.*\.rar",
          body :raw :regex "filename=.*\.zip",
	  body :raw :regex "filename=.*\.7z",
	  body :raw :regex "filename=.*\.exe",
          body :raw :regex "filename=.*\.moo")
{
 if not anyof (body :raw :regex "filename=.*\.(jpg|jpeg|pdf|doc)")
    {
 redirect "blocked@domain.com";

Thanks to everyone who showed interest and helped in the decision! The question can be closed.

esackbauer

FuXXz
I cannot really help here as I do not use rspamd and sieve for such purposes, I have a Sophos Firewall in front of mailcow, which does all the spam filtering and blocking.