Re: [AMaViS-user] banned files exceptions?
This is a discussion on Re: [AMaViS-user] banned files exceptions? within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; David, > I=E2=80=99m having trouble getting my head around some of the setting in = amavisd > and ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-10-2005
|
|||
|
|||
Re: [AMaViS-user] banned files exceptions?
David,
> I=E2=80=99m having trouble getting my head around some of the setting in = amavisd > and was hoping someone could assist me. I want to block all .exe and > .dll files (in and out) except for our helpdesk which must be able to > send .exe to clients. > > The blocking of .exe and .dll is ok but I=E2=80=99m confused about the ex= ception > for helpdesk. =2E.. > I=E2=80=99ve tried @banned_files_lovers_maps =3D ( [qw( helpdesk@example.= com )] ); > but this did not to work. The *_lovers, like most other lookups (except white/black-lists), work on recipient address, so this is not your solution. Important decisions based on sender address are intentionally not implemented, because sender address can easily be faked and often is faked by malware, (unlike recipient address, which by definition is genuine). The only reliable way to make such exception is based on sending client, either its IP address or its SASL authentication. To put this into practice, you need a cooperation between Postfix and amavisd-new. On the amavisd-nedw side, the mechanism is called policy banks, and allows to load a new set of settings based on the TCP port on which the request came in from MTA, or based on whether the client's IP address is in @mynetworks (with a help of Postfix XFORWARD extension to SMTP protocol). So, you either can decide to allow exe files to be sent from all internal hosts (using $policy_bank{'MYNETS'}), or you can set up a dedicated amavisd-new port and a dedicated Postfix submission port or a dedicated alias IP address, set up some policy bank to be loaded when a request comes in on such a port. Then set helpdesk MUAs to send to such dedicated MTA IP address or port. See http://www.ijs.si/software/amavisd/a...html#pbanks-ex Mark ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
