1

Topic: Filter .msg Attachments for included Attachments

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Debian 9.8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro?yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


Hello,

i am very new to Administrating Mailservers.


we are currently blocking file types like ".rtf" ".xls" and many more.

But there is a Problem when People are sending an E-Mail as Attachment (.msg) in the sended E-Mail.

So if the .msg-File contains other Attachments like ".rtf" etc. they get trough all Filters.
Is it possible to filter the .msg-Attachments for banned file types (like how we do it for .zip archive), so we do not have to block the .msg-Attachments completely?



I hope I have expressed it understandably.

Thanks and best regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Filter .msg Attachments for included Attachments

In this case, you have to turn on debug mode in Amavisd, it will print the detailed file types, you can compare if these 2 emails have any difference, then block based on the difference.

3

Re: Filter .msg Attachments for included Attachments

Thanks for the fast answer.

On debugging i get these relevant logs:

Apr  4 10:30:01 mail amavis[13502]: (13502-01) check_for_banned (p003,p001) multipart/mixed | text/html,.asc
Apr  4 10:30:01 mail amavis[13502]: (13502-01) doing banned check for nameofemailsender on multipart/mixed | text/html,.asc
Apr  4 10:30:01 mail amavis[13502]: (13502-01) lookup_re(["multipart/mixed","text/html",".asc"]), no matches
Apr  4 10:30:01 mail amavis[13502]: (13502-01) lookup [check_bann:nameofemailsender] => undef, ["multipart/mixed","text/html",".asc"] does not match
Apr  4 10:30:01 mail amavis[13502]: (13502-01) lookup [banned_namepath_re] => undef, "P=p003\tL=1\tM=multipart/mixed\nP=p001\tL=1/1\tM=text/html\tT=asc" does not match
Apr  4 10:30:01 mail amavis[13502]: (13502-01) p.path nameofemailsender: "P=p003,L=1,M=multipart/mixed | P=p001,L=1/1,M=text/html,T=asc"
Apr  4 10:30:01 mail amavis[13502]: (13502-01) check_for_banned (p003,p002) multipart/mixed | message/rfc822,.asc,message-rfc822-attachment
Apr  4 10:30:01 mail amavis[13502]: (13502-01) doing banned check for nameofemailsender on multipart/mixed | message/rfc822,.asc,message-rfc822-attachment
Apr  4 10:30:01 mail amavis[13502]: (13502-01) lookup_re(["multipart/mixed","message/rfc822",".asc","message-rfc822-attachment"]), no matches
Apr  4 10:30:01 mail amavis[13502]: (13502-01) lookup [check_bann:nameofemailsender] => undef, ["multipart/mixed","message/rfc822",".asc","message-rfc822-attachment"] does not match
Apr  4 10:30:01 mail amavis[13502]: (13502-01) lookup [banned_namepath_re] => undef, "P=p003\tL=1\tM=multipart/mixed\nP=p002\tL=1/2\tM=message/rfc822\tT=asc\tN=message-rfc822-attachment" does not match
Apr  4 10:30:01 mail amavis[13502]: (13502-01) p.path nameofemailsender: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=message/rfc822,T=asc,N=message-rfc822-attachment"
Apr  4 10:30:01 mail amavis[13502]: (13502-01) banned check: any=0, all=N (1)
Apr  4 10:30:01 mail amavis[13502]: (13502-01) lookup_re("MAIL"), no matches
Apr  4 10:30:01 mail amavis[13502]: (13502-01) lookup [keep_decoded_original] => undef, "MAIL" does not match



so amavis checks the rfc822 attachment if it is a banned file type. But it does not open the attachment itself to check if there are any other Attachments inside (like .xls etc.)

Is it even possible to do this?


Best regards

4

Re: Filter .msg Attachments for included Attachments

Amavisd unpacks/uncompresses archive files and checks, but i'm not sure whether it parses attached .eml file, although based on your log, it seems pretty clear that it doesn't sad

I suggest posting to Amavisd mailing list to get some help from developers:
https://www.ijs.si/software/amavisd/#support

5

Re: Filter .msg Attachments for included Attachments

Try this:

Append below line to /etc/amavis/conf.d/50-user (but still need to above the last one line "1;"):

$bypass_decode_parts = 0;

Then restart amavisd service and send the testing email to try again.