Giovani, > Is there any way to block outgoing but allow incoming extensions with > amavis? I tried to create policies but found out that sending e-mails > with extensions to both and internal and external address triggers the > policy that allows the extensions to go through, not blocking the > outgoing e-mail. A postfix limitation actually. Anyone has done it > before? I could really use some help here.
A policy bank applies to a message as a whole, so if you need per-recipient handling (e.g. nonlocal vs. local recipient domain, i.e. outbound vs. inbound + internal-to-internal) you need to use a per-recipient setting like @banned_filename_maps > Thanks, that did the trick. I just needed to allow one specific user to > send attachments, so I inserted his IP address at @mynetworks like this: > !192.168.0.87 to bypass the MYNETS policy, You could create a dedicated policy bank for this client, and let Postfix choose a dedicated TCP port base of this. Now with 2.6.3 this can be achieved without Postfix assistance by using a @client_ipaddr_policy, which maps client's IP address to a policy bank name, e.g.: @client_ipaddr_policy = ( [qw( 192.168.0.87 )] => 'SPECIAL-CLIENT', \...@mynetworks => 'MYNETS', ); Now, set your global $banned_filename_re to whatever you need as a default (for all other clients), then for this particular client set up a special set of banning rules, which will apply only when the special policy bank is loaded: %banned_rules = ( 'BLOCK-ATTACHMENTS' => new_RE( qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension qr'^\.(exe-ms)$', # banned file(1) types qr'.\.(asf|asx|mpg|mpe|mpeg|avi|mp3|wav|wma|wmf|wmv|mov|vob)$'i, ), qr'^application/'i, # block this MIME type ), 'DEFAULT' => $banned_filename_re, ); $policy_bank{'SPECIAL-CLIENT'} = { # leave internal-to-internal banning rules at default # but block most attachments on outbound mail banned_filename_maps => [ {'.local.domain1' => 'DEFAULT', '.local.domain2' => 'DEFAULT', '.local.domain3' => 'DEFAULT', '.' => 'BLOCK-ATTACHMENTS', } ], }; Mark ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/