Giovani,
> Is there any way to block outgoing but allow incoming extensions with
> amavis? I tried to create policies but found out that sending e-mails
> with extensions to both and internal and external address triggers the
> policy that allows the extensions to go through, not blocking the
> outgoing e-mail. A postfix limitation actually. Anyone has done it
> before? I could really use some help here.
A policy bank applies to a message as a whole, so if you need per-recipient
handling (e.g. nonlocal vs. local recipient domain, i.e. outbound vs.
inbound + internal-to-internal) you need to use a per-recipient setting
like @banned_filename_maps
> Thanks, that did the trick. I just needed to allow one specific user to
> send attachments, so I inserted his IP address at @mynetworks like this:
> !192.168.0.87 to bypass the MYNETS policy,
You could create a dedicated policy bank for this client,
and let Postfix choose a dedicated TCP port base of this.
Now with 2.6.3 this can be achieved without Postfix assistance
by using a @client_ipaddr_policy, which maps client's IP address
to a policy bank name, e.g.:
@client_ipaddr_policy = (
[qw( 192.168.0.87 )] => 'SPECIAL-CLIENT',
\...@mynetworks => 'MYNETS',
);
Now, set your global $banned_filename_re to whatever you need as
a default (for all other clients), then for this particular client
set up a special set of banning rules, which will apply only when
the special policy bank is loaded:
%banned_rules = (
'BLOCK-ATTACHMENTS' => new_RE(
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension
qr'^\.(exe-ms)$', # banned file(1) types
qr'.\.(asf|asx|mpg|mpe|mpeg|avi|mp3|wav|wma|wmf|wmv|mov|vob)$'i, ),
qr'^application/'i, # block this MIME type
),
'DEFAULT' => $banned_filename_re,
);
$policy_bank{'SPECIAL-CLIENT'} = {
# leave internal-to-internal banning rules at default
# but block most attachments on outbound mail
banned_filename_maps => [
{'.local.domain1' => 'DEFAULT',
'.local.domain2' => 'DEFAULT',
'.local.domain3' => 'DEFAULT',
'.' => 'BLOCK-ATTACHMENTS',
} ],
};
Mark
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
