pfSense Gold Subscription

Author Topic: postfix forwarder + mailscanner NOT blocking attachments but want it to!  (Read 152 times)

0 Members and 1 Guest are viewing this topic.

Offline pdrass

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
2.2.2-RELEASE (amd64)
built on Mon Apr 13 20:10:22 CDT 2015
FreeBSD 10.1-RELEASE-p9

First of all, postfix forwarder + mailscanner - great plugins.  Thanks.

I'm having a problem though - I want to BLOCK zip attachments among other attachments like .bat, .vbs, .exe, etc.  I first tried to configure postfix forwarder with mime_header_checks and that blew up, it didn't work - it was a regex which does NOT need to be post mapped unlike one commenter said.  I looked it up on the postfix man pages and from what I gather you don't need to postmap command regex files to make a db so postfix can look things up.  This is what I tried: 

https://forums.freebsd.org/threads/postfix-header-check-to-block-executable-files.11393/

I couldn't get it working.

So, I then read about mailscanner and saw PFSense had a plugin for that.  Well, same same - out of the box it does NOT block zip attachments and for the life of me I can't figure out how the heck to get it to block them.

So now I've got both postfix forwarder + mailscanner enabled neither of which is doing what I want.

Lastly, mailscanner is just letting viruses on in the door.  I assumed it would block then and scan them with clamav however; it did not and AVG which is on the Exchange server caught it.  That's AFTER it went through PFSense + postfix forwader + mailscanner.

I feel like for the most part, besides blocking spam with RBL's in postfix forwarder that those two modules are almost pointless.


Is there anyone in the world who has configured postfix forwarder or mailscanner to block attachments on a PFSense?

HELP!

Thanks.

Offline Bismarck

  • Jr. Member
  • **
  • Posts: 42
  • Karma: +2/-1
    • View Profile
In Postfix you need to disallow zip etc, go to:

Services > Postfix relay and antispam > Access Lists > MIME

Code: [Select]
PCRE filters that are applied to MIME related message headers only. Hint:
/^name=[^>]*\.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.
/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/ REJECT ".$2" file attachment types not allowed

or in Mailscanner go to:

Services > MailScanner > Attachments > filename.rules.conf

and change allow to deny for \.zip$ and so on.

and maybe you need to run freshclam first, so clamd can find new viruses.

in pfSense 2.1.x I had to run:

pkg_add -r unrar

so Mailscanner would extract rar's and clam scan it, maybe in 2.2.x unzip or so is missing?

Good luck.

Offline pdrass

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Thanks Bismarck,

You know, I tested this after bumping in the header and mime sections from that freebsd post, tested by sending a zip file AND mailscanner actually blocked the zip attachment which it wasn't doing before.

I ran your freshclam command prior to my test also so I wonder if mailscanner was all setup; because I did try mailscanner as a solution also, and all I needed to do was run freshclam OR perhaps freshclam is on a cron automatically and updated.

Perhaps this was running the whole time on the mailscanner config and I didn't know it!

I'm going to test some more but it looks like mailscanner is the way to go, it now seems to be working and I"ll have to see if freshclam is running every 8 hours or so.

Thanks!

Offline dudi

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Is it safe to install postfix forwarder + mailscanner on pfsense 2.2.3 ?

I have read some place that there are some problems...