allow-deny
https://www.mailscanner.info/MailScanner.conf.index.html
Whitelisting an email sender and/or files
>> I whitelisted the servers IP > > What configuration parameter did you set to whitelist the IP? /etc/MailScanner/rules/spam.whitelist.rules From: 172.17.20.58 yes
How to allow double extension file
We have a client send us email with zipped attachment. It contain files > > like: > > file1.shp.xml > > file2.kmz.kml > > > > I added two lines on the bottom of the filename.rules.conf: allow \.shp\.xml$ - - allow \.kmz\.kml$ - -
Blocking of Files with multiple extensions
> Our /etc/MailScanner/filename.rules.conf has the following line in it. >Deny all other double file extensions. This catches any hidden filenames.
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename> hiding > Attempt to hide real filename extension >> What if we remove / comment this line totally ? Are we putting our > customers > at a great risk ?
2. If you know what specific extensions to pass, you can put an allow rule before the deny rule. It's my understanding that the first rule matched wins. For example if you have a customer that needs to receive Word Perfect documents that have be opened and saved in MS Word. These documents have an extension ending with .wpd.doc so adding: allow \.wdp\.doc$ Found WordPerfect - MS file WordPerfect - MS file above the: deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension
---------------------------------------------------------------------
/etc/MailScanner/filename.rules.con
3) vi /etc/MailScanner/filename.rules.con
4) in that file, find the place which has specified “allow”
5) add the following syntax to allow the extension
allow \.docx$ – -
allow \.xlsx$ – -
allow \.app – -
allow \.x(ml)?\d{0,}\.rel$ – -
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Mailscanner: allow .zip .tar .gz extension in email
How can I configure MailScanner to allow zip/archive files through even if they contain an exe file or other potentially dangerous filename or filetype?
You can configure MailScanner to not check archives (zip, tar.gz etc).
1) Go to WHM > MailScanner > MailScanner Configuration
and search for 'Maximum Archive Depth'.
2) Change that to 0 to disable it.
That's it. The mailscanner will allow the .zip, .tar and etc. The attachments will still be scanned for viruses.
----------------------------------------------------------------------------------------------------------------------------------------
. Set the following in: #vi /etc/Mailscanner/Mailscanner.conf
emacs /etc/MailScanner/MailScanner.conf Filename Rules = %etc-dir%/filename.rules #changed from %etc-dir%/filename.rules.conf Filetype Rules = %etc-dir%/filetype.rules #changed from %etc-dir%/filetype.rules.conf Dangerous Content Scanning = %rules-dir%/content.scanning.rules Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
In my case I left the whitelist line unchanged to continue using SQL whitelisting.
Then the following files should be set-up as follows:
Make sure all gaps are TABs not spaces!
emacs /etc/MailScanner/filename.rules # # Allow Quarantine releases # From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf FromOrTo: default /etc/MailScanner/filename.rules.conf
emacs /etc/MailScanner/filetype.rules # # Allow Quarantine releases # From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf FromOrTo: default /etc/MailScanner/filetype.rules.conf
emacs /etc/MailScanner/rules/content.scanning.rules # # Allow Quarantine releases # From: 127.0.0.1 no FromOrTo: default yes
emacs /etc/MailScanner/filename.rules.allowall.conf allow .* - -
emacs /etc/MailScanner/filetype.rules.allowall.conf allow .* - -
Happy Releasing from Quarantine.
Cleaning the Mailwatch mysql db
php /zone/MailScanner/mailwatch-1.0.4/tools/db_clean.php
------------------------------------------------------------------------------------------------------------------------------------------