Discussion:
[Maia-users] Allow ZIP files from a single domain
Bruce Sackett
2015-05-27 18:52:44 UTC
Permalink
I have an account that is going to be receiving ZIP files, a lot of them, to nearly all their email addresses. They are all coming from one domain, but from multiple addresses.

What I’d like to be able to do is to allow ZIP files from that domain, but no others, for all users. It’s an edge case, I know, but it would save a lot of sanity, and add security, if I was able to.

--Bruce Sackett – e: ***@oecnw.com <mailto:***@oecnw.com> - w: www.oecnw.com <http://www.oecnw.com/> - p: 541.342.3325 <tel:541.342.3325> - tw: @OECTECH - fb: www.facebook.com/oecnw <http://www.facebook.com/oecnw>
James Robertson
2015-05-28 00:19:48 UTC
Permalink
This is what I do...

Add the following to amavis config. $inet_socket_port should already be
there so your just adding port 10026 to it.

# Allow banned attachments
$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'SENDERBYPASS';

$policy_bank{'SENDERBYPASS'} = {
bypass_banned_checks_maps => [1],
};

restart Amavis

Add the following to postfix main.cf

smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/amavis_senderbypass

Add the following to /etc/postfix/amavis_senderbypass

example.com FILTER smtp-amavis:[127.0.0.1]:10026

postmap /etc/postfix/amavis_senderbypass

Reload or restart postfix

Thanks

James
Post by Bruce Sackett
I have an account that is going to be receiving ZIP files, a lot of them,
to nearly all their email addresses. They are all coming from one domain,
but from multiple addresses.
What I’d like to be able to do is to allow ZIP files from that domain, but
no others, for all users. It’s an edge case, I know, but it would save a
lot of sanity, and add security, if I was able to.
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
James Robertson
2015-05-28 00:22:39 UTC
Permalink
Post by James Robertson
This is what I do...
Add the following to amavis config. $inet_socket_port should already be
there so your just adding port 10026 to it.
# Allow banned attachments
$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'SENDERBYPASS';
$policy_bank{'SENDERBYPASS'} = {
bypass_banned_checks_maps => [1],
};
restart Amavis
Add the following to postfix main.cf
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/amavis_senderbypass
Add the following to /etc/postfix/amavis_senderbypass
example.com FILTER smtp-amavis:[127.0.0.1]:10026
postmap /etc/postfix/amavis_senderbypass
Reload or restart postfix
Thanks
James
Post by Bruce Sackett
I have an account that is going to be receiving ZIP files, a lot of them,
to nearly all their email addresses. They are all coming from one domain,
but from multiple addresses.
What I’d like to be able to do is to allow ZIP files from that domain,
but no others, for all users. It’s an edge case, I know, but it would save
a lot of sanity, and add security, if I was able to.
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
I should point out this is not exactly what your after but figured it would
give your somewhere to start. Sorry for top post was in a hurry.
Loading...