09-30-2008 10:50 AM
Hello all,
I want to allow email for a special group only, if the mail
- ist smaller than 20 MB
- has no attachements
- has one or more attachements of an allowed type (pdf, doc, xls, ...)
All other attachements should be forwarded to an administration account. The attachement should then be stripped off the mail and the user should get the mail with the information, that he could get the mail, if it is business relevant.
My problem is, that I don't know how to filter emails without an attachement.
Thanks,
Bernd
10-02-2008 03:17 PM
At the moment, it is only possible to detect the presence of an attachment using a message filter.
You can use the message filter to insert a header. The header could then be used as a condition in a Content Filter to determine that the message should pass through.
Here is an example of a message filter that checks for attachments.
add_header_if_there_is_an_attachment:
if (attachment-size >= 1k)
{
insert-header('X-Attachment_Exists', 'Yes');
}
10-06-2008 05:09 PM
Thank you very much. It is working as expected.
But now there is another problem: If a mail has more than one attachment and one (may be the first one) has an allowed type (.doc) and a second file ist an executable (.exe), the mail passes the filter.
How can I resolve the problem?
Thanks,
Bernd
10-08-2008 12:03 PM
Hi,
how can I find out, if an attachment is a forwarded email?
Thanks,
Bernd
10-09-2008 01:23 PM
Hi,
If you feel comfortable providing a copy of the filter, you can paste it into a reply here in the forums, so that we may view it and help determine what changes its needs.
If you would rather not provide a copy of the filter for security reasons,
I would suggest opening a ticket with IronPort Customer Support.
-whardison
10-09-2008 02:26 PM
Thank you very much for you reply,
I've build the content filter with the GUI. I don't know how to export only the filter and not the whole configuration.
I've found a work-a-round, that seems to work:
1. mails without attachment, <20M> deliver
2. mails with filetype executables|media|>20M -> quarantine
3. mails with filetype doc,xls,pdf,ole,..,tiff,jpeg,..,mime-type text/* -deliver
4. mails with mime-type multipart/mixed -> quarantine + deliver (not sure filter)
5. all other in quarantine
I thought it would be easier to build a "whitelist filter"...
Bernd
10-10-2008 06:03 AM
I think it may have to do with the order you put the content filter and the action you take when you get a positive result.
In line 2. if you also put a -deliver action then it would stop processing the message and send it straight to the quarantine.
So if the email contains a .EXE and a .doc, xls etc it would see the .EXE and send it straight to the Quarantine.
It would not be processed by any further Content filters in the down the list.
I had this problem a while ago as well.
I hope this makes sense and what you were trying to achieve.
Bogor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide