Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

allow specific attacment types, block others

I've been doing this with content filters and trying to add/remove headers as necessary.

We have an internal group that generates automated emails to clients. The problem is they are less than confident in the solution on their end, so they want the IP to do checking incase their solution barfs.

So, they want to allow attachments of (pdf|doc|docx) but that's it. A .txt or any other attachment should get blocked.

All works well when there is one attachment, but if there is a .eafsdf and a .pdf, the pdf causes it to pass. Doing a not (!) in front of the file types and setting the header value doesn't seem to work either (reminds me of the wireshark filters). I'm a little confused how to match a true on one file and a false on the other since I don't see how particularly the content filters are handling it.

New Member

Re: allow specific attacment types, block others

Because you have a specific list (e.g. pdf, doc, docx), you may want to try to use the Content Filter action called "Strip Attachment by File Info".

That action allows you to specific by mime type, filename, filesize and filetype.

When testing this, you should probably create the outgoing content filter so that it looks for those parameters and only your email address so that it doesn't impact the other senders in your company.