David,
> I’m having trouble getting my head around some of the setting in amavisd
> and was hoping someone could assist me. I want to block all .exe and
> .dll files (in and out) except for our helpdesk which must be able to
> send .exe to clients.
>
> The blocking of .exe and .dll is ok but I’m confused about the exception
> for helpdesk.
...
> I’ve tried @banned_files_lovers_maps = ( [qw( [EMAIL PROTECTED] )] );
> but this did not to work.
The *_lovers, like most other lookups (except white/black-lists),
work on recipient address, so this is not your solution.
Important decisions based on sender address are intentionally
not implemented, because sender address can easily be faked
and often is faked by malware, (unlike recipient address,
which by definition is genuine).
The only reliable way to make such exception is based on sending
client, either its IP address or its SASL authentication. To put this
into practice, you need a cooperation between Postfix and amavisd-new.
On the amavisd-nedw side, the mechanism is called policy banks,
and allows to load a new set of settings based on the TCP port
on which the request came in from MTA, or based on whether the
client's IP address is in @mynetworks (with a help of Postfix
XFORWARD extension to SMTP protocol).
So, you either can decide to allow exe files to be sent from
all internal hosts (using $policy_bank{'MYNETS'}), or you can
set up a dedicated amavisd-new port and a dedicated Postfix
submission port or a dedicated alias IP address, set up some
policy bank to be loaded when a request comes in on such a port.
Then set helpdesk MUAs to send to such dedicated MTA IP address
or port.
See
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex
Mark
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
