While I realize that most IMail administrators may not want to block
ALL attachments coming in from outside mail domains, I'm in a
situation where clinical & medical records are at risk (two
departments)... warranting more decisive measures to protect the
integrity of email and other files.
As background, I've disabled POP3, IMAP4, and non-SSL web messaging
(from day one). All I allow is SSL-based web messaging (because of
the security needed for clinical & medical information).
As of this morning, I am using the following rules to attempt to
block ALL *incoming* attachments (has no effect on messages sent
within the IMail domain):
B~attachment; fil$ename=:trapped
B~application/.*; nam$e=:trapped
B~multipart/mix$ed;:trapped
B~s/mime cryptographic sig$nature:trapped
B~x-ms-att$achment:trapped
B~text/x-vca$rd;:trapped
NOTE - remove each instance of "$" from each of the rules before
implementing them on your IMail system.
If you prefer to delete such messages rather than send them to the
TRAPPED mailbox, replace "trapped" with "nul" (no quotes).
??? Comments ??? -- I would appreciate any feedback about these
rules. I believe the syntax is correct in each instance. I'd also
welcome other suggestions of rules WHEN the objective is to filter
all *incoming* messages with attachments.
I'm not particularly interested in a debate about whether I *should*
be filtering all attachments. That's to be debated and decided on a
domain-by-domain basis, given the context within which you are
operating (my context briefly described above).
For those few of you who may wish to block all incoming attachments,
hopefully the rules above will give you a jump-start on the
challenge.
To Ipswitch developers -- It would be nice if you would find another
delimiter besides ":" so that the filter text itself could match on
a string like this:
Content-Disposition: attachment;
where ":" is part of the match string itself. The colon (:) is a
very common character associated with headers and attachments. It
seems a shame to preclude our using it as part of the match string.
It would also be nice (necessary) for the rules to work on messages
sent within the IMail domain (from one account to others inside the
domain).
Gordon Williams
Michigan State University
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
