Overview
Attachment Filtering allows an administrator to set up rules to filter what types of email attachments to allow and block on the mail server.
This article looks at how attachment filtering rules can be modified to achieve the desired actions on email attachments.
Solution
MailEssentials default installation includes a number of attachment filtering rules that can be enabled, disabled, edited, or new ones added as desired. The order in which they are applied is also configurable by changing the priority.
A rule has the following components which can be modified as required:
- Attachment types to block
- Actions to take when a matching attachment is found
- The users to which a rule applies.
The next sections describe the process to manage attachment filtering rules by looking at the following topics:
- Creating Attachment Filtering rules
- Enabling/disabling rules
- Removing attachment rules
- Modifying an existing rule
- Changing the rule priority
Creating Attachment Filtering Rules
To create an Attachment filtering rule follow the steps listed below:
- Step 1: Configuring basic rule settings and the terms to block
- Step 2: Configuring the actions to take on detected emails
- Step 3: Specifying users to whom this rule applies
Step 1: Configuring basic rule settings and the terms to block
- Navigate to Content Filtering > Attachment Filtering node.
- Click Add Rule...
- Specify a name for the rule in the Rule name text box.
- Select whether to scan inbound, outbound and/or internal emails.
Option | Description |
---|---|
Scan Inbound SMTP Email | Select this option to scan incoming emails |
Scan Outbound SMTP Email | Select this option to scan outgoing emails |
Check Internal emails |
Select this option to scan internal emails. Note: This option is only available when MailEssentials is installed on the Microsoft® Exchange server. |
- In the Attachment Blocking area, specify the types of attachments to block:
Option | Description |
---|---|
Block all | Block all email attachments of any type. |
Block this list | Block a custom list of attachment types. Key in a filename and/or attachment type to block in the Enter filename with optional wildcards text box and click Add. Repeat this step for all filenames and/or attachment types to block. |
Do not block attachments smaller than the following size: | Select this option to allow attachment types in the list that are smaller than a particular size. Specify the size (in KB) in the text box provided. |
Block all except this list | Block all attachments except the ones specified in the list. Key in a filename and/or attachment type to allow in the Enter filename with optional wildcards text box and click Add. Repeat this step for all filenames and/or attachment types to exclude. |
Note:
- When specifying filenames and/or attachment types, you can use wildcards (*). For example, specifying
*orders*.mdb
refers to all files of type mdb that contain the stringorders
in the file name. Specifying*.jpg
will block all images of type jpg. - To remove an entry from the list, select it and click Remove Selected.
- You can also block attachments that have a size bigger than a particular size. To enable this option, from the Options area select Block all attachments greater than the following size and specify the maximum attachment size (in KB).
- Note: This feature blocks all attachments with a file size bigger than the one specified irrespective of whether the attachment matches an entry in the Attachment blocking list.
Step 2: Configuring the actions to take on detected emails
- Click the Actions tab to configure what happens when this rule is triggered.
- To block an email that matches the rule conditions, select Block attachment and perform this action and select one of the following options:
Option | Description |
---|---|
Quarantine email | Stores blocked emails in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information refer to Managing Quarantined Emails. |
Delete email | Deletes blocked emails. |
Move to folder on disk | Moves the email to a folder on disk. Key in the full folder path where to store blocked emails. |
Important: Actions always affect the whole email containing the blocked content, even if there is other content (such as attachments) that do not trigger this rule.
- Select Send a sanitized copy of the original email to recipient(s) to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed.
- To send email notifications whenever an email gets blocked, check any of the following options:
Option | Description |
---|---|
Notify administrator |
To notify the administrator whenever this engine blocks an email. |
Notify local user | To notify the email local recipients about the blocked email. |
- To log the activity of this engine to a log file, check Log rule occurrence to this file and specify the path and file name to a custom location on the disk to store the log file.
Step 3: Specifying users to whom this rule applies
- By default, the rule is applied to all email users. MailEssentials, however, allows you to apply this rule to a custom list of email users specified in the Users / Folders tab.
- Specify the users to apply this rule to.
Option | Description |
---|---|
Only this list | Apply this rule to a custom list of email users, groups or public folders. |
All except this list | Apply this rule to all email users except for the users, groups or public folders specified in the list. |
- To add email users, user groups and/or public folders to the list, click Add.
- In the User Lookups window, specify the name of the email user/user group or public folder that you wish to add to the list and click Check Names. Matching users, groups or public folders are listed underneath.
- Note: You do not need to input the full name of the users, groups or public folder. It is enough to enter part of the name. MailEssentials will list all the names that contain the specified characters. For example, if you input
sco
, MailEssentials will return names such asScott Adams
andFreeman Prescott
, if they are available.
- Note: You do not need to input the full name of the users, groups or public folder. It is enough to enter part of the name. MailEssentials will list all the names that contain the specified characters. For example, if you input
- Select the checkbox next to the name(s) that you want to add to the list and click OK.
- Note: To remove entries from the list, select the user/user group/public folder you want to remove and click Remove.
- Repeat steps 3 to 5 to add all the required users to the list.
- Click Apply.
Enabling/disabling rules
To enable or disable attachment filtering rules:
- Go to Content Filtering > Attachment Filtering.
- From the Attachment Filtering page, select the checkbox of the rule(s) to enable or disable.
- Click Enable Selected or Disable Selected accordingly.
Removing attachment rules
- Go to Content Filtering > Attachment Filtering.
- From the Attachment Filtering page, select the rule(s) that you want to remove.
- Click Remove Selected.
Modifying an existing rule
- Go to Content Filtering > Attachment Filtering.
- From the Attachment Filtering page, click the name of the rule to modify.
- Perform the required changes in the rule properties and click Apply.
Changing the rule priority
Attachment Filtering rules are applied in the same order, from top to bottom as they are listed in the Attachment Filtering page (that is, rule with priority value 1 is checked first). To change the sequence/priority of rules:
- Go to Content Filtering > Attachment Filtering.
- From the Attachment Filtering page, click the (up) or (down) arrows to respectively increase or decrease the priority of the selected rule.
- Repeat step 2 until rules are placed in the desired sequence.