Content Filtering with MailScanner - Part 1 - File Types

Mailscanner allows for a very fine level of control over email content and security via its configuration and ruleset files. This article shall look at setting up per user or per domain rules for file types. It is based on my experience with MailScanner on RPM based systems, however it should work on any system running a standard install of MailScanner. Why would this be of interest? If you are scanning mail for multiple domains and companies you may wish to impose restrictions on certain file types for particular users or, as is more often the case, these restrictions will be forced on you. Getting Started If the server is in production you may want to stop MailScanner processing mail while you make the changes to its configuration: /etc/init.d/MailScanner stop;/etc/init.d/MailScanner starting This will stop MailScanner and then restart its "in" queue, so mail will "sit" in the inbound queue. Open MailScanner.conf in vi: vim /etc/MailScanner/MailScanner.conf Look for the line : Filename Rules = %etc-dir%/filename.rules.conf In order to make this a ruleset which you can control you should change this to something like: Filename Rules = %etc-dir%/filename.rules in /etc/MailScanner you need to create the actual ruleset file. The way I did it was: FromOrTo: default /etc/MailScanner/filename.rules.conf FromOrTo: *@domain1.ie /etc/MailScanner/filename.rules.domain1.conf FromOrTo: *@domain2.com /etc/MailScanner/filename.rules.domain2.conf The first file: /etc/MailScanner/filename.rules.conf is the one that ships with MailScanner (with or without sidewide modifications). The other file(s) contain domain/user specific directives. For example, one of our clients asked us to block ALL zip files, so the custom ruleset contained one minor, but important, difference: deny \.zip$ - - If you have been "hacking" MailScanner for a while you will know that you can specify rules to apply to an entire domain: *@domain.tld or a specific user: user@domain.tld You could also do it using something like: From user1@domain.tld and To user2@domain.tld The README is helpful: As you can see, each rule has 3 fields: 1. Direction (or "Virus:") 2. Pattern to match 3. Result value (or values) or 6 fields: 1. Direction 1 (or "Virus:") 2. Pattern to match 3. The literal word "and" 4. Direction 2 (or "Virus:") 5. Pattern to match 6. Result value (or values) Your mileage may vary :)