MailScanner 放行加密壓縮檔的方發

MailScanner 作為 Mail Gateway 可以阻擋後有電郵威脅, 包括病毒、垃圾電郵、檔案名稱、釣魚電郵等。

在預設的情況下, MailScanner 會阻擋掉加密的壓縮檔, 這是因為如果壓縮檔內包含有有害內容 (例如病毒), 那 MailScanner 便不能進行掃瞄, 阻擋掉的電郵的訊息如下:

The following e-mails were found to have: Other Bad Content Detected : Password-protected Archive Detected

但有些情況是正常的電郵也包含有密碼保護的壓縮檔, 例如銀行的月結單。要解決唯有把加密壓縮檔的電郵放行, 但這個會有安全性的問題。

開啟 MailScanner 的設定檔 /etc/MailScanner/MailScanner.conf:

# vi /etc/MailScanner/MailScanner.conf


# Should archives which contain any password-protected files be allowed?
# Leaving this set to “no” is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = no

預設 “Allow Password-Protected Archives” 是 no, 即會阻擋所有密碼保護壓縮檔的電郵, 改成 yes:

Allow Password-Protected Archives = yes

最後重新啟動 MailScanner 即可:

# systemctl restart mailscanner

如果 Mail Gateway 內不止一個域名, 只想對個別發信或收信電郵/網域放行密碼壓縮檔, 那便需要設定 ruleset, 把上面的 Allow Password-Protected Archives 改成這樣:

Allow Password-Protected Archives = %rules-dir%/domain.archives.rules

然後在建立檔案 /etc/MailScanner/rules/domain.archives.rules, 加入以下內容:

將以上 allow-domain.tld 改成放行的網域, 最後重新啟動 MailScanner:

# systemctl restart mailscanner

Leave a Reply