How to Configure and Integrate Axigen and MIMEDefang to Block Attachments by File Extension

MIMEDefang includes in the default configuration a filter that rejects email attachments by file extension. This article describes how to integrate Axigen with MIMEDefang with the purpose to block such email attachments.

Solution

MIMEDefang includes in the default configuration a filter that rejects email attachments by file extension. This article describes how to integrate Axigen with MIMEDefang with the purpose to block such email attachments.

The configuration described in this article was tested on CentOS 6 and on Ubuntu 12.04.


1. Install MIMEDefang

On CentOS 6, the mimedefang package is not available in the default repositories. It can be installed by enabling the EPEL repository. Instructions about enabling the EPEL repositories are available at:

https://fedoraproject.org/wiki/EPEL

After enabling EPEL, install MIMEDefang with the command:

yum install mimedefang

On Ubuntu 12.04, the command to install the package is:

apt-get install mimedefang


2. Configure MIMEDefang to listen on a TCP port

Edit the folowing file:

- On CentOS 6: /etc/sysconfig/mimedefang

- On Ubuntu 12.04: /etc/default/mimedefang

and add the line:

SOCKET=inet:10084

The port used in this example is 10084 but a different available port can be chosen.


3. Inspect the MIMEDefang configuration file available at /etc/mail/mimedefang-filter. The filter that blocks email attachments by file extension is located in the section:

# This procedure returns true for entities with bad filenames.
sub filter_bad_filename  {
    my($entity) = @_;
    my($bad_exts, $re);

    # Bad extensions
    $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|{[^}]+})';

    # Do not allow:
    # - CLSIDs  {foobarbaz}
    # - bad extensions (possibly with trailing dots) at end
    $re = '.' . $bad_exts . '.*$';

    return 1 if (re_match($entity, $re));

    # Look inside ZIP files
    if (re_match($entity, '.zip$') and
        $Features{"Archive::Zip"}) {
        my $bh = $entity->bodyhandle();
        if (defined($bh)) {
            my $path = $bh->path();
            if (defined($path)) {
                return re_match_in_zip_directory($path, $re);
            }
        }
    }
    return 0;
}

4. Verify the syntax of the mimedefang-filter file:

# perl -c /etc/mail/mimedefang-filter
/etc/mail/mimedefang-filter syntax OK

5. Start MIMEDefang:

/etc/init.d/mimedefang restart

Check that the process runs and that it listens on the defined TCP port:

# netstat -tlpn | grep 10084
tcp        0      0 0.0.0.0:10084           0.0.0.0:*               LISTEN      7401/mimedefang
#

Axigen Configuration


Open the Axigen Webadmin interface and navigate to the following section:


Security & Filtering -> Acceptance & Routing -> Advanced Settings

Add the below two rules for using the mimedefang filter:

Rule 1:

- press the 'Add Acceptance/Routing Rule' Button

- Type a suggestive Rule name such as 'mimedefang_define'

- Unless otherwise required, leave the Conditions section unmodified as the default policies will apply to all SMTP connections

- From the Actions section, making use of the drop-down box select Filters -> Add Filter and click the '+Add Action' button. You should next define a corresponding name for this filter (for example, mimedefang). Note that this name can be used for tracking the filter entries in the Axigen log entries. Also fill the Address field with the connection address of the MIMEDefang's MILTER listener.


Example:

Name: mimedefang
Address: inet://127.0.0.1:10084


By selecting to Save Configuration the new filter details will be saved.



Rule 2:

In order to activate the filter, from the same Advanced Settings context you will create a second rule that will ensure the filter execution.

- press the 'Add Acceptance/Routing Rule' Button

- type a suggestive Rule name such as 'mimedefang_execute'

- leave the Conditions section unmodified

- in the Actions section select the 'Execute filters' option from the Filters category and press the '+ Add Action' button. Fill the 'Name pattern' field with the name of the previously defined filter, in our case 'mimedefang'.

Finally, press the Save configuration button in order to activate this rule.



After this point, all the server's traffic will be will be processed by this filter.


Test the configuration by sending a message that has a file with a forbidden extension attached, for example "test.exe". The file should be replaced with an attachment named "warning1.txt" with a content similar to:

"
WARNING: This e-mail has been altered by MIMEDefang.  Following this
paragraph are indications of the actual changes made.  For more
information about your site's MIMEDefang policy, contact
MIMEDefang Administrator's Full Name <postmaster@localhost>.  For more information about MIMEDefang, see:

            https://www.roaringpenguin.com/mimedefang/enduser.php3

An attachment named test.exe was removed from this document as it
constituted a security hazard.  If you require this document, please contact
the sender and arrange an alternate means of receiving it.
"

Note: MIMEDefang can also perform AntiSpam scanning if SpamAssassin is installed on the system. For more information about the MIMEDefang configuration consult the documentation available at:

http://www.mickeyhill.com/mimedefang-howto/
OS: LinuxWindowsFreeBSDMACSolaris
Distros: DEB based distros amd64RPM based distros x64DEB based distros amd64