How to achieve below allow attachment exceptions with Postfix header checks. Please suggest me the alternative ways if not possible with header checks.
1. need to bounce the mail if the incoming mail has encrypted data
2. By default, we should not allow any attachment, So, we need to reply the sender with message as below, and bcc to audit team
message: You cannot email attachments in or out of the secure lab - please use the airspace! [reply to the sender]
bcc: audit@example.com
3. Exceptions for mail attachments:
**Exception 1** - Source IP - Allow any Attachments - Do not BCC (simply deliver original message);
10.X.X.X
**Exception 2**: Allow .csv file if the message id has "tableau"
Message-id contains tableau
File type is .csv
Allow .csv files, strip any others.
STILL add bcc address (audit@example.com)
**Exception 3**: Allow .csv file from source IP as below
SourceIP is 10.X.X.X
File type is .csv
Allow .csv files, strip any others.
STILL add bcc address (audit@example.com)
**Exception 4**: Allow all file types if the recipient address is support@example.com
Recipient Address is autosupport@netapp.com
Allow all file types.
Do not BCC
4. Tag all messages with below Info [below are current settings in CISCO Ironport mail relay]
<action_type>Insert_Header_Action</action_type>
<action_data>X-SecLab</action_data>
<action_extra1>1</action_extra1>
5. Max Message Size BurtGate Emails
SourceIP = 10.XX.XX.XX-1XX
Block mails larger than 25KB
Notify xyz@example.com of Drop Action
6. Tag BurtGate Emails
SourceIP = 10.XX.XX.XX-1XX
<action_type>Insert_Header_Action</action_type>
<action_data>X-BurtGate</action_data>
<action_extra1>1</action_extra1>
7. Tag Messages with specific FROM Address
Tag messages with these FROM addresses;
donotreply@hipchat.com
<action_type>Insert_Header_Action</action_type>
<action_data>X-SecLabDrop</action_data>
<action_extra1>1</action_extra1>
~~~
Top comments (0)