Eric (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
Eric (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
||
Zeile 10: | Zeile 10: | ||
Wenn Sie Ausnahmen für Domains einrichten wollen (wir empfehlen dies nicht zu tun), dann müssen Sie die # vor den entsprechenden Zeilen entfernen und die Liste der in eckigen Klammern stehenden Domainnamen (z.B. vertrautedomain1.tld) durch die gewünschten Ausnahmedomains ersetzen. | Wenn Sie Ausnahmen für Domains einrichten wollen (wir empfehlen dies nicht zu tun), dann müssen Sie die # vor den entsprechenden Zeilen entfernen und die Liste der in eckigen Klammern stehenden Domainnamen (z.B. vertrautedomain1.tld) durch die gewünschten Ausnahmedomains ersetzen. | ||
Die hier aufgeführten CLI Kommando Sets dienen als Beispiel und haben keinen Anspruch auf Vollständigkeit bezogen auf Mime Typen, Dateierweiterungen usw. Außerdem umfassen diese keine Kundenindividuellen Besonderheiten. Die CLI Kommando Sets | Die hier aufgeführten CLI Kommando Sets dienen als Beispiel und haben keinen Anspruch auf Vollständigkeit bezogen auf Mime Typen, Dateierweiterungen usw. Außerdem umfassen diese keine Kundenindividuellen Besonderheiten. Die CLI Kommando Sets dürfen nur von geschultem Personal angewendet werden. | ||
Version vom 24. Februar 2016, 08:16 Uhr
Passend zu unserem HOWTO zur Filterung von Office Dokumenten finden Sie hier vorbereitete CLI Kommando Sets die entsprechende Filterregeln im Mailfilter der Securepoint UTM erzeugen.
Bitte beachten Sie, dass die Syntax auf der Securepoint UTM 11.6.x basierend ist.
Die mit # anfangenden Zeilen sind keine CLI Kommandos und können vorher entfernt werden. Sie können diese auch mit auf die Konsole kopieren, müssen dann die Fehler der Ausgabe entsprechend ignorieren.
So verwenden Sie die CLI Kommando Sets: Melden Sie sich als Benutzer admin über ssh mit einem entsprechenden SSH Client (wie z.B. Putty) an der Securepoint UTM Firewall an. Kopieren Sie das für Sie passende Script (SMTP, POP3 oder MAILCONNECTOR) und fügen Sie dies auf der Oberfläche der UTM ein.
Wenn Sie Ausnahmen für Domains einrichten wollen (wir empfehlen dies nicht zu tun), dann müssen Sie die # vor den entsprechenden Zeilen entfernen und die Liste der in eckigen Klammern stehenden Domainnamen (z.B. vertrautedomain1.tld) durch die gewünschten Ausnahmedomains ersetzen.
Die hier aufgeführten CLI Kommando Sets dienen als Beispiel und haben keinen Anspruch auf Vollständigkeit bezogen auf Mime Typen, Dateierweiterungen usw. Außerdem umfassen diese keine Kundenindividuellen Besonderheiten. Die CLI Kommando Sets dürfen nur von geschultem Personal angewendet werden.
CLI Kommando Set für SMTP
Bitte wählen Sie dieses Script, wenn Sie E-Mails über den SMTP zustellen.
# SMTP # DROP Virus (spfilterset_smtp_drop_virus) mail filterng selector new name spfilterset_smtp_drop_virus binop AND mail filterng selector item new selector spfilterset_smtp_drop_virus type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_drop_virus type VIRUS operator TRUE mail filterng new selector spfilterset_smtp_drop_virus action DROP pos 1 # Reject Word by MIME (spfilterset_smtp_reject_word_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_word_by_mime binop AND mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_word_by_mime action REJECT pos 2 # Reject Excel by MIME (spfilterset_smtp_reject_excel_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_excel_by_mime binop AND mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_excel_by_mime action REJECT pos 3 # Reject compressed files by MIME (spfilterset_smtp_reject_zip_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_zip_by_mime binop AND mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ] #mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_zip_by_mime action REJECT pos 4 # Reject Office files by extention (spfilterset_smtp_reject_office_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_office_by_ext binop AND mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_office_by_ext action REJECT pos 5 # Reject compressed files by extention (spfilterset_smtp_reject_zip_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_zip_by_ext binop AND mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_zip_by_ext action REJECT pos 6 # Drop SPAM (spfilterset_smtp_drop_spam) mail filterng selector new name spfilterset_smtp_drop_spam binop AND mail filterng selector item new selector spfilterset_smtp_drop_spam type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_drop_spam type SPAM operator IS value [ VERIFIED ] mail filterng new selector spfilterset_smtp_drop_spam action DROP pos 7 # Quarantine probably SPAM (spfilterset_smtp_quarantine_possibly_spam) mail filterng selector new name spfilterset_smtp_quarantine_possibly_spam binop AND mail filterng selector item new selector spfilterset_smtp_quarantine_possibly_spam type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ] mail filterng new selector spfilterset_smtp_quarantine_possibly_spam action QUARANTINE pos 8 # Activate filterng and save configuration mail filterng update system config save
CLI Kommando Set für POP3 Proxy
Bitte wählen Sie dieses Script, wenn Sie E-Mails über den POP3 Proxy filtern.
# POP3Proxy # Filter Virus (spfilterset_pop3_filter_virus) mail filterng selector new name spfilterset_pop3_filter_virus binop AND mail filterng selector item new selector spfilterset_pop3_filter_virus type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_virus type VIRUS operator TRUE mail filterng new selector spfilterset_pop3_filter_virus action FILTER pos 1 # Filter Word by MIME (spfilterset_pop3_filter_word_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_word_by_mime binop AND mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_word_by_mime action FILTER pos 2 # Filter Excel by MIME (spfilterset_pop3_filter_excel_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_excel_by_mime binop AND mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_excel_by_mime action FILTER pos 3 # Filter compressed files by MIME (spfilterset_pop3_filter_zip_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_zip_by_mime binop AND mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ] #mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_zip_by_mime action FILTER pos 4 # Filter Office files by extention (spfilterset_pop3_filter_office_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_office_by_ext binop AND mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_office_by_ext action FILTER pos 5 # Filter compressed files by extention (spfilterset_pop3_filter_zip_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_zip_by_ext binop AND mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_zip_by_ext action FILTER pos 6 # Quarantine SPAM (spfilterset_pop3_quarantine_spam) mail filterng selector new name spfilterset_pop3_quarantine_spam binop AND mail filterng selector item new selector spfilterset_pop3_quarantine_spam type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_quarantine_spam type SPAM operator IS value [ VERIFIED ] mail filterng new selector spfilterset_pop3_quarantine_spam action QUARANTINE pos 7 # Quarantine probably SPAM (spfilterset_pop3_quarantine_possibly_spam) mail filterng selector new name spfilterset_pop3_quarantine_possibly_spam binop AND mail filterng selector item new selector spfilterset_pop3_quarantine_possibly_spam type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ] mail filterng new selector spfilterset_pop3_quarantine_possibly_spam action QUARANTINE pos 8 # Activate filterng and save configuration mail filterng update system config save
CLI Kommando Set für Mail-Connector
Bitte wählen Sie dieses Script, wenn Sie E-Mails über den Mail-Connector zustellen.
# MAIL-Connector # DROP Virus (spfilterset_mailconnector_drop_virus) mail filterng selector new name spfilterset_mailconnector_drop_virus binop AND mail filterng selector item new selector spfilterset_mailconnector_drop_virus type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_drop_virus type VIRUS operator TRUE mail filterng new selector spfilterset_mailconnector_drop_virus action DROP pos 1 # Quarantine Word by MIME (spfilterset_mailconnector_quarantine_word_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_word_by_mime binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_word_by_mime action QUARANTINE pos 2 # Quarantine Excel by MIME (spfilterset_mailconnector_quarantine_excel_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_excel_by_mime binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_excel_by_mime action QUARANTINE pos 3 # Quarantine compressed files by MIME (spfilterset_mailconnector_quarantine_zip_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_zip_by_mime binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_zip_by_mime action QUARANTINE pos 4 # Quarantine Office files by extention (spfilterset_mailconnector_quarantine_office_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_office_by_ext binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_office_by_ext action QUARANTINE pos 5 # Quarantine compressed files by extention (spfilterset_mailconnector_quarantine_zip_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_zip_by_ext binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_zip_by_ext action QUARANTINE pos 6 # Quarantin SPAM (spfilterset_mailconnector_quarantine_spam) mail filterng selector new name spfilterset_mailconnector_quarantine_spam binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_spam type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_spam type SPAM operator IS value [ VERIFIED ] mail filterng new selector spfilterset_mailconnector_quarantine_spam action QUARANTINE pos 7 # Quarantine probably SPAM (spfilterset_mailconnector_quarantine_possibly_spam) mail filterng selector new name spfilterset_mailconnector_quarantine_possibly_spam binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_possibly_spam type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ] mail filterng new selector spfilterset_mailconnector_quarantine_possibly_spam action QUARANTINE pos 8 # Activate filterng and save configuration mail filterng update system config save