Mirko (Diskussion | Beiträge) KKeine Bearbeitungszusammenfassung |
Mirko (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
||
Zeile 1: | Zeile 1: | ||
Passend zu unserem HOWTO zur Filterung von Office Dokumenten finden Sie hier vorbereitete CLI Kommando Sets die | Passend zu unserem HOWTO zur Filterung von Office Dokumenten finden Sie hier vorbereitete CLI Kommando Sets, die die entsprechenden Filterregeln im Mailfilter der Securepoint NextGen UTM erzeugen. Lesen Sie sich diese Anleitung vollständig durch, bevor Sie Änderungen vornehmen. | ||
Bitte beachten Sie, dass die Syntax | Bitte beachten Sie, dass die hier aufgeführte Syntax für die Securepoint NextGen UTM 11.7.x optimiert ist. | ||
Die mit # | Die mit den # beginnenden Zeilen sind Kommentare, die für die Ausführung der Skripte nicht benötigt werden und somit vorher entfernt werden können. Etwaige auftretende Fehler bei dem Belassen der Kommentare im Skript müssen ignoriert werden. | ||
So verwenden Sie die CLI Kommando Sets: | So verwenden Sie die CLI Kommando Sets: | ||
Melden Sie sich als Benutzer | Melden Sie sich als Benutzer „admin“ über SSH mit einem SSH-Client (wie z.B. Putty) an der CLI der Securepoint NextGen UTM an. Kopieren Sie das für Sie benötigte Skript (SMTP, POP3 oder MAILCONNECTOR) und fügen dies im CLI ein. | ||
Wenn Sie Ausnahmen für Domains einrichten wollen | Möglichkeiten für Ausnahmen: | ||
Ausnahmen von strengen Regeln sind möglich, jedoch nicht empfohlen, da Absender gefälscht werden können. Wenn Sie Ausnahmen für Domains einrichten wollen, dann müssen Sie # vor den entsprechenden Zeilen entfernen und die Liste der in eckigen Klammern stehenden Domainnamen (z.B. vertrautedomain1.tld) durch die gewünschten Ausnahmedomains ersetzen. | |||
Die hier aufgeführten CLI Kommando Sets dienen als Beispiel und haben keinerlei Anspruch auf Vollständigkeit bezogen auf Mime Typen, Dateierweiterungen usw. Außerdem umfassen diese keine kundenindividuellen Besonderheiten. | |||
Die CLI Kommando Sets dürfen nur von geschultem Personal angewendet werden. | |||
Fertigen Sie vor jeder Änderung an der Securepoint NextGen UTM ein Backup an. | |||
Aktuelle Version vom 10. Dezember 2018, 18:44 Uhr
Passend zu unserem HOWTO zur Filterung von Office Dokumenten finden Sie hier vorbereitete CLI Kommando Sets, die die entsprechenden Filterregeln im Mailfilter der Securepoint NextGen UTM erzeugen. Lesen Sie sich diese Anleitung vollständig durch, bevor Sie Änderungen vornehmen.
Bitte beachten Sie, dass die hier aufgeführte Syntax für die Securepoint NextGen UTM 11.7.x optimiert ist.
Die mit den # beginnenden Zeilen sind Kommentare, die für die Ausführung der Skripte nicht benötigt werden und somit vorher entfernt werden können. Etwaige auftretende Fehler bei dem Belassen der Kommentare im Skript müssen ignoriert werden.
So verwenden Sie die CLI Kommando Sets: Melden Sie sich als Benutzer „admin“ über SSH mit einem SSH-Client (wie z.B. Putty) an der CLI der Securepoint NextGen UTM an. Kopieren Sie das für Sie benötigte Skript (SMTP, POP3 oder MAILCONNECTOR) und fügen dies im CLI ein.
Möglichkeiten für Ausnahmen: Ausnahmen von strengen Regeln sind möglich, jedoch nicht empfohlen, da Absender gefälscht werden können. Wenn Sie Ausnahmen für Domains einrichten wollen, dann müssen Sie # vor den entsprechenden Zeilen entfernen und die Liste der in eckigen Klammern stehenden Domainnamen (z.B. vertrautedomain1.tld) durch die gewünschten Ausnahmedomains ersetzen.
Die hier aufgeführten CLI Kommando Sets dienen als Beispiel und haben keinerlei Anspruch auf Vollständigkeit bezogen auf Mime Typen, Dateierweiterungen usw. Außerdem umfassen diese keine kundenindividuellen Besonderheiten.
Die CLI Kommando Sets dürfen nur von geschultem Personal angewendet werden.
Fertigen Sie vor jeder Änderung an der Securepoint NextGen UTM ein Backup an.
CLI Kommando Set für SMTP
Bitte wählen Sie dieses Script, wenn Sie E-Mails über den SMTP zustellen.
# SMTP # REJECT Virus (spfilterset_smtp_reject_virus) mail filterng selector new name spfilterset_smtp_reject_virus binop AND mail filterng selector item new selector spfilterset_smtp_reject_virus type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_virus type VIRUS operator TRUE mail filterng new selector spfilterset_smtp_reject_virus action REJECT pos 1 # Reject Word by MIME (spfilterset_smtp_reject_word_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_word_by_mime binop AND mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_word_by_mime action REJECT pos 2 # Reject Excel by MIME (spfilterset_smtp_reject_excel_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_excel_by_mime binop AND mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_excel_by_mime action REJECT pos 3 # Reject compressed files by MIME (spfilterset_smtp_reject_zip_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_zip_by_mime binop AND mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ] #mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_zip_by_mime action REJECT pos 4 # Reject Office files by extention (spfilterset_smtp_reject_office_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_office_by_ext binop AND mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type CONTENT type_arg FILENAME operator IN value [ doc dot docx docm dotx dotm docb xls xlsx xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_office_by_ext action REJECT pos 5 # Reject compressed files by extention (spfilterset_smtp_reject_zip_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_smtp_reject_zip_by_ext binop AND mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type CONTENT type_arg FILENAME operator IS value [ zip 7z ace arj cab zz zipx ] #mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_smtp_reject_zip_by_ext action REJECT pos 6 # REJECT SPAM (spfilterset_smtp_reject_spam) mail filterng selector new name spfilterset_smtp_reject_spam binop AND mail filterng selector item new selector spfilterset_smtp_reject_spam type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_reject_spam type SPAM operator IS value [ VERIFIED ] mail filterng new selector spfilterset_smtp_reject_spam action REJECT pos 7 # Quarantine probably SPAM (spfilterset_smtp_quarantine_possibly_spam) mail filterng selector new name spfilterset_smtp_quarantine_possibly_spam binop AND mail filterng selector item new selector spfilterset_smtp_quarantine_possibly_spam type PROTO operator IS value [ SMTP ] mail filterng selector item new selector spfilterset_smtp_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ] mail filterng new selector spfilterset_smtp_quarantine_possibly_spam action QUARANTINE pos 8 # Activate filterng and save configuration mail filterng update system config save
CLI Kommando Set für POP3 Proxy
Bitte wählen Sie dieses Script, wenn Sie E-Mails über den POP3 Proxy filtern.
# POP3Proxy # Filter Virus (spfilterset_pop3_filter_virus) mail filterng selector new name spfilterset_pop3_filter_virus binop AND mail filterng selector item new selector spfilterset_pop3_filter_virus type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_virus type VIRUS operator TRUE mail filterng new selector spfilterset_pop3_filter_virus action FILTER pos 1 # Filter Word by MIME (spfilterset_pop3_filter_word_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_word_by_mime binop AND mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_word_by_mime action FILTER pos 2 # Filter Excel by MIME (spfilterset_pop3_filter_excel_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_excel_by_mime binop AND mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_excel_by_mime action FILTER pos 3 # Filter compressed files by MIME (spfilterset_pop3_filter_zip_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_zip_by_mime binop AND mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ] #mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_zip_by_mime action FILTER pos 4 # Filter Office files by extention (spfilterset_pop3_filter_office_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_office_by_ext binop AND mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type CONTENT type_arg FILENAME operator IN value [ doc dot docx docm dotx dotm docb xls xlsx xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_office_by_ext action FILTER pos 5 # Filter compressed files by extention (spfilterset_pop3_filter_zip_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_pop3_filter_zip_by_ext binop AND mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type CONTENT type_arg FILENAME operator IS value [ zip 7z ace arj cab zz zipx ] #mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_pop3_filter_zip_by_ext action FILTER pos 6 # Quarantine SPAM (spfilterset_pop3_quarantine_spam) mail filterng selector new name spfilterset_pop3_quarantine_spam binop AND mail filterng selector item new selector spfilterset_pop3_quarantine_spam type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_quarantine_spam type SPAM operator IS value [ VERIFIED ] mail filterng new selector spfilterset_pop3_quarantine_spam action QUARANTINE pos 7 # Quarantine probably SPAM (spfilterset_pop3_quarantine_possibly_spam) mail filterng selector new name spfilterset_pop3_quarantine_possibly_spam binop AND mail filterng selector item new selector spfilterset_pop3_quarantine_possibly_spam type PROTO operator IS value [ POP3 ] mail filterng selector item new selector spfilterset_pop3_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ] mail filterng new selector spfilterset_pop3_quarantine_possibly_spam action QUARANTINE pos 8 # Activate filterng and save configuration mail filterng update system config save
CLI Kommando Set für Mail-Connector
Bitte wählen Sie dieses Script, wenn Sie E-Mails über den Mail-Connector zustellen.
# MAIL-Connector # DROP Virus (spfilterset_mailconnector_drop_virus) mail filterng selector new name spfilterset_mailconnector_drop_virus binop AND mail filterng selector item new selector spfilterset_mailconnector_drop_virus type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_drop_virus type VIRUS operator TRUE mail filterng new selector spfilterset_mailconnector_drop_virus action DROP pos 1 # Quarantine Word by MIME (spfilterset_mailconnector_quarantine_word_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_word_by_mime binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_word_by_mime action QUARANTINE pos 2 # Quarantine Excel by MIME (spfilterset_mailconnector_quarantine_excel_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_excel_by_mime binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_excel_by_mime action QUARANTINE pos 3 # Quarantine compressed files by MIME (spfilterset_mailconnector_quarantine_zip_by_mime) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_zip_by_mime binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_zip_by_mime action QUARANTINE pos 4 # Quarantine Office files by extention (spfilterset_mailconnector_quarantine_office_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_office_by_ext binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type CONTENT type_arg FILENAME operator IN value [ doc dot docx docm dotx dotm docb xls xlsx xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_office_by_ext action QUARANTINE pos 5 # Quarantine compressed files by extention (spfilterset_mailconnector_quarantine_zip_by_ext) # Please adjust trusted domain - this is not recommended mail filterng selector new name spfilterset_mailconnector_quarantine_zip_by_ext binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type CONTENT type_arg FILENAME operator IS value [ zip 7z ace arj cab zz zipx ] #mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ] mail filterng new selector spfilterset_mailconnector_quarantine_zip_by_ext action QUARANTINE pos 6 # Quarantin SPAM (spfilterset_mailconnector_quarantine_spam) mail filterng selector new name spfilterset_mailconnector_quarantine_spam binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_spam type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_spam type SPAM operator IS value [ VERIFIED ] mail filterng new selector spfilterset_mailconnector_quarantine_spam action QUARANTINE pos 7 # Quarantine probably SPAM (spfilterset_mailconnector_quarantine_possibly_spam) mail filterng selector new name spfilterset_mailconnector_quarantine_possibly_spam binop AND mail filterng selector item new selector spfilterset_mailconnector_quarantine_possibly_spam type PROTO operator IS value [ FETCHMAIL ] mail filterng selector item new selector spfilterset_mailconnector_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ] mail filterng new selector spfilterset_mailconnector_quarantine_possibly_spam action QUARANTINE pos 8 # Activate filterng and save configuration mail filterng update system config save