Wechseln zu:Navigation, Suche
Wiki
Keine Bearbeitungszusammenfassung
Keine Bearbeitungszusammenfassung
Zeile 62: Zeile 62:
mail filterng selector new name spfilterset_smtp_reject_zip_by_ext binop AND
mail filterng selector new name spfilterset_smtp_reject_zip_by_ext binop AND
mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ]
mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type CONTENT type_arg SUFFIX operator IS value [ zip 7z ace arj cab zz zipx ]
#mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
#mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_smtp_reject_zip_by_ext action REJECT pos 6
mail filterng new selector spfilterset_smtp_reject_zip_by_ext action REJECT pos 6

Version vom 25. Februar 2016, 10:44 Uhr

Passend zu unserem HOWTO zur Filterung von Office Dokumenten finden Sie hier vorbereitete CLI Kommando Sets die entsprechende Filterregeln im Mailfilter der Securepoint UTM erzeugen.

Bitte beachten Sie, dass die Syntax auf der Securepoint UTM 11.6.x basierend ist.

Die mit # anfangenden Zeilen sind keine CLI Kommandos und können vorher entfernt werden. Sie können diese auch mit auf die Konsole kopieren, müssen dann die Fehler der Ausgabe entsprechend ignorieren.

So verwenden Sie die CLI Kommando Sets: Melden Sie sich als Benutzer admin über ssh mit einem entsprechenden SSH Client (wie z.B. Putty) an der Securepoint UTM Firewall an. Kopieren Sie das für Sie passende Script (SMTP, POP3 oder MAILCONNECTOR) und fügen Sie dies auf der Oberfläche der UTM ein.

Wenn Sie Ausnahmen für Domains einrichten wollen (wir empfehlen dies nicht zu tun), dann müssen Sie die # vor den entsprechenden Zeilen entfernen und die Liste der in eckigen Klammern stehenden Domainnamen (z.B. vertrautedomain1.tld) durch die gewünschten Ausnahmedomains ersetzen.

Die hier aufgeführten CLI Kommando Sets dienen als Beispiel und haben keinen Anspruch auf Vollständigkeit bezogen auf Mime Typen, Dateierweiterungen usw. Außerdem umfassen diese keine Kundenindividuellen Besonderheiten. Die CLI Kommando Sets dürfen nur von geschultem Personal angewendet werden.


CLI Kommando Set für SMTP

Bitte wählen Sie dieses Script, wenn Sie E-Mails über den SMTP zustellen.

# SMTP
# REJECT Virus (spfilterset_smtp_reject_virus)
mail filterng selector new name spfilterset_smtp_reject_virus binop AND
mail filterng selector item new selector spfilterset_smtp_reject_virus type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_virus type VIRUS operator TRUE
mail filterng new selector spfilterset_smtp_reject_virus action REJECT pos 1

# Reject Word by MIME (spfilterset_smtp_reject_word_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_smtp_reject_word_by_mime binop AND
mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ]
#mail filterng selector item new selector spfilterset_smtp_reject_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_smtp_reject_word_by_mime action REJECT pos 2

# Reject Excel by MIME (spfilterset_smtp_reject_excel_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_smtp_reject_excel_by_mime binop AND
mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ]
#mail filterng selector item new selector spfilterset_smtp_reject_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_smtp_reject_excel_by_mime action REJECT pos 3

# Reject compressed files by MIME (spfilterset_smtp_reject_zip_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_smtp_reject_zip_by_mime binop AND
mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ]
#mail filterng selector item new selector spfilterset_smtp_reject_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_smtp_reject_zip_by_mime action REJECT pos 4

# Reject Office files by extention (spfilterset_smtp_reject_office_by_ext)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_smtp_reject_office_by_ext binop AND
mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ]
#mail filterng selector item new selector spfilterset_smtp_reject_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_smtp_reject_office_by_ext action REJECT pos 5

# Reject compressed files by extention (spfilterset_smtp_reject_zip_by_ext)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_smtp_reject_zip_by_ext binop AND
mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type CONTENT type_arg SUFFIX operator IS value [ zip 7z ace arj cab zz zipx ]
#mail filterng selector item new selector spfilterset_smtp_reject_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_smtp_reject_zip_by_ext action REJECT pos 6

# REJECT SPAM (spfilterset_smtp_reject_spam)
mail filterng selector new name spfilterset_smtp_reject_spam binop AND
mail filterng selector item new selector spfilterset_smtp_reject_spam type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_reject_spam type SPAM operator IS value [ VERIFIED ]
mail filterng new selector spfilterset_smtp_reject_spam action REJECT pos 7

# Quarantine probably SPAM (spfilterset_smtp_quarantine_possibly_spam)
mail filterng selector new name spfilterset_smtp_quarantine_possibly_spam binop AND
mail filterng selector item new selector spfilterset_smtp_quarantine_possibly_spam type PROTO operator IS value [ SMTP ]
mail filterng selector item new selector spfilterset_smtp_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ]
mail filterng new selector spfilterset_smtp_quarantine_possibly_spam action QUARANTINE pos 8

# Activate filterng and save configuration
mail filterng update
system config save


CLI Kommando Set für POP3 Proxy

Bitte wählen Sie dieses Script, wenn Sie E-Mails über den POP3 Proxy filtern.

# POP3Proxy
# Filter Virus (spfilterset_pop3_filter_virus)
mail filterng selector new name spfilterset_pop3_filter_virus binop AND
mail filterng selector item new selector spfilterset_pop3_filter_virus type PROTO operator IS value [ POP3 ]
mail filterng selector item new selector spfilterset_pop3_filter_virus type VIRUS operator TRUE
mail filterng new selector spfilterset_pop3_filter_virus action FILTER pos 1

# Filter Word by MIME (spfilterset_pop3_filter_word_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_pop3_filter_word_by_mime binop AND
mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type PROTO operator IS value [ POP3 ]
mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ]
#mail filterng selector item new selector spfilterset_pop3_filter_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_pop3_filter_word_by_mime action FILTER pos 2

# Filter Excel by MIME (spfilterset_pop3_filter_excel_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_pop3_filter_excel_by_mime binop AND
mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type PROTO operator IS value [ POP3 ]
mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ]
#mail filterng selector item new selector spfilterset_pop3_filter_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_pop3_filter_excel_by_mime action FILTER pos 3

# Filter compressed files by MIME (spfilterset_pop3_filter_zip_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_pop3_filter_zip_by_mime binop AND
mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type PROTO operator IS value [ POP3 ]
mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ]
#mail filterng selector item new selector spfilterset_pop3_filter_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_pop3_filter_zip_by_mime action FILTER pos 4

# Filter Office files by extention (spfilterset_pop3_filter_office_by_ext)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_pop3_filter_office_by_ext binop AND
mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type PROTO operator IS value [ POP3 ]
mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ]
#mail filterng selector item new selector spfilterset_pop3_filter_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_pop3_filter_office_by_ext action FILTER pos 5

# Filter compressed files by extention (spfilterset_pop3_filter_zip_by_ext)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_pop3_filter_zip_by_ext binop AND
mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type PROTO operator IS value [ POP3 ]
mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ]
#mail filterng selector item new selector spfilterset_pop3_filter_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_pop3_filter_zip_by_ext action FILTER pos 6

# Quarantine SPAM (spfilterset_pop3_quarantine_spam)
mail filterng selector new name spfilterset_pop3_quarantine_spam binop AND
mail filterng selector item new selector spfilterset_pop3_quarantine_spam type PROTO operator IS value [ POP3 ]
mail filterng selector item new selector spfilterset_pop3_quarantine_spam type SPAM operator IS value [ VERIFIED ]
mail filterng new selector spfilterset_pop3_quarantine_spam action QUARANTINE pos 7

# Quarantine probably SPAM (spfilterset_pop3_quarantine_possibly_spam)
mail filterng selector new name spfilterset_pop3_quarantine_possibly_spam binop AND
mail filterng selector item new selector spfilterset_pop3_quarantine_possibly_spam type PROTO operator IS value [ POP3 ]
mail filterng selector item new selector spfilterset_pop3_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ]
mail filterng new selector spfilterset_pop3_quarantine_possibly_spam action QUARANTINE pos 8

# Activate filterng and save configuration
mail filterng update
system config save


CLI Kommando Set für Mail-Connector

Bitte wählen Sie dieses Script, wenn Sie E-Mails über den Mail-Connector zustellen.

# MAIL-Connector
# DROP Virus (spfilterset_mailconnector_drop_virus)
mail filterng selector new name spfilterset_mailconnector_drop_virus binop AND
mail filterng selector item new selector spfilterset_mailconnector_drop_virus type PROTO operator IS value [ FETCHMAIL ]
mail filterng selector item new selector spfilterset_mailconnector_drop_virus type VIRUS operator TRUE
mail filterng new selector spfilterset_mailconnector_drop_virus action DROP pos 1

# Quarantine Word by MIME (spfilterset_mailconnector_quarantine_word_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_mailconnector_quarantine_word_by_mime binop AND
mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type PROTO operator IS value [ FETCHMAIL ]
mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type CONTENT type_arg MIME operator IS value [ application/msword application/vnd.openxmlformats-officedocument wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.template application/vnd.ms-word.document.macroEnabled.12 application/vnd.ms-word.template.macroEnabled.12 ]
#mail filterng selector item new selector spfilterset_mailconnector_quarantine_word_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_mailconnector_quarantine_word_by_mime action QUARANTINE pos 2

# Quarantine Excel by MIME (spfilterset_mailconnector_quarantine_excel_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_mailconnector_quarantine_excel_by_mime binop AND
mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type PROTO operator IS value [ FETCHMAIL ]
mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type CONTENT type_arg MIME operator IS value [ application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.template application/vnd.ms-excel.sheet.macroEnabled.12 application/vnd.ms-excel.template.macroEnabled.12 application/vnd.ms-excel.addin.macroEnabled.12 application/vnd.ms-excel.sheet.binary.macroEnabled.12 ]
#mail filterng selector item new selector spfilterset_mailconnector_quarantine_excel_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_mailconnector_quarantine_excel_by_mime action QUARANTINE pos 3

# Quarantine compressed files by MIME (spfilterset_mailconnector_quarantine_zip_by_mime)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_mailconnector_quarantine_zip_by_mime binop AND
mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type PROTO operator IS value [ FETCHMAIL ]
mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type CONTENT type_arg MIME operator IS value [ application/x-zip-compressed application/zip ]
#mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_mime type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_mailconnector_quarantine_zip_by_mime action QUARANTINE pos 4

# Quarantine Office files by extention (spfilterset_mailconnector_quarantine_office_by_ext)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_mailconnector_quarantine_office_by_ext binop AND
mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type PROTO operator IS value [ FETCHMAIL ]
mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ]
#mail filterng selector item new selector spfilterset_mailconnector_quarantine_office_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_mailconnector_quarantine_office_by_ext action QUARANTINE pos 5

# Quarantine compressed files by extention (spfilterset_mailconnector_quarantine_zip_by_ext)
# Please adjust trusted domain - this is not recommended
mail filterng selector new name spfilterset_mailconnector_quarantine_zip_by_ext binop AND
mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type PROTO operator IS value [ FETCHMAIL ]
mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type CONTENT type_arg SUFFIX operator IS value [ doc dot docx docm dotx dotm docb xls xlt xlm xlsb xla xlam xll xlw ppt pot pps pptx pptm potx potm ppam ppsx ppsm sldx sldm pub ]
#mail filterng selector item new selector spfilterset_mailconnector_quarantine_zip_by_ext type FROM operator NOTIN value [ vertrautedomain1.tld vertrautedomain2.tld ]   
mail filterng new selector spfilterset_mailconnector_quarantine_zip_by_ext action QUARANTINE pos 6

# Quarantin SPAM (spfilterset_mailconnector_quarantine_spam)
mail filterng selector new name spfilterset_mailconnector_quarantine_spam binop AND
mail filterng selector item new selector spfilterset_mailconnector_quarantine_spam type PROTO operator IS value [ FETCHMAIL ]
mail filterng selector item new selector spfilterset_mailconnector_quarantine_spam type SPAM operator IS value [ VERIFIED ]
mail filterng new selector spfilterset_mailconnector_quarantine_spam action QUARANTINE pos 7

# Quarantine probably SPAM (spfilterset_mailconnector_quarantine_possibly_spam)
mail filterng selector new name spfilterset_mailconnector_quarantine_possibly_spam binop AND
mail filterng selector item new selector spfilterset_mailconnector_quarantine_possibly_spam type PROTO operator IS value [ FETCHMAIL ]
mail filterng selector item new selector spfilterset_mailconnector_quarantine_possibly_spam type SPAM operator IS value [ SUSPECTED ]
mail filterng new selector spfilterset_mailconnector_quarantine_possibly_spam action QUARANTINE pos 8

# Activate filterng and save configuration
mail filterng update
system config save