If MailMarshal does not know about a particular file type, it will block emails with attachments of this type as Suspect and you have to unblock each message. To apply a more permanent fix, you can edit the MailMarshal config to allow these messages.
The obvious (and incorrect) way to do this is by whitelisting domains and senders. This is a bad approach because whitelisted senders could concievably get viruses on their machines and email your users unwittingly. If you trust a domain to say that they will never send you a malicious email, you are also trusting in their IT departments competency and each of their users competency, not just trusting their integrity! Using a blanket whitelist policy in this way is unsecure.
The correct way to permanently unblock a file attachment of a particular type in MailMarshal SMTP is:
- To get as many sample attachments of that type as possible and open them in an hex editor.
- You should then identify a pattern in each of these files. You’re looking for identical runs of ideally 8-16 characters.
- Edit the filetype.cfg file in the MailMarshal install directory which is typically stored under C:\Program Files (x86)\Marshal\MailMarshal. If the file doesn’t exist, create it.
- Create lines in the config file thusly:T: FileType
- If the file is an ASCII file, create the following record:A: offset,length=ascii signature
The offset is an integer representing the position of the first character of the ASCII signature (starting at 0). The length is the length of the ASCII signature and the ASCII signature is the pattern you identidied. You may have multiple lines of A:, which can be used to identify the filetype. If a file matches ANY of the lines specified, it will become a regonised filetype.
If the file is a binary file, create the following record:
X: offset=hexadecimal signature
Again, the offset is an integer representing the position of the first character of the hexadecimal signature (starting at 0) and the hexidecimal signature is the pattern you identidied in step 2. You may have multiple lines of X:, which can be used to identify the filetype. If a file matches ANY of the lines specified, it will become a regonised filetype.
- You may optionally add a line begining with # to do a comment after the X or A lines.
- Save the filetype.cfg file and secure it with NTFS permissions so that only the mail administrator and MailMarshal services (typically Local System account) have access to it.
- Restart the MailMarshal services.
- Create or edit your MailMarshal SMTP rules as required (The new filetype will be listed at the bottom of the filetype list)
Here are examples of entries in filetype.cfg:
D:CDX Molecular Structure
X:0=56 6a 43 44 30 31 30 30
# This is an example of a CDX binary file signature
D:Mac Word embedded PCT Files
X:10=0011 02ff 0c00 fffe
# This is an example of an embedded PCT file for MS Word for Apple Mac