LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Can a firewall block unencrypted email attachments from being sent?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-09-2010, 05:20 AM   #1
tarekeldeeb
LQ Newbie
 
Registered: Jun 2009
Posts: 7

Rep: Reputation: 0
Can a firewall block unencrypted email attachments from being sent?

Hello all,

I manage a linux-based network, where some projects are currently under development. Our IT policy states that any email attachment shall be encrypted using GPG.

Can I block other attachments using a firewall?

Note: Currently our mail server is not in campus. So I can only use a firewall for this security issue.

Thanks,
Tarek
 
Old 12-09-2010, 05:47 AM   #2
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
Not really. I suppose you could enforce a policy whereby the encrypted item had a specific mime type assigned. You could then configure the MTA to reject all other mime types on outgoing messages.
 
1 members found this post helpful.
Old 12-10-2010, 05:20 AM   #3
tarekeldeeb
LQ Newbie
 
Registered: Jun 2009
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by nowonmai View Post
Not really. I suppose you could enforce a policy whereby the encrypted item had a specific mime type assigned. You could then configure the MTA to reject all other mime types on outgoing messages.
Thanks for your reply.

I am still new to this security world.

Using gpg with ubuntu, encrypted files are in gpg extension have the MIME:
PGP/MIME-encrypted message header (application/pgp-encrypted)

is this what you mean?

I google for MTA, it appears to be the main part of the mail server. But I do not have any, I host my mail remotely.

Can a firewall be configured to filter-out other MIME attachments?

Thanks for your time.
Last edited by tarekeldeeb; 12-10-2010 at 05:25 AM.
 
Old 12-10-2010, 06:56 AM   #4
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
You would still need to use an MTA to handle the filtering, as a firewall, or at least iptables, does its filtering at packet level. You could configure Postfix (for example) to be your local SMTP server and deliver through this, while still collecting from the remote server via POP3 .
 
Old 12-10-2010, 08:09 AM   #5
Dani1973
Member
 
Registered: Dec 2010
Distribution: Debian testing
Posts: 148

Rep: Reputation: 16
Like nowonmai said, you will need a MTA for this.

What you could do is set your firewall to restrict mail communication to you external server and use the MTA of that server.
But imho it would be better to solve that locally right away.
 
Old 12-11-2010, 05:05 AM   #6
tarekeldeeb
LQ Newbie
 
Registered: Jun 2009
Posts: 7

Original Poster
Rep: Reputation: 0
thanks for the gr8 info.

I appreciate your help
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pipe email to extract attachments. Script works, but email sender receives an error! ceashton Linux - Server 4 01-08-2019 11:13 AM
Content filtering for Postfix 2.0.x How to block attachments? dtournas Linux - Security 3 01-07-2006 02:36 PM
Block Email Attachments sami.ma Linux - Security 2 01-07-2006 02:28 PM
email attachments rhb327 Linux - Software 2 11-13-2004 09:08 AM
email attachments - chinese wilsnyder Linux - Newbie 3 07-12-2003 03:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:47 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration