SMTP-Proxy: Content Types
Certain kinds of content embedded in email and attachments can be a security threat to your network. Other kinds of content can decrease the productivity of your users. You can use the ruleset for the SMTP-Incoming proxy action to set values for incoming SMTP content filtering. You can use the ruleset for the SMTP-Outgoing proxy action to set values for outgoing SMTP content filtering. The SMTP-proxy allows these content types: text/*, image/*, multipart/*, and message/*. You can add, delete, or modify rules to perform actions based on content types found in email content and attachments (including compressed archive files).
You can also configure the SMTP-proxy to automatically examine the content of email messages to determine the content type. If you do not enable this option, the SMTP-proxy uses the value stated in the email header, which clients sometimes set incorrectly. For example, an attached .pdf file might have a content type stated as application/octet-stream. If you enable content type auto detection, the SMTP-proxy recognizes the .pdf file and uses the actual content type, application/pdf. If the proxy does not recognize the content type after it examines the content, it uses the value stated in the email header, as it would if content type auto detection were not enabled. Because hackers often try to disguise executable files as other content types, we recommend that you enable content type auto detection to make your installation more secure.
Remove Microsoft Office Document Attachments that contain Macros
To remove these attachments, you can add Content Type rules to detect macros and set the If matched action to Strip.
application/x-vbscript
application/msword (macro-enabled)
application/vnd.ms-excel (macro-enabled)
The application/x-vbscript pattern identifies only VBScript type macros in documents. It does not identify macro-enabled files. This pattern match rule is supported in Fireware v11.11 and higher.
The other two patterns can identify macro-enabled Microsoft Word and Excel files. These pattern match rules are supported in Fireware v11.11.4 and higher.
Configure Rules
- In the SMTP Proxy Action configuration, select Content Types.
SMTP Proxy Action Content Types configuration in Fireware Web UI
SMTP Proxy Action Content Types configuration in Policy Manager
- To enable the SMTP-proxy to examine content to determine content type, select the Enable content type auto detection check box.
- Configure the rule action.
For more information, go to Add, Change, or Delete Rules. - To change settings for another category in this proxy, see the topic for that category.
- Save the configuration.
If you modified a predefined proxy action, when you save the changes you are prompted to clone (copy) your settings to a new action.
For more information on predefined proxy actions, go to About Proxy Actions.
Add Common Content Types
The proxy definition includes several content types that you can easily add to the Content Type ruleset.
To add a content type, from Policy Manager:
- Click Predefined.
The Select Content Type dialog box appears.
- Select one or more content types in the list.
- Click OK.
Configure Body Encryption Settings
Your Firebox detects the body encryption settings in an email based on PGP MIME types. To specify the encryption requirements for the body content of the email messages that are sent through your network, you can configure the settings for Body Encryption. You can add rules to allow or deny an email message based on the encryption criteria you specify. When you configure the rules for encrypted content, you can specify the actions to take for messages from a particular email address to a particular email address, or you can use wildcards to add global rules that apply to all email messages. Rules are applied to email messages in the order you specify in the Encrypted Content Rules list. Make sure to arrange the rules in your list in the best order for your organization.
From the SMTP Proxy Action Settings page, from Fireware Web UI:
- From the Attachments drop-down list, select Body Encryption.
The Body Encryption settings appear.
- To add a new rule, click Add.
The Add Rule dialog box appears.
- In the To Address text box, type a valid email address.
To use a wildcard, type *@*. - To set a specific From Address, in the From Address text box, type an email address.
- To set the action the proxy takes for this rule, from the Action drop-down list, select an option:
- Required
- Allowed
- Denied
The default Action setting is Required.
- Click OK.
The rule appears in the Body Encryption list. - To change the order of the rules in the list, select a rule and click Move Up or Move Down.
- To disable a rule in the list, clear the Enabled check box.
From the Content Types page, from Policy Manager:
- Select the Body Encryption tab.
The Encrypted Content Rules appear.
- To add a new rule, click Add.
A new line appears in the Encrypted Content Rules list. The default From Address value is the wildcard *@*. - In the To Address text box, type a valid email address and press Enter on your keyboard.
To use a wildcard, type *@*. - To set a specific From Address, double-click the From Address list item and type an email address in the text box that appears. Press Enter on your keyboard.
- To set the action the proxy takes for this rule, click the value in the Action column and select an option:
- Required
- Allowed
- Denied
The default Action setting is Required.
- To change the order of the rules in the list, select a rule and click Up or Down.
- To disable a rule in the list, clear the Enabled check box.