LevelBlue Completes Acquisition of Cybereason.  Learn More

LevelBlue Completes Acquisition of Cybereason.  Learn More

Services
Cyber Advisory
Managed Cloud Security
Data Security
Managed Detection & Response
Email Security
Managed Network Infrastructure Security
Exposure Management
Security Operations Platforms
Incident Readiness & Response
SpiderLabs Threat Intelligence
View All Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the IoT Landscape
Test, monitor and secure network objects
Why LevelBlue
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
LevelBlue SpiderLabs
Global researchers, ethical hackers, and responders
LevelBlue Security Operations Platforms
Unprecedented security visibility and control
Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Loading...
Loading...

LevelBlue Knowledge Base

Home » Knowledgebase » MailMarshal (SEG) » HOWTO: How do I allow Blackberry messages to bypass the 'Block...

HOWTO: How do I allow Blackberry messages to bypass the 'Block Unknown Attachments' Rule?

Expand / Collapse
Show/Hide Article Tools


This article applies to:

  • MailMarshal ECM/MailMarshal Exchange
  • MailMarshal (SEG)

Question:

  • Blackberry generated messages blocked as containing unknown attachments
  • How do I allow Blackberry messages to bypass the 'Block Unknown Attachments' Rule?

Procedure:

  • The below procedures assume your email policy (processing rules) uses the default Policy Groups (Rulesets) and Rules. The same principles apply if you have created custom rules.
  • Names of items and exact editing procedures are slightly different depending on the exact version of MailMarshal in use. For detailed information about your version, see the product Help.

Method 1: Modify the existing 'Block Unknown Attachments' rule

To maintain the 'Block Unknown Attachments' Rule and allow e-mail messages from Blackberry users to pass through, you can create an exception for the rule based on the Blackberry user e-mail addresses:

  • Add Blackberry users to a 'Trusted Attachment Sources' group:
  1. In the left pane of the MailMarshal Configurator or Management Interface, expand Policy Elements | User Groups.
  2. Create a new group entitled Trusted Attachment Sources.
  3. Edit Trusted Attachment Sources and select Add or  Insert User(s).
  4. Enter the domain name (example: *@blackberry.net).
  5. Click Save or OK.
  • Modify the 'Block Unknown Attachments' rule to exclude the Blackberry senders:
  1. In the left pane of the MailMarshal Configurator or Management Interface, expand Email Policy (labeled Rulesets in earlier versions).
  2. Select the Attachment Management (Inbound) item.
  3. Double-click the Block Unknown Attachments Rule.
  4. Click the User Matching tab.
  5. Scroll down and check the Except where addressed from box.
  6. Click 'group' or 'people' (link is red and underlined).
  7. In the selection window, double click or drag the Trusted Attachment Sources group to add this group to the list.
  8. Click OK or Save.
  9. Click OK or Save on the rule properties window, and commit configuration.

Method 2: Skip the 'Block Unknown Attachments' rule for trusted senders

  • Create a usergroup of trusted attachment sources
    1. In the left pane of the MailMarshal Configurator or Management Interface, expand Policy Elements | User Groups.
    2. Create a new group entitled Trusted Attachment Sources.
    3. Edit Trusted Attachment Sources and select Add or  Insert User(s).
    4. Enter the domain name (example: *@blackberry.net).
    5. Click Save or OK.
  • Create a rule to skip the 'Block Unknown Attachments' rule for Blackberry DAT files
    1. Within the Attachment Management (Inbound) ruleset/policy group, create a new rule that reads as follows:

      When a message arrives
      Where message is incoming
      Where addressed from 'Trusted Attachment Sources'
      Where message contains attachments named '*.dat'
      Pass the message on and skip the next rule

    2. Give the rule a name, and move the rule up so that it resides directly above the Block Unknown Attachments rule.
    3. Commit configuration.

Method 3: Add a custom file type signature for Blackberry DAT files:

If you create a filetype signature for Blackberry DAT files, then they will no longer be "unknown". You will be able to select this type in the file type selection window and take any desired action on these files or messages that contain them.

See Q10199 for more information about adding custom signatures.

Note that with this method, the Blackberry DAT files will not be unpacked (no unpacking method is specified for custom types).

Notes:

  • The first method will allow all messages from Blackberry to bypass the 'Block unknown attachment' rule only. You may need to add additional users to the Trusted Attachment Sources user group to cover all variations of Blackberry addresses.
  • The second method is intended to be more restrictive, by only giving senders in the Trusted Attachment Sources group the ability to bypass the Block Unknown Attachments rule, if and only if the extension is .dat. The first method excludes addresses in the Trusted Attachment Sources group from the rule regardless of the name of the file being sent.  
This article was previously published as:
NETIQKB40320

To contact LevelBlue about this article or to request support:

Rate this Article:
     
Tags:

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster.


Execution: 0.031. 8 queries. Compression Disabled.
Powered by InstantKB.NET