Trustwave Research Reveals Cybersecurity Risks Threatening Patient Lives in Healthcare. Learn More

Request a Demo
Trustwave Research Reveals Cybersecurity Risks Threatening Patient Lives in Healthcare. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Loading...
Loading...

Trustwave Knowledge Base

Home » Knowledgebase » Trustwave MailMarshal (SEG) » HOWTO: How do I allow Blackberry messages to bypass the 'Block...

HOWTO: How do I allow Blackberry messages to bypass the 'Block Unknown Attachments' Rule?

Expand / Collapse
Show/Hide Article Tools


This article applies to:

  • Trustwave ECM/MailMarshal Exchange
  • Trustwave MailMarshal (SEG)

Question:

  • Blackberry generated messages blocked as containing unknown attachments
  • How do I allow Blackberry messages to bypass the 'Block Unknown Attachments' Rule?

Procedure:

  • The below procedures assume your email policy (processing rules) uses the default Policy Groups (Rulesets) and Rules. The same principles apply if you have created custom rules.
  • Names of items and exact editing procedures are slightly different depending on the exact version of MailMarshal in use. For detailed information about your version, see the product Help.

Method 1: Modify the existing 'Block Unknown Attachments' rule

To maintain the 'Block Unknown Attachments' Rule and allow e-mail messages from Blackberry users to pass through, you can create an exception for the rule based on the Blackberry user e-mail addresses:

  • Add Blackberry users to a 'Trusted Attachment Sources' group:
  1. In the left pane of the MailMarshal Configurator or Management Interface, expand Policy Elements | User Groups.
  2. Create a new group entitled Trusted Attachment Sources.
  3. Edit Trusted Attachment Sources and select Add or  Insert User(s).
  4. Enter the domain name (example: *@blackberry.net).
  5. Click Save or OK.
  • Modify the 'Block Unknown Attachments' rule to exclude the Blackberry senders:
  1. In the left pane of the MailMarshal Configurator or Management Interface, expand Email Policy (labeled Rulesets in earlier versions).
  2. Select the Attachment Management (Inbound) item.
  3. Double-click the Block Unknown Attachments Rule.
  4. Click the User Matching tab.
  5. Scroll down and check the Except where addressed from box.
  6. Click 'group' or 'people' (link is red and underlined).
  7. In the selection window, double click or drag the Trusted Attachment Sources group to add this group to the list.
  8. Click OK or Save.
  9. Click OK or Save on the rule properties window, and commit configuration.

Method 2: Skip the 'Block Unknown Attachments' rule for trusted senders

  • Create a usergroup of trusted attachment sources
    1. In the left pane of the MailMarshal Configurator or Management Interface, expand Policy Elements | User Groups.
    2. Create a new group entitled Trusted Attachment Sources.
    3. Edit Trusted Attachment Sources and select Add or  Insert User(s).
    4. Enter the domain name (example: *@blackberry.net).
    5. Click Save or OK.
  • Create a rule to skip the 'Block Unknown Attachments' rule for Blackberry DAT files
    1. Within the Attachment Management (Inbound) ruleset/policy group, create a new rule that reads as follows:

      When a message arrives
      Where message is incoming
      Where addressed from 'Trusted Attachment Sources'
      Where message contains attachments named '*.dat'
      Pass the message on and skip the next rule

    2. Give the rule a name, and move the rule up so that it resides directly above the Block Unknown Attachments rule.
    3. Commit configuration.

Method 3: Add a custom file type signature for Blackberry DAT files:

If you create a filetype signature for Blackberry DAT files, then they will no longer be "unknown". You will be able to select this type in the file type selection window and take any desired action on these files or messages that contain them.

See Q10199 for more information about adding custom signatures.

Note that with this method, the Blackberry DAT files will not be unpacked (no unpacking method is specified for custom types).

Notes:

  • The first method will allow all messages from Blackberry to bypass the 'Block unknown attachment' rule only. You may need to add additional users to the Trusted Attachment Sources user group to cover all variations of Blackberry addresses.
  • The second method is intended to be more restrictive, by only giving senders in the Trusted Attachment Sources group the ability to bypass the Block Unknown Attachments rule, if and only if the extension is .dat. The first method excludes addresses in the Trusted Attachment Sources group from the rule regardless of the name of the file being sent.  
This article was previously published as:
NETIQKB40320

To contact Trustwave about this article or to request support:

Rate this Article:
     
Tags:

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster.


Execution: 0.031. 8 queries. Compression Disabled.
Powered by InstantKB.NET