How do I allow Blackberry messages to bypass the 'Block Unknown Attachments' Rule?


This article applies to:

  • Trustwave ECM/MailMarshal Exchange
  • Trustwave MailMarshal (SEG)

Question:

  • Blackberry generated messages blocked as containing unknown attachments
  • How do I allow Blackberry messages to bypass the 'Block Unknown Attachments' Rule?

Procedure:

  • The below procedures assume your email policy (processing rules) uses the default Policy Groups (Rulesets) and Rules. The same principles apply if you have created custom rules.
  • Names of items and exact editing procedures are slightly different depending on the exact version of MailMarshal in use. For detailed information about your version, see the product Help.

Method 1: Modify the existing 'Block Unknown Attachments' rule

To maintain the 'Block Unknown Attachments' Rule and allow e-mail messages from Blackberry users to pass through, you can create an exception for the rule based on the Blackberry user e-mail addresses:

  • Add Blackberry users to a 'Trusted Attachment Sources' group:
  1. In the left pane of the MailMarshal Configurator or Management Interface, expand Policy Elements | User Groups.
  2. Create a new group entitled Trusted Attachment Sources.
  3. Edit Trusted Attachment Sources and select Add or  Insert User(s).
  4. Enter the domain name (example: *@blackberry.net).
  5. Click Save or OK.
  • Modify the 'Block Unknown Attachments' rule to exclude the Blackberry senders:
  1. In the left pane of the MailMarshal Configurator or Management Interface, expand Email Policy (labeled Rulesets in earlier versions).
  2. Select the Attachment Management (Inbound) item.
  3. Double-click the Block Unknown Attachments Rule.
  4. Click the User Matching tab.
  5. Scroll down and check the Except where addressed from box.
  6. Click 'group' or 'people' (link is red and underlined).
  7. In the selection window, double click or drag the Trusted Attachment Sources group to add this group to the list.
  8. Click OK or Save.
  9. Click OK or Save on the rule properties window, and commit configuration.

Method 2: Skip the 'Block Unknown Attachments' rule for trusted senders

  • Create a usergroup of trusted attachment sources
    1. In the left pane of the MailMarshal Configurator or Management Interface, expand Policy Elements | User Groups.
    2. Create a new group entitled Trusted Attachment Sources.
    3. Edit Trusted Attachment Sources and select Add or  Insert User(s).
    4. Enter the domain name (example: *@blackberry.net).
    5. Click Save or OK.
  • Create a rule to skip the 'Block Unknown Attachments' rule for Blackberry DAT files
    1. Within the Attachment Management (Inbound) ruleset/policy group, create a new rule that reads as follows:

      When a message arrives
      Where message is incoming
      Where addressed from 'Trusted Attachment Sources'
      Where message contains attachments named '*.dat'
      Pass the message on and skip the next rule

    2. Give the rule a name, and move the rule up so that it resides directly above the Block Unknown Attachments rule.
    3. Commit configuration.

Method 3: Add a custom file type signature for Blackberry DAT files:

If you create a filetype signature for Blackberry DAT files, then they will no longer be "unknown". You will be able to select this type in the file type selection window and take any desired action on these files or messages that contain them.

See Q10199 for more information about adding custom signatures.

Note that with this method, the Blackberry DAT files will not be unpacked (no unpacking method is specified for custom types).

Notes:

  • The first method will allow all messages from Blackberry to bypass the 'Block unknown attachment' rule only. You may need to add additional users to the Trusted Attachment Sources user group to cover all variations of Blackberry addresses.
  • The second method is intended to be more restrictive, by only giving senders in the Trusted Attachment Sources group the ability to bypass the Block Unknown Attachments rule, if and only if the extension is .dat. The first method excludes addresses in the Trusted Attachment Sources group from the rule regardless of the name of the file being sent.  
This article was previously published as:
NETIQKB40320

Last Modified 4/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle10207.aspx