none
Block ALL attachments

    Question

  • I am looking at trying to create a transport rule to block ANY and ALL attachments in the Exchange 2013 environment.

    Test 1 was creating a rule using "Any attachment is greater than or equal to..." 0kb and found that this will block any email that is sent whether it actually has an attachment or not.

    Test 2 was creating a rule using "Any attachment's file name matches...".  While using RegEx, for example [a-z0-9], I have been able to block emails with attachments.  The issue with this is if the body of the email has a large amount of information the email will be blocked even if the email does not contain any attachments.

    Anyone out there have any experience with blocking all attachments in their environment?

    -Coupe

    Friday, January 27, 2017 4:22 PM

All replies

  • Hi

    What pattern you are using to block the attachments ? try to define file extensions like ” *.zip” to be blocked in your transport rule. Following extensions are supported.

    File extension:-

    .docm, .docx, .pptm, .pptx, .pub, .one, .xlsb, .xlsm, .xlsx .doc, .ppt, .xls .rtf, .vdw, .vsd, .vss, .vst .txt, .asm, .bat, .c, .cmd, .cpp, .cxx, .def, .dic, .h, .hpp, .hxx, .ibq, .idl, .inc, inf, .ini, inx, .js, .log, .m3u, .pl, .rc, .reg, .txt, .vbs, .wtx .pdf .html .xml, .odp, .ods, .odt .odp, .ods, .odt .dxf .bz2, cab, .gz, .rar, .tar, .zip, .7z

    .jpg, .tiff

    For these conditions, only the first 1 MB of text extracted from an attachment is inspected. Note that the 1 MB limit refers to the extracted text, not the file size of the attachment. For example, a 2 MB file may contain less than 1 MB of text, so all of the text would be inspected.

    You can follow some common scenario for blocking email attachments.

    https://technet.microsoft.com/en-us/library/dn950026(v=exchg.150).aspx

    https://technet.microsoft.com/en-us/library/jj919236(v=exchg.150).aspx

    Kindly click "Mark as Answer" on the post that helps you, this can be beneficial to other community members reading this thread.

    Regards.

    H.shakir

    • Edited by H Shakir Friday, January 27, 2017 4:52 PM
    Friday, January 27, 2017 4:52 PM
  • Hello H.shakir

    The pattern I was trying to block extensions by is using regular expression, https://msdn.microsoft.com/en-us/library/az24scfc(v=vs.110).aspx, to try to catch any attachments by name, for example [a-z0-9].  I tried .* wildcard but exchange doesn't accept this.  I dont want to hand jamb extensions as there are pretty much unlimited amounts of file extensions out there and then you could also just make one up.

    In the referenced https://technet.microsoft.com/en-us/library/dn950026(v=exchg.150).aspx site Example 1: Block messages with attachments, and notify the sender is what I initially tried as this was exactly what I wanted to achieve.  What I found is that this rule would block ALL email not just emails with attachments.

    -Coupe

    Friday, January 27, 2017 10:11 PM
  • Hi

    Can you please paste here your transport rule snap to see what exactly going on and you are trying to configure ?

    regards.

    H.Shakir
    Friday, January 27, 2017 11:08 PM
  • Realize too that attachments can be hidden or visible.  a "hidden" attachment is typically an inline graphic for an html body.  if you are blocking ALL attachments, you may end up blocking emails that have inline attachments.  this can end up blocking emails with fancy signatures created by a marketing dept, or that have a user thumbnail image.

    maybe there's another way to solve the problem?  i'll assume that the attempt to block ALL attachments is an attempt to solve some other issue...if so, can you inform us of the higher level issue?  maybe there a better way to solve that.

    Saturday, January 28, 2017 1:46 AM
  • PowerMapi is correct.  Many people's autosignatures' little LinkedIn and Facebook icons are actually attachments.  You're going to get a lot of blowback if you succeed in this.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Saturday, January 28, 2017 6:12 AM
    Moderator
  • I know this is counterintuitive to what Exchange can do but it is understood that ANY attachments are not allowed in our environment.  The only correspondence required is plain text with a hyperlink here and there to a local webserver or unc path.  There aren't any other issue(s) that are the root cause of us trying to create the rule to block all attachments.  Users that have any type of fancy auto signatures will need to create them without embedded images.

    I created a transport rule that achieves the result that I am looking for except satisfying my OCD.

    New-TransportRule -AttachmentSizeOver 1B -Name TransportRuleName.........

    This rule will block any attachments whether hidden or viewable that are over 1Byte.  You get around this rule by creating a "zero" byte text file but give it a really long file name and exchange will still allow this attachment to be sent.  This only irks my OCD as anything in a file name can be sent in the subject or body of the email itself.

    Monday, January 30, 2017 3:52 PM
  • It's not an Exchange thing, it's a message formatting thing.  All those pretty little pictures people insist on putting in their messages are attachments.  Special message formatting imbeds them into the message so they don't look like attachments.  I'm sure you've seen when messages are sometimes sent through something that converts them to plain text, you'll end up with a message that has a bunch of attachments for those little pretty pictures.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, January 30, 2017 5:28 PM
    Moderator
  • Besides, purchase and use anti-malware to do this, not Exchange rules. Don't the transport rules drop the entire message if they have an attachment?

    Blog:    Twitter:   

    Monday, January 30, 2017 6:38 PM
  • I haven't been able to find a rule action that strips an attachment.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Tuesday, January 31, 2017 7:01 AM
    Moderator