{"id":27502,"date":"2023-05-18T15:44:59","date_gmt":"2023-05-18T13:44:59","guid":{"rendered":"https:\/\/kb.zerospam.eu\/?post_type=docs&p=27502"},"modified":"2023-05-18T16:48:50","modified_gmt":"2023-05-18T14:48:50","password":"","slug":"manage-attachment-restrictions","status":"publish","type":"docs","link":"https:\/\/kb.zerospam.eu\/en\/docs\/manage-attachment-restrictions\/","title":{"rendered":"Manage Attachment Restrictions"},"content":{"rendered":"

The Attachment restrictions<\/b> page allows you to configure which email attachments to allow and which to block.<\/p>\n

In the Domain Level Control Panel, select Incoming – Protection Settings > Attachment restrictions<\/b> the Attachment restrictions page is displayed:<\/p>\n

\"\"<\/a><\/p>\n

The following restrictions can be configured:<\/p>\n\n\n\n\n\t\n\n\t\n\t\n\t\n\t\n\t
Restriction<\/th>Description<\/th>\n<\/tr>\n<\/thead>\n
Blocked Extensions<\/td>Messages that have an attachment with any of the selected extensions will be rejected.
\n
\nYou can add new extensions to those listed using the Add new extension<\/b> feature.<\/td>\n<\/tr>\n
Disallowed release extensions<\/td>Email users will not be allowed to release messages that contain attachments with the selected extensions.
\r\n
\r\nYou can add extensions to this list using the Add new extension<\/b> feature.<\/td>\n<\/tr>\n
Restriction options<\/td>
\n
  • Block password-protected archive attachments<\/b> - If enabled, blocks messages with password protected attachments like zip files<\/li>
    \n \t
  • Block potentially unwanted attachments<\/b> - If enabled, rejects attachments on inbound messages<\/b> only <\/strong>that are considered dangerous or unwanted. For example, compressed executable files (e.g. UPX packers), password tools, network tools, peer-to-peer clients, remote access applications, system tools, spying tools and documents containing scripts<\/li>
    \n \t
  • Block Attachments Containing Hidden Executables at Domain Level<\/b>- If enabled, ZIP, TAR, GZIP, BZIP2 and 7Z archives (other than those compressed with deflate64) are checked and the message will be rejected if the archive appears to contain an executable<\/li>
    \n \t
  • Block attachments with macros<\/b> - If enabled, then any message with a document based attachment (.doc, .xls, .ppt etc) that contains any kind of macro will be rejected<\/li>
    \n<\/ul><\/td>\n<\/tr>\n
Additional restrictions<\/td>Message link size limit (in bytes)<\/b> - This option restricts the amount of data that is downloaded per message. Links in messages to executable files that would be blocked as attachments are followed and the content is checked against an anti-virus database.
\n
\nMaximum MIME defects<\/b> - Messages that are sent with standard email clients have no defects, whereas spam messages are often generated with poorly developed software and have many defects. Normally we reject messages with defects but if you have a need to receive defective messages, you may set a limit or disable this check. If the defective messages come from a single sender, it would generally be better to either convince the sender to fix their software or allow that sender using Manage Incoming Sender Allow list<\/a>.<\/td>\n<\/tr>\n
Scanned link extensions<\/td>If the Message link size limit<\/b> is set (above), then links in messages to files with the selected extensions will be scanned for viruses and other malware.
\n
\nYou can add extensions to this list using the Add new extension<\/b> feature.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\t\n\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t
Default (inherited) Blocked Extensions<\/th>Default (inherited) Scanned Link Extensions<\/th>\n<\/tr>\n<\/thead>\n
.ade<\/td>.bat<\/td>\n<\/tr>\n
.adp<\/td>.btm<\/td>\n<\/tr>\n
.bat<\/td>.cmd<\/td>\n<\/tr>\n
.btm<\/td>.cpl<\/td>\n<\/tr>\n
.chm<\/td>.dll<\/td>\n<\/tr>\n
.cmd<\/td>.exe<\/td>\n<\/tr>\n
.com<\/td>.lnk<\/td>\n<\/tr>\n
.cpl<\/td>.msi<\/td>\n<\/tr>\n
.dll<\/td>.pif<\/td>\n<\/tr>\n
.docm<\/td>.prf<\/td>\n<\/tr>\n
.exe<\/td>.reg<\/td>\n<\/tr>\n
.hta<\/td>.scr<\/td>\n<\/tr>\n
.ins<\/td>.url<\/td>\n<\/tr>\n
.isp<\/td>.vbs<\/td>\n<\/tr>\n
.jar<\/td><\/td>\n<\/tr>\n
.js<\/td><\/td>\n<\/tr>\n
.jse<\/td><\/td>\n<\/tr>\n
.lib<\/td><\/td>\n<\/tr>\n
.lnk<\/td><\/td>\n<\/tr>\n
.mde<\/td><\/td>\n<\/tr>\n
.msc<\/td><\/td>\n<\/tr>\n
.msi<\/td><\/td>\n<\/tr>\n
.msp<\/td><\/td>\n<\/tr>\n
.mst<\/td><\/td>\n<\/tr>\n
.nsh<\/td><\/td>\n<\/tr>\n
.pif<\/td><\/td>\n<\/tr>\n
.prf<\/td><\/td>\n<\/tr>\n
.reg<\/td><\/td>\n<\/tr>\n
.scr<\/td><\/td>\n<\/tr>\n
.sct<\/td><\/td>\n<\/tr>\n
.shb<\/td><\/td>\n<\/tr>\n
.url<\/td><\/td>\n<\/tr>\n
.vb<\/td><\/td>\n<\/tr>\n
.vbe<\/td><\/td>\n<\/tr>\n
.vbs<\/td><\/td>\n<\/tr>\n
.vxd<\/td><\/td>\n<\/tr>\n
.wsc<\/td><\/td>\n<\/tr>\n
.wsf<\/td><\/td>\n<\/tr>\n
.wsh<\/td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n

Block Specific Extension Types<\/h2>\n

You can also block messages based on their attachment type. You can add more attachment types to the list of default ones already set up in the system.<\/p>\n

    \n
  1. In the Blocked extensions<\/b> panel, place a tick in the checkbox alongside the extension type you want to block<\/li>\n
  2. To add more extension types, use the Add new extensions<\/b> field<\/li>\n
  3. Click Save<\/b><\/li>\n<\/ol>\n

    Block Password Protected Archives<\/h2>\n

    Spammers often use the trick of sending password encrypted archives in the hope to bypass some filters, and saying the \u201cpassword\u201d in the body of the spam message. These messages can be blocked by enabling the \u201cBlock Password Protected Attachments\u201d feature.<\/p>\n

      \n
    1. In the Restriction Options<\/b> panel, place a tick in the Block password-protected archive attachments<\/b> checkbox<\/li>\n
    2. Click Save<\/b><\/li>\n<\/ol>\n

      Block Attachments Containing Hidden Executables at Domain Level<\/h2>\n

      To block dangerous attachments for a specific domain only:<\/p>\n

        \n
      1. In the Restriction Options<\/b> panel, place a tick in the Block attachments that contain hidden executables checkbox<\/b><\/li>\n
      2. Click Save<\/b><\/li>\n<\/ol>\n

        Block Attachments with Macros<\/h2>\n

        This option (which is disabled by default) allows you to reject all incoming emails received with document based attachments (.doc, .xls, .ppt etc) containing macros. This can be enabled per domain by:<\/p>\n

          \n
        1. In the Restriction Options<\/b> panel, place a tick in the Block attachments with macros<\/b> checkbox<\/li>\n
        2. Click Save<\/b><\/li>\n<\/ol>\n

          Enable Scanned Link Extensions<\/h2>\n

          This option (which is disabled by default) allows you to configure your domain(s) to allow the download of files of a specific extension type from links within an email. The system scans the files for any viruses or malware.<\/p>\n

            \n
          1. In the Additional Restrictions<\/b> panel, enter 2000000 in the Message link size limit (in bytes)<\/b> field<\/li>\n
          2. In the Scanned Link Extensions<\/b> panel, add the following extension types to the existing list using the Add new extensions<\/b> field: zip, rar, jar, js, java, aspx, doc, docm, xls, xlsm<\/li>\n
          3. Click Save<\/b><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

            The Attachment restrictions page allows you to configure which email attachments to allow and which to block. In the Domain Level Control Panel, select Incoming – Protection Settings > Attachment restrictions the Attachment restrictions page is displayed: The following restrictions can be configured: Block Specific Extension Types You can also block messages based on their […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"doc_category":[51],"doc_tag":[],"class_list":["post-27502","docs","type-docs","status-publish","hentry","doc_category-email-restrictions"],"year_month":"2026-04","word_count":354,"total_views":0,"reactions":{"happy":0,"normal":0,"sad":0},"author_info":{"name":"admin","author_nicename":"admin","author_url":"https:\/\/kb.zerospam.eu\/en\/blog\/author\/admin\/"},"doc_category_info":[{"term_name":"Email Restrictions","term_url":"https:\/\/kb.zerospam.eu\/en\/docs-category\/email-restrictions\/"}],"doc_tag_info":[],"_links":{"self":[{"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/docs\/27502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/comments?post=27502"}],"version-history":[{"count":10,"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/docs\/27502\/revisions"}],"predecessor-version":[{"id":27522,"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/docs\/27502\/revisions\/27522"}],"wp:attachment":[{"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/media?parent=27502"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/doc_category?post=27502"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/kb.zerospam.eu\/en\/wp-json\/wp\/v2\/doc_tag?post=27502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}