An Attachment Block on Size policy can be used to block delivery of attachments over a specific file size. If blocked, the recipient receives only the email body with a message informing them of the attachment's removal. This policy applies to individual attachments over the specified limit, as well as any message where the total combined size of all attachments exceeds the specified limit.
Consider the following before getting started:
- End users cannot release the the attachments, as they are placed in the administration on hold queue. Administrators can release attachments via the Administration Console. See the Releasing Emails and Attachments page for further details.
- Policies with individual file size restrictions are considered first, followed by the cumulative limits. For example if an Attachment Hold on Size policy is set to block attachments over 10MB, and an Attachment Block on Size policy is configured to block on attachments over 15MB, the following happens if a message is received with one attachment of 11MB and the second 5MB in size.
- The 11MB attachment exceeds the limit in the Attachment Hold on Size policy, and is sent to the administration On Hold queue.
- The 5MB attachment is unaffected by the Attachment Hold on Size policy.
- The combined size of the two attachments (16MB) exceeds the limit in the Block on Size policy, so all attachments are blocked.
This behavior is outlined in the notification generated when the policies are applied. This is dependent on your configured notification settings. For example:
Action Taken Reason Stripped and Linked Contributes to exceed size policy of 10485760 Stripped (Blocked) Exceeds size policy of 15728640
For cumulative stripping, there is a minimum file size of 50K before an attachment is stripped. For example if a policy is set to block attachments over 10MB, and a message with five attachments with a cumulative size over 10MB is received, the policy is triggered and all attachments are removed.
With compressed files (e.g. .ZIP, .RAR, .7Z) the policy considers the unpacked size of a compressed file rather than the compressed size. For example if a policy is set to block attachments over 10MB, and a .ZIP file is 4.5MB compressed but over 10MB when unpacked, the policy is triggered and the attachment is removed.
Configuring Attachment Block on Size Polices
To configure an Attachment Block on Size policy:
- Log on to the Administration Console.
- Click on the Administration menu item. A menu drop down is displayed.
- Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.
- Click on Attachment Block on Size. A list of policies is displayed.
- Either select the:
- Policy to be changed.
- New Policy button to create a policy.
- Complete the Options section as required:
Filed / Option Description Policy Narrative Provide a description for the policy to allow you to easily identify it in the future. Maximum Attachment Size (KB) Specify a value in kilobytes for the maximum file size of all attachments in a message.
- Complete the Emails From and Emails To sections as required:
Field / Option Description Addresses Based On Specify the email address characteristics the policy is based on. This option is only available in the "Emails From" section. The options are: Option Description The Return Address (Mail Envelope From) This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission). The Message From Address (Message Header From) Applies the policy based on the masked address used in the message's header. Both Applies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match the specified value the Message Header From will be used. Applies From / To Specify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are: Option Description Everyone Includes all email users (i.e. internal and external). This option is only available in the "Emails From" section. Internal Address Includes only internal organization addresses. External Address Includes only external organization addresses. This option is only available in the "Emails From" section. Email Domain Enables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field. Address Groups Enables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path. Address Attributes Enables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts. Individual Email Address Enables you to specify an SMTP address. The email address is entered in the Specifically field.
- Complete the Validity section as required:
Field / Option Description Enable / Disable Use this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached. Set Policy as Perpetual If the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires. Date Range Use this field to specify a start and / or end date for the policy. If the Eternal option are selected, no date is required. Policy Override This overrides the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override. Bi-Directional If selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient. Source IP Ranges (n.n.n.n/x) Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
- Click on the Save and Exit button.