Somewhat against better judgement this time, I'm about to renew with PlugSocket. They're a UK host with the limitation that bandwidth costs more to deliver in the UK than it does for a provider based in, say, Texas. That's not the reason I'm weighing up whether it's worth it, though — this site is what I refer to as play space, and I mainly keep the domain for email purposes.
Which is why, shortly before Easter, I was extremely displeased to find that PlugSocket's MailScanner setup had eaten a file attachment I sent to myself from work with a view to reading through whilst I was on leave. It was a regular zip archive containing some software documentation and a large number of links, and the whole thing was stripped because, get this, some of the files in that archive had a particular file extension. I didn't know about it until a day or so later because no warning was returned to the sending address (my work address) that the mail would not be fully delivered.
In essence, accounts are created with a default setting that:
- deletes incoming mail;
- does so silently, without informing the sender that mail sent was undeliverable in its given format;
- does so on the basis of file extension, not virus scanning;
- deletes archives if any files inside match those file extensions;
- doesn't appear to scan 7z archives, which WinZip and most other popular archivers open, so this is only likely to protect people relying solely on the compressed folder functionality built into Windows.
It's perhaps understandable to strip file attachments on the basis of extension in a corporate environment. Certainly if I was still responsible for network users who weren't blocked from running unsigned executables I'd do so, notifying the sender of course. But PlugSocket are renting out server space — their customers are the type of people who hire it with a view to doing at least slightly techy things... not morons who need protecting from downloading an archive, extracting the contents and executing it.
The message given by MailScanner?
"Compiled help files are very dangerous in email"
Somehow manages to be both patronising and juvenile, doesn't it? No, such files aren't, providing your users aren't muppets without two brain cells to rub together, who run Windows, don't run current anti-virus software when they do, and above all are going to double-click anything they're sent. There should never have arisen a situation in which I'd have been better off using free Yahoo! webmail (which appears to accept any file attachments and simply virus-scan them) or Google Mail (which would have rejected the mail as undeliverable due to the attachment, and immediately notified the sending address of this fact) than my inbox with PlugSocket.
Additionally, the stripped mail was accompanied by the line:
"Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the original attachment."
Then it's an even worse idea to use default MailScanner settings if you're a UK host, isn't it? Don't put yourselves in a position where people can be better off if they deal with US companies, or with free webmail providers, or basically anyone but yourselves. Also don't set up a situation in which customers can run into this limitation with files they consider important before requesting the filter is removed. Publish a list of which file extensions are filtered, and refer people to it when they become customers — at the very least.
Why am I renewing? Lack of time to explore other options is a factor, and I proceed on the assumption that the company is professional enough to let a blog post such as this one stand without deliberately making my life more difficult. It's not as if I'd let that pass without circulating details as wide as reach permits, and I've got some reciprocal linking I could call on for a [nameofcompany]sucks domain if it really came down to it... but I'm getting old, there are better things (and people) to spend the time on, and in general I'm reaching the stage of wanting technology to work without throwing up unreasonable obstacles; I just hope, as a sane and productive outcome, that the default server configuration is reviewed before other customers are inconvenienced.
PlugSocket are also, in many respects, fine and responsive hosts. They just really let me down on this one, particularly with responses that inferred I should've already been aware of the list of filtered file extensions since the block has been in place for some time and is part of a default install. No. Part of the insanity of filtering on the basis of file extension is how broad a list could be, factoring in numerous past vulnerabilities in Windows and Office that relate to embedding executable code into ostensibly data-only file formats. As a recent example, malicious Excel spreadsheets in Office 2007 and previous: http://it.slashdot.org/article.pl?sid=09/02/25/1618214
(Actually, a previous problem MailScanner had (see entry for 4.64.3-2) was with its double-extension option, where Office 2007 documents ran afoul of being archives containing files of the form document.xml.rel, sheet1.xml.rel, workbook.xml.rel, etc.)
It's not politic to delete Office documents from customer email, though, whereas blithely working on the assumption that customers have no legitimate reason to ever send a file with an .exe, .reg or .chm extension? Apparently a reasonable default, and one some web hosts don't see any problem with — or simply don't read documentation and consider what settings are appropriate before rolling things out. Now might be an excellent time to check if yours is one of them, and find out exactly what they have filename.rules.conf set up to delete without further examination.