Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Largest Email Attachments Allowed

Status
Not open for further replies.

tray0011

IS-IT--Management
May 31, 2006
14
US
Hi Guys,

Can anyone tell me from their own experiences what are the largest attachments that your company allows to send/recieve using the company email account. Is there a generaly accepted size limit?

There are people in my company who send very large attachments which i don't think is proper netiquette. It clogs up users company email boxes (they have limited sized company email accounts) and it clogs the bandwidth.

Thanks for your input,
Nat
 
In my experience, most mail servers have a 2 meg limit set by default.
 
ours is set to whatever the mailbox will hold and mailboxes are 50MB so about 45MB
 
Ours it unlimited however we use our firewall to block .wm*, .avi, and .mp* files along with all level 1 attachments and other files that nobody in our office should be receiving. In other words legitimate work related attachments are permitted through but personal, bandwidth hogging joke attachments are not.

Cheers.
 
cmeagan656 - though you are blocking certain file types at the firewall, remember that users are getting smarter. I'll bet you $20 that your firewall can't sniff out an MPEG/AVI/MP3, etc. if it's inside a ZIP or RAR file.

Users are getting crafty so beware of feeling like you have them beaten. I even saw somebody once sending a video file in pieces after they broke it up into .001, .002, 003 files which can be put back together using Master Splitter.

Users - you can't live with 'em and you can't shoot 'em.
 
I don't think the firewall should even be doing that. That should take place in a content management/hygiene solution within the email infrastructure. IMNSHO.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
We block from the perimeter in.

We're using a Fortigate-60 firewall as our first line of defense to block all .wm*, .avi, and .mp* files along with all level 1 attachments and other files that nobody in our office should be receiving. We also block certain websites etc. at the firewall. For example, our users can't bid on eBay because the site tries to drop a .dll file on the desktop and the Fortigate-60 blocks it. We don't use the spam on the Fortigate-60 because we have XWall which, IMHO, is a better spam filter.

We also have all .wm*, .avi, and .mp* files along with all level 1 attachments and other files that nobody in our office should be receiving blocked in XWall (our spam filter) which can read inside archived files. XWall also has the ability to block password protected archive files.

Our third line of defense is our antivirus - CA's InoculateIT - where we also block the aforementioned attachments in the Exchange option.

The user still gets the email, sans the attachment. If a client sends a user a legitimate, business related attachment and it is blocked, we can poke a hole in our defenses to allow that particular attachment through.

In the five years that we've been using the three lines of defense I've only had 2 legitimate attachments get blocked. We've also had no virii or spyware infections in the five years and that's not because our co-op students don't try hard.

The above system might not work for everyone but our company is small - 6 servers including a mail server and 20 25 users.

Cheers.

 
Sounds like you've got things covered better than 95% of the rest of the IT world. Good job, but someone will foil your security, it's almost inevitable. Hopefully when/if it happens, it won't be traced to any incompetence on your part or you'll be gone when it happens.

Happy thoughts.
 
@goombawaho

I'm sure that one day the security will be foiled. Luckily we're small enough (6 servers including a dedicated mail server), 25 clients, and 4 laptops) that I can easily check all logs in less than an hour each morning.

The Fortigate-60 and CA's InoculateIT are set to send email alerts to me for critical events. Because we use enforced policies on InoculateIT it enforces the polices on the laptops even when they are connected outside of the domain. To enforce the blocked web sites on the laptops when they're outside the office I use the hosts file.

So far everything works like a charm but I don't let my guard down. IT isn't even the main part of my job. I just inherited it when the IT person left. My job title is "administrative secretary".

Cheers.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top