I’m on a bit of a run with this Winmail.dat issue because we recently needed to manage this at different levels for different purposes. If the Winmail.dat attachment must pass an XTM WatchGuard firewall, adjustments must be made on the recipient’s incoming SMTP Proxy policy as follows:
- Open the WatchGuard Policy Manager for your XTM device
- Double-click the Incoming SMTP Proxy policy
- On the Proxy action at the bottom of the page, click the first icon to the immediate right; the Edit SMTP Proxy Action Configuration form will open
- On the left pane, select Headers
- In the Pattern text box, type each of the following in and click Add to add to the Rules listed in the right pane:
- X-MS-Has-Attach:*
- X-MS-TNEF-Correlator:*
- X-MimeOLE:*
- On the If matched drop-down box, be certain ALLOW is selected.
- Now, move to Content Types in the left pane.
- In the Pattern text box, proceed as before to add the following:
- application/ms-tnef
- This time, set the If matched drop-down box to AV Scan if available on your device, otherwise set to ALLOW
- Select Filenames in the left pane and select winmail.dat in the right-hand pane
- Click the Remove button to delete winmail.dat from the list
- Finally, in the NONE Matched drop-down list, select AV Scan if available on your device, otherwise set to ALLOW.
All that remains now is to save this edited configuration to your XTM device. Now, if an attachment with the name winmail.dat arrives in an email message, the WatchGuard will let it pass unmolested.
Note some of the specifics of the above article have been posted a few places, but are difficult to find with a search, and not how I would set a couple settings. So, I’ve restructured and posting here.
