Use Blacklisting

Global vs Project blacklisting

JEMH provides blacklisting at a global level that applies instance wide.  Since JEMH 2.2.1 (JIRA 7.4.x+), this same feature has been implemented at as scoped level for Project Administrators.  This enables delegated responsibility to Project Admins to blacklist emails and attachments they don't want to see in their project.  The Project view also includes all global applicable blacklist items.  System Admins can administer project blacklist items through the Global Blacklist view:

Project View

Global View

Project View

Global View

How to stop attachments appearing 

You have incoming email from users with HTML signatures, embedded Facebook/Twitter logos etc, as well as company logos. They add no value and you don't want thousands of them clogging up your JIRA. JEMH has several ways to blacklist attachments:

Turn off attachments

This is a JEMH specific switch, such that email sourced attachments can be blocked entirely.

Filename blocking /type blocking

Blocking embedded images such as image0.png will potentially result in unforeseen consequences, such as inline pasted content that may have an identical name, but could work for my-company-sig.png.

Its also possible to whitelist/blacklist based on type. To blacklist PNG, EXE and MP3, for example, use: png,exe,mp3 as values in Email > Attachments > Blacklist Attachment Types (csv)

Targeted attachment blocking

Based on MD5 hash fingerprint, it is suitable for surgical removal of only binary matching content.

Blacklisting Emails by Subject

The Blacklist Subject values are regular expressions, for example, any email that starts with the phrase Out of Office can be matched with the expression Out of Office.*  ,note the trailing "dot star", this is a special value, dot means any character, and star means any number of the preceding character, if you were to use only Out of Office* that would mean a match to only Out of Officeeeeeeeeeeeeeeeeeeeee!

Blacklisting Attachments

Blacklisting by file type

The setting Profile > Email > Blacklist Attachment Types (csv) allows a comma-separated list of file extensions to be defined.  When an attachment is found to have one of the listed file extensions, it will be blacklisted and will not be added to the issue.

What to filter

Value to use

Comments

What to filter

Value to use

Comments

this-file-only.png

this-file-only.png

Will block only files with the exact given file name and extension

All .png files

png

Will block only files with the given file extension

All .exe, .bat and .com files

exe,bat,com

Will block only files with a file extension in the comma separated list

Blacklisting Attachments by file size or MIME type

  • Go to JEMH>Blacklisting

  • Click Create a Blacklist by size

  • Enter the file size (in bytes) and optionally a valid MIME media type

  • Press submit to save

Blacklisting Attachments by MD5 file fingerprint

In this section, targeted attachment blocking will be used.  This keeps a record of the MD5 hash of a file and compares it against incoming attachments.  If a match is found, the attachment will not be added.  Note that this blacklisting feature only works if the exact same attachment is found in an incoming email.  For example, two image files can look exactly the same but if one of them has had some meta-data added to it (comments, camera information etc.) then they are considered different files.

Locate and save the file to be blocked

In this example, we'll use an example email that can be used as a JEMH TestCase, as this is the normal state, you see something you don't want in your JIRA!

So I have the following issue created by email:

JIRA Attachments / thumbnails

Right clicking on the image you see in the Attachment list will give you a thumbnail, it will not work for blacklisting purposes, you will need the full image. To get the full image, use the file-name below the image.

This saves a file 'andy-welly.png' to your local machine.

Upload the blacklisted file/image to the JEMH Blacklist section:

  • Go to the JEMH Blacklist screen:

  • Click 'Blacklisted Attachment', scroll down to see the file upload form, and select the file:





  • After submitting, the file will be shown as well as related meta-data:


Verify correct configuration

Re-executing the Test Case will now result in the following issue without the related image, regardless of how it was included (pasted in an embedded HTML form, attached etc.):

Review

After blocking, check the Blacklisting section again, see that the time that the filter was applied is now reflected, as well as a running count on how many times that file has been filtered (1.3+). This information should allow the blacklisting list to be managed, rather than just added to.

Blacklist Image Attachments by URL

When HTML based emails are processed by JEMH, images contained in <img> tags can be converted to wiki markup that allows these images to be embedded in created issues or comments. In some cases undesirable images may be included as img tags rather than inline attachments, in these cases standard attachment blacklisting would not be sufficient to remove the attachments. Blacklisting image's by URL allows you to blacklist images that have been converted from image tags to wiki markup, this is useful when dealing with HTML based emails.

Url Blacklisting can be accessed via Blacklisting > Blacklist by URL

To create a new URL blacklisting rule press Create a Blacklisted Image URL which will create a new URL blacklisting rule with some placeholder configuration. Pressing the pencil icon next to the new rule will allow this placeholder configuration to be modified.

The URL of the image to be blacklisted can be defined as a regular expression within the Blacklist Image URL text field. Pressing Submit will save the configuration.

Blacklist a specific image via an exact URL match:

First of all obtain the exact URL of the image, you can find this by examining the content of an existing JIRA field and looking for the image URL within ! ! tags. In this example I am blacklisting an image of a goldfish via an exact URL match:

Some image URLs contain specific height/width attributes. In this case, these will need to be included to the Blacklisted Image URL in order for the image to be successfully blocked. Alternatively, you can add ‘.*’ to the end of the URL to block the image always, regardless of the attributes.

 

Blacklist all non HTTPS images via a Regular Expression match:

This is a basic example of how you could use a regular expression to match many different images without having to do an exact URL match. In this scenario we want to blacklist any images from being included if they are not loaded via HTTPS, this can be achieved by blacklisting all HTTP loaded images which will only allow HTTPS images to be loaded.

Using the following regular expression will blacklist all HTTP loaded images:

1 http://.*

Related articles