As you just can't create a rule that would looks like if category=webmail & COMMAND=POST then block, you need to look into this by URL, as blocking the POST will automatically block the login, so you end in the same situation. YOu can use a tool like firebug to identify the URL to which data is uploaded for attachements and block that.
If category=webmail & URL=http://www.somewemailer.com/upload/attachement.php* then block.
I think, that it's will be better idea to use that fact, that usually attachments are sent as multipart/mixed inside POST form. The rule should look like: if category=webmail AND Body.HasMimeHeaderParameter("Content-Disposition", "filename") == true then Block. This rule should be executed in request cycle, and Composite Openers should be enabled before this rule, so data could be parsed. Although this method may not work on all web-mails, we need to look onto network traces for particular services
Another approach could be checking size or mime-types of multipart uploads with rule that will be executed in request embedded cycle (with pre-condition like "Cycle.TopName == Request" - you can see example in standard rules, where separate mime types are blocked in request & response cycles). Rule will look like: if category=webmail AND Body.NestedArchiveLevel > 0 AND Body.Size > SomeConstant then Block, although it could also block some big texts, so instead of Body.Size, it could be better use list of disabled mime types