Hi i have postfix configured to reject attach files of below. After running Nessus on my machine i was surprised that nessus could send fake viruses to postfix and the where deliverd in my mailbox.
Do i have a security problem, i think of yes, and how do i fix this?, according to my postfix setup almost all attachments must be rejected. postfix main.cf # JUNK MAIL CONTROLS #header_checks = regexp:/etc/postfix/header_checks body_checks = regexp:/etc/postfix/body_checks.regexp mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp more mime_header_checks.regexp /filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\"?$/ REJECT For security reasons we reject attachments of this type /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(lnk|asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))"?\s*$/ REJECT Attachment type not allowed. File "$2" has the unacceptable extension "$3" Patrick -- "Do you know what a Vulcan mind meld is?" -- Tuvok "It's that thing where you grab someone's head..." -- Crewman Suiter PGP Key: http://users.pandora.be/rivendell/marquetp.gpg Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B ICQ# 316932703 Registered Linux User #44550 http://counter.li.org
signature.asc
Description: Dit berichtdeel is digitaal ondertekend
