In our previous episode (Monday, 06-Jan-2014), portos_latinos said: > Hi people, I tried to whitelist certain attachments on postfix and I can't > succeed > I tried to blacklist certain attachments and it worked with: > > mime_header_checks = regexp:/etc/postfix/mime_header_checks > Append following line: > > /name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT > > > I tried this: > > Append following line: > > !/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT > to allow but it didn't work. > > > Thanks for you help.
This is what I use to reject emails with dangerous (to Windows) attachments. I haven't updated this list in a long time, so there are probably 20 or 30 more TLXs that Windows will automatically execute to infest machines with malware since I made this list. And no, I don't remember why scr\?? $ cat /etc/postfix/mime_headers.pcre /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|shs|shm|swf|vb[esx]?|vxd|wsc|wsf|wsh))(\?=)?"?\s*(;|$)/x REJECT Attachment name "$2" may not end with ".$3" putting a ! outside the regex would not work, but also, I am not sure why you would want to negate the condition. Are you trying to allow ONLY emails that contain those attachments? /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.!(exe)) REJECT would reject any email that had an attachment and it was not an exe file, I believe. This is a terrible idea, btw, regardless of the list of "allowed" extensions you might choose. Let me say it again, clearly. This is a TERRIBLE idea. You should never for a second consider even trying to do something like this. If you think this is a good idea you need to step back, start over, and figure out just why it is a terrible idea. -- Every absurdity has a champion to defend it.
