[gentoo-user] Advice for Blocking Attachments by File Extension
Hi, I'm quit new with mail on linux, i have already this working: fetchmail - postfix - amavis - clamAV - spamassassin - procmail now i want to bounce or quarantine mails with some extentions, like exe ,src and so on. But i don't know where to start, so any advice would be fine. Patrick -- "The needs of the many outweigh the needs of the few." Captain Spock in Star Trek II: The Wrath of Khan PGP Key: http://users.pandora.be/rivendell/marquetp.gpg Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B Registered Linux User #44550 http://counter.li.org pgp0.pgp Description: PGP signature
RE: [gentoo-user] Advice for Blocking Attachments by File Extension
I do this in Procmail: :0 B *^Content-Type: (application|audio) *^.*name=.*\.(vb[esx]|ws[hf]|c[ho]m|bat|cmd|hta|exe|lnk|pif|scr|shs) .zzz-executables/ -- justin > -Original Message- > From: Patrick Marquetecken [mailto:[EMAIL PROTECTED] > Sent: Monday, June 09, 2003 11:43 AM > To: Gentoo-user > Subject: [gentoo-user] Advice for Blocking Attachments by > File Extension > > > Hi, > > I'm quit new with mail on linux, i have already this working: > fetchmail - postfix - amavis - clamAV - spamassassin - procmail > > now i want to bounce or quarantine mails with some > extentions, like exe ,src and so on. But i don't know where > to start, so any advice would be fine. > > Patrick > > -- > "The needs of the many outweigh the needs of the few." > Captain Spock in Star Trek II: The Wrath of Khan > > PGP Key: http://users.pandora.be/rivendell/marquetp.gpg > Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B > Registered Linux User #44550 > http://counter.li.org > -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Advice for Blocking Attachments by File Extension
I'm quit new with mail on linux, i have already this working: fetchmail - postfix - amavis - clamAV - spamassassin - procmail now i want to bounce or quarantine mails with some extentions, like exe ,src and so on. But i don't know where to start, so any advice would be fine. This is quite easy to do at the MTA (Postfix) level. http://www.securitysage.com/files/mime_header_checks is a freely available header_checks file that you can use. 1)Download that file into /etc/postfix 2)Run "postmap /etc/postfix/mime_header_checks" 3)Add "mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks" into /etc/postfix/main.cf somewhere. 4)Restart Postfix. That should be about all you need. Securitysage.com has quite a few really good articles on Postfix as well as other *_checks files, but beware that using broad filtering techniques can cause legitimate mail to be rejected. (I've had to relax some anti-spam stuff simply because of overzealous filtering) Hope that helps! -Jonathan -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Advice for Blocking Attachments by File Extension
On Mon, 9 Jun 2003, Patrick Marquetecken wrote: > I'm quit new with mail on linux, i have already this working: > fetchmail - postfix - amavis - clamAV - spamassassin - procmail > > now i want to bounce or quarantine mails with some extentions, like exe > ,src and so on. But i don't know where to start, so any advice would be > fine. We have the following pcre's in our Postfix body checks file: /^Content-Disposition: attachment;.*filename=".*\.(doc|xls|zip|exe|scr|jpg|gif|html?)\.(pif|bat|com|exe|lnk|html?)"$/s REJECT /^Content-Disposition: attachment;.*filename=".*\.(asd|chm|dll|hlp|hta|js|ocx|pif|lnk|scr|shb|shs|vb|vbe|vbs|wsf|wsh|bat)"/s REJECT This is on a Debian Stable machine running Postfix 1.11. Postfix 2.0 is much more versatile in the handling of attachments (and can do more than just REJECT messages). The first rejects certain double extensions. The second rejects all messages with the listed extensions. We, of course, have many many other rules besides just these. Of course, this is a little more effective, I think, when postfix receives mail directly rather than fetchmail grabbing the mail (so that messages are bounced by the mail server trying to send to you). I highly recommend looking at the various sites linked to by the Postfix docs page (http://www.postfix.org/docs.html). -- Marshal Newrock, Simon's Rock College of Bard Caution: product may be hot after heating -- [EMAIL PROTECTED] mailing list
