[Exim] System message & transport filtering

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Christopher Curtis
Data:  
Para: exim-users
Assunto: [Exim] System message & transport filtering
Hello,

I'm a relative Exim newbie (it came with Debian) but Exim is an excellent
package and I'd like to thank all the developers first off.

Now, my problem: I want to filter against worms/attachments. A common
scenario, yes, but I have a twist. "Known" worms I outright deny, like
SirCam. The message blackholes and the sender is sent a message telling
them how to clean up after themselves.

But I want to handle "Unknown" worms nicely - basically any executable
attachment. By nicely, I mean: send a warning email to the person getting
the message, but don't do anything else.

I'm using the message_filter to run this filter snippet:

-------------------------------------------
if $h_content-type matches "name=.*\\.(ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])"
or
$h_content-disposition matches "name=.*\\.(ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])"
or
$h_subject matches "(xxxxx[pd]|foofoofoo)"
then
# We cannot do anything with the message from this filter because this
# is run pre-delivery. Thus, there is no valid recipient at this point.
# This filter is run for incoming, outgoing, and relayed mail.
# Instead, we will add an X-Exim-Warning header to filter against later.
headers add "X-Exim-Warning: Executable Attachment"
endif
-------------------------------------------

Firstly, the RegEx fails for some unknown reason (not the greatest concern
at this point) so I use the 'foofoofoo' path and add the Header.

Now, I am stuck. What I DO NOT want to do is run a transport_filter for
every single email to look for this added header. The machine is an old
PPro and really can't spare the cycles to filter every message. Is there
a way to setup exim to only run the filter if that header exists?

Or better, what I really want to do is sent am email to the user getting
the message that says "DANGER! You may be getting a virus right now!" Is
there any easy way out of my sticky wicket?

thanks,
Christopher