Re: [Exim] Blocking fragmented messages

Top Page
Delete this message
Reply to this message
Author: Sheldon Hearn
Date:  
To: Nico Erfurth
CC: exim-users
Subject: Re: [Exim] Blocking fragmented messages
On (2002/10/07 16:24), Nico Erfurth wrote:

> So you can try to check for $h_content-type: in your data-acl, maybe
> like this
>
> acl_data:
>   deny message = No fragmented messages allowed
>        condition = ${if match \
>      {$h_content_type}{\Nmessage/partial\s*;\N}{1}}

>
> or something similar


Very similar:

acl_data:

# Deny partial (MIME message/partial) messages, which can easily be
# used to circumvent content scanning.

  deny    message       = message fragments administratively prohibited
          condition     = ${if match \
                          {$h_content-type:}{\N\bmessage/partial\b\N}{1}}


All that was missing was the colon terminating the header. I've used
PCRE's "match word boundary" to terminate the match of the offensive
content type, to minimize hiding.

Thanks!
Sheldon.