Re: [Exim] Blocking fragmented messages

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Sheldon Hearn
CC: exim-users
Subject: Re: [Exim] Blocking fragmented messages
Sheldon Hearn wrote:
> On (2002/10/07 16:24), Nico Erfurth wrote:
>
>
>>So you can try to check for $h_content-type: in your data-acl, maybe
>>like this
>>
>>acl_data:
>>  deny message = No fragmented messages allowed
>>       condition = ${if match \
>>     {$h_content_type}{\Nmessage/partial\s*;\N}{1}}

>>
>>or something similar
>
>
> Very similar:
>
> acl_data:
>
> # Deny partial (MIME message/partial) messages, which can easily be
> # used to circumvent content scanning.
>
>   deny    message       = message fragments administratively prohibited
>           condition     = ${if match \
>                           {$h_content-type:}{\N\bmessage/partial\b\N}{1}}

>
> All that was missing was the colon terminating the header. I've used
> PCRE's "match word boundary" to terminate the match of the offensive
> content type, to minimize hiding.


IIRC you don't need the colon in such cases ;)