RE: [Exim] Bombarded by pif attachments

Pàgina inicial
Delete this message
Reply to this message
Autor: Segree, Gareth
Data:  
A: 'Nigel Metheringham'
CC: 'exim-users@exim.org'
Assumpte: RE: [Exim] Bombarded by pif attachments
I have the following in my exim.conf

acl_smtp_rcpt = acl_check_rcpt

begin acl

acl_check_rcpt:
  accept  hosts = :
  deny    message   = This message contains an unwanted file extension \
              ($found_extension)
  demime          = pif:exe:com:scr:vbs


But I received an error (I have exim-4.20, do I need 4.22 for this to work)
error in ACL: unknown ACL condition/modifier in "demime          =
pif:exe:com:scr:vbs"


-----Original Message-----
From: Nigel Metheringham [mailto:Nigel.Metheringham@dev.InTechnology.co.uk]
Sent: Thursday, September 04, 2003 9:34 AM
To: Segree, Gareth
Cc: 'exim-users@???'
Subject: RE: [Exim] Bombarded by pif attachments


On Thu, 2003-09-04 at 14:47, Segree, Gareth wrote:
> >deny    message   = This message contains an unwanted file extension \
> >                  ($found_extension)
> >  demime          = pif:exe:com:scr:vbs
> What I have done was put this in the system-filter.
> Doesn't this have the same effect.


Almost.

First with the system filter you are only looking at a (smallish) window of
the body.

Second parsing MIME with regular expressions, especially when the MIME has
been broken by someone (exim) doing strange line end replacements, is
fraught with failure (for example your RE doesn't get unquoted filenames,
and would break if there was any other legal spacing).

The system filter approach was originally written by me as a stop-gap to
solve a particular urgent problem - the love-bug virus. I never intended it
to become an overall content protection mechanism, and do not use it myself
any longer.

    Nigel.
--
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]