Hi jpff@???, on Tue, 09 Dec 2003 15:42:44 +0000 you wrote:
> For some time we have had a system filter derived from Nigel
> Metheringham's one to catch Windows executables,
Which nobody should be using any more, unless they redirect the bounces to
somewhere other than the purported sender, otherwise they will almost
certainly end up spamming/mailbombing people.
If there is anyone else reading this who is still using Nigel's old system
filter and bouncing mails with executable attachments, *please* stop!
> I suspect that with exim4/exiscan one should use the demime option in
> acl_check_content to set acl_m0 and then have a router that fires on
> that and does the mail to $return_path in a pipe transport. Is the
> accepted way, or is there some simple thing I have missed?
You'll be pleased to know it's even simpler. This is one of the main
problems that Exiscan solves, and you don't need a system filter, routers
or ACL variables. Just do something like this (beware of line breaks):
deny message = This message contains an attachment of a type
(.$found_extension) which we do not accept for security reasons. If it is
important that your attachment gets through, please package it as a .zip
or similar and resend.
log_message = Bad attachment ($found_extension) to $recipients
demime = bat:com:exe:lnk:pif:scr:vbs
This will reject at SMTP time with the message given in "message". It's
far more reliable than Nigel's old filter (you can't really analyse MIME
messages properly without a MIME parser) and, due to rejecting at SMTP
time, will stop or severely limit collateral spam.
Tim