Re: [Exim] Blocking phony MS Security update emails

Pàgina inicial
Delete this message
Reply to this message
Autor: Kevin Reed
Data:  
A: exim-users
Assumpte: Re: [Exim] Blocking phony MS Security update emails
Jeff Lasman said:
> We're being hit by MS security update emails. They're not spam, but
> rather more accurately described as virii or worms.
>
> Does anyone has a good rule that will block these? I know we'll have to
> do it at "data" time, but I guess that's better than not blocking them
> at all.


# If the messae contains SCR or PIF we want to Log this
deny    log_message = DENY: ATTACHMENT ($found_extension) for $acl_m3
        message = Message Denied due to Content of a Unacceptable
Attachment type of ($found_extension) \n \
         Please use other means to send this type of file. \n \
         If you have questions please contact postmaster@$qualify_domain
        demime = scr:pif:exe:com:bat
        delay = 30s


--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums