Re: [Exim] Blocking phony MS Security update emails

Top Page
This message is part of the following thread:
M--+--++++\the complete thread tree sorted by date
M..M..MMMMMJeff Lasman at <-
MM\M+\M.MMChristoph Kliemt at ->
Delete this message
Reply to this message
Author: Kevin Reed
Date:  
To: exim-users
Subject: Re: [Exim] Blocking phony MS Security update emails
Jeff Lasman said:
> We're being hit by MS security update emails. They're not spam, but
> rather more accurately described as virii or worms.
>
> Does anyone has a good rule that will block these? I know we'll have to
> do it at "data" time, but I guess that's better than not blocking them
> at all. 

# If the messae contains SCR or PIF we want to Log this
deny    log_message = DENY: ATTACHMENT ($found_extension) for $acl_m3
        message = Message Denied due to Content of a Unacceptable
Attachment type of ($found_extension) \n \
         Please use other means to send this type of file. \n \
         If you have questions please contact postmaster@$qualify_domain
        demime = scr:pif:exe:com:bat
        delay = 30s


--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Blocking phony MS Security update emailsRe: [Exim] Blocking phony MS Security update emails->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)