Jeff Lasman said:
> We're being hit by MS security update emails. They're not spam, but
> rather more accurately described as virii or worms.
>
> Does anyone has a good rule that will block these? I know we'll have to
> do it at "data" time, but I guess that's better than not blocking them
> at all.
# If the messae contains SCR or PIF we want to Log this
deny log_message = DENY: ATTACHMENT ($found_extension) for $acl_m3
message = Message Denied due to Content of a Unacceptable
Attachment type of ($found_extension) \n \
Please use other means to send this type of file. \n \
If you have questions please contact postmaster@$qualify_domain
demime = scr:pif:exe:com:bat
delay = 30s
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
