Author: Peter Bowyer Date: To: Exim users list Subject: Re: [Exim] ACL to ALLOW only mentioned attachments type and block *
Alan J. Flavell <a.flavell@???> wrote: > On Fri, 26 Mar 2004, Chris Edwards wrote:
>
>> A unix user might be mailing yesterday's results in a file called
>> "results.thu" and get blocked. Not really practical here.
>
> According to Internet MIME specifications, the MIME content-type is
> authoritative. Filename extensions are insignificant in that context,
> by order of the RFCs.
Quite right.
> The RFCs don't make any distinction about the OS - they apply to all
> email transactions, without distinction. As far as the RFCs are
> concerned, the fact that it's a "unix" system is of no particular
> concern.
Right again.
> Any software which handles mail attachments according to different
> rules is unfit for use in an Internet context. What we're seeing here
> is just another symptom of that widespread disease.
What you want to stop is attachments that a vulnerable system would treat
badly. A .scr will only be executed by a Windows system if it arrives called
something.scr, content-type notwithstanding.
So if the objective is to stop things getting through which Windows boxes
might do something bad with, then looking at the extension is a valid thing
to do. It doesn't guarantee to stop everything that *is* a windows screen
saver, but it will stop everything that windows would treat as such.
