Re: [exim] Good Rules

Top Page
Delete this message
Reply to this message
Author: Brent Clark
Date:  
To: Michael da Silva Pereira
CC: exim-users
Subject: Re: [exim] Good Rules
Michael da Silva Pereira wrote:
> Hi Guys,
>
> I was wondering if guys could paste a couple of there acl rules on the mailling list, nice anti-spam ones.
>
> Thanks,
> M


Hi

Not really antispam checking but more mime checking.

acl_check_mime:
# Decode MIME parts to disk. This will support virus scanners later.
warn decode = default

# File extension filtering.
deny   set acl_m1 = ${extract{-1}{.}{${lc:$mime_filename}}}
message  = This message contains a prohibited file extension ($acl_m1)
log_message     = REJECTED ATTACHMENT ($acl_m1)
condition       = ${if match{$acl_m1}{\N^(avi|asf|ade|adp|asx|\
                                         bat|bin|btm|bas|\
                                         cpl|com|cmd|class|cab|chm|crt|\
                                         dll|\
                                         exe|\
                                         hta|hlp|\
                                         js|jse|java|jtd|\


mpeg|mp3|mpg|mda|mdb|mde|mdt|mdw|mdz|msc|msi|msp|mst|\
                                         ole|ocx|oft|ovl|ops|\
                                         prf|plx|pcd|prf|pps|pif|ppt|\
                                         reg|\
                                         shs|scr|pif|sys|shb|scf|sct|\
                                         url|\
                                         vb|vbs|vbe|vxd|vss|vst|\
                                         wsf|wsc|wma|wsh|ws|wsf\
                                         )$\N}{1}{0}}


# CLSID Attachment Blocking
deny condition  = ${if 
match{$mime_filename}{\N\{[a-hA-H0-9-]{25,}\}\N}{1}{0}}
message         = REJECTED ATTACHMENT (CLSID)


# Refuse Empty (invalid) MIME Boundaries
deny condition = $mime_is_multipart
condition = ${if eq{$mime_boundary}{}{yes}{no}}
message = MIME ERROR (Empty MIME Boundary)

# Obtain MD5 Sum for file attachments.
warn condition = ${if !eq{$mime_filename}{}{1}{0}}
set acl_m1 = ${run{/usr/bin/md5sum $mime_decoded_filename}{${extract{1}{
}{$value}}}{}}

accept

Hope this helps

Kind Regards
Brent Clark