Thanks Allan for advice..
But what kind rejection is most common use. becase .. system-filer looks
like to find more then at ACL mime AND acl Data !
Aram
1- I reject {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} {1}{0}} at Mime
level ACL
2- then i reject demime = com:vbs:bat:pif:scr:lnk at Data
Level ACL
3- reject by system filter.. and sen back a error message..
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches
"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name
=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms
[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
# Quoted filename - [body_quoted_fn_match]
if $message_body matches
"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name
=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|
ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches
"(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk
|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
# Check Content-Type header using quoted filename
[content_type_quoted_fn_match]
if $header_content-type: matches
"(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|l
nk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
"Alan J. Flavell" <a.flavell@???>
Sent by: exim-users-bounces@???
2005-11-07 12:27
To
Exim users list <exim-users@???>
cc
Subject
Re: [exim] system-filter and outlook
On Mon, 7 Nov 2005, Aram Galestian wrote:
> Im i to restrective to both use System-Filter and Mime ACL to deny
> extentions..
It's dangerous to use the system filter to reject anything: you will
create bounces, some of which will be sent to the innocent owners of
email addresses which have been faked as envelope sender. Rejecting
mail at this point will, sooner or later, get you into blacklists as a
source of "collateral spam" (also known under other names).
The practical options in a system filter are to either deliver the
mail somewhere (to a normal inbox, or to a spam folder for example),
or to freeze it for postmaster inspection.
If you want to reject, safely, then you have to do it in an ACL.
best regards
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://www.exim.org/eximwiki/