Re: [exim] system-filter and outlook

Top Page
Delete this message
Reply to this message
Author: Aram Galestian
Date:  
To: Exim users list
CC: Alan J. Flavell
Subject: Re: [exim] system-filter and outlook
Thanks Allan for advice..
But what kind rejection is most common use. becase .. system-filer looks
like to find more then at ACL mime AND acl Data !

Aram



1- I reject {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} {1}{0}} at Mime
level ACL

2- then i reject  demime         = com:vbs:bat:pif:scr:lnk         at Data 
Level ACL


3- reject by system filter.. and sen back a error message..
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches
"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name
=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms
[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"

# Quoted filename - [body_quoted_fn_match]
if $message_body matches
"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name
=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|
ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"

# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches
"(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk
|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"

# Check Content-Type header using quoted filename
[content_type_quoted_fn_match]
if $header_content-type: matches
"(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|l
nk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"












"Alan J. Flavell" <a.flavell@???>
Sent by: exim-users-bounces@???
2005-11-07 12:27

To
Exim users list <exim-users@???>
cc

Subject
Re: [exim] system-filter and outlook






On Mon, 7 Nov 2005, Aram Galestian wrote:

> Im i to restrective to both use System-Filter and Mime ACL to deny
> extentions..


It's dangerous to use the system filter to reject anything: you will
create bounces, some of which will be sent to the innocent owners of
email addresses which have been faked as envelope sender. Rejecting
mail at this point will, sooner or later, get you into blacklists as a
source of "collateral spam" (also known under other names).

The practical options in a system filter are to either deliver the
mail somewhere (to a normal inbox, or to a spam folder for example),
or to freeze it for postmaster inspection.

If you want to reject, safely, then you have to do it in an ACL.

best regards

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/