Re: [exim] Deny MIME attachments in the acl_smtp_mime ACL

Top Page
Delete this message
Reply to this message
Author: Magnus Holmgren
Date:  
To: exim-users
Subject: Re: [exim] Deny MIME attachments in the acl_smtp_mime ACL
On Wednesday 22 November 2006 13:05, paul.mcilfatrick@??? wrote:
> I want to deny e-mail with certain MIME attachments and all the Exim
> examples I have found use demime.
>
> The current Exim documentation says that "The demime condition uses a
> simpler interface to MIME decoding than the MIME ACL functionality, but
> provides no additional facilities. Please note that this condition is
> deprecated and kept only for backward compatibility."
>
> If the demime condition is deprecated is it possible to do what I want
> to do in the acl_smtp_mime ACL?


Yes. Probably¹. Some things take more text in the configuration file though
(that's the price of generalisation and flexibility).

What exactly is it you want to do (there are many possible criteria for
rejection)?

The most common thing to do (probably), denying attached files with certain
extensions, can be done thusly:

  deny    condition = ${if match \
                         {${lc:$mime_filename}} \
                         {[.](bat|com|exe|pif|prf|scr|vbs|lnk|cpl)\$}}
          message = Attached file '$mime_filename' has disallowed extension.


It was recently discussed wether Windows or some Windows applications treat
one or more spaces between the final dot and the real extension as if they
didn't exist. It probably doesn't hurt to change the third line above to:

                         {[.] *(bat|com|exe|pif|prf|scr|vbs|lnk|cpl)\$}}


¹ Exactly what errors $demime_errorlevel reflect and how to check for the same
errors without demime is badly documented, but most of those checks rarely
hit anything anyway.

-- 
Magnus Holmgren        holmgren@???
                       (No Cc of list mail needed, thanks)