> > I want to deny e-mail with certain MIME attachments and all
> > the Exim examples I have found use demime.
> >
> > The current Exim documentation says that "The demime
> > condition uses a > > simpler interface to MIME decoding
> > than the MIME ACL functionality, but provides no additional
> > facilities. Please note that this condition is deprecated
> > and kept only for backward compatibility."
> >
> > If the demime condition is deprecated is it possible to do
> > what I want to do in the acl_smtp_mime ACL?
>
> Yes. Probably¹. Some things take more text in the
> configuration file though (that's the price of generalisation
> and flexibility).
>
> What exactly is it you want to do (there are many possible
> criteria for rejection)?
>
> The most common thing to do (probably), denying attached
> files with certain extensions, can be done thusly:
>
> deny condition = ${if match \
> {${lc:$mime_filename}} \
> {[.](bat|com|exe|pif|prf|scr|vbs|lnk|cpl)\$}}
> message = Attached file '$mime_filename' has
> disallowed extension.
>
> It was recently discussed whether Windows or some Windows
> applications treat one or more spaces between the final dot
> and the real extension as if they didn't exist. It probably
> doesn't hurt to change the third line above to:
>
> {[.]
> *(bat|com|exe|pif|prf|scr|vbs|lnk|cpl)\$}}
>
> ¹ Exactly what errors $demime_errorlevel reflect and how to
> check for the same errors without demime is badly documented,
> but most of those checks rarely hit anything anyway.
Thanks for this.
I used this information to create the acl_smtp_mime ACL but it took me a bit of research to find that I needed to use decode in order to get the mime_filename variable created.
The following lines were added to the config file:
acl_smtp_mime = check_mime
check_mime:
# Decode MIME parts to disk.
warn decode = default
deny condition = ${if match {${lc:$mime_filename}} \
{[.] *(gif|jpg|jpeg|png)\$}}
message = Attached '$mime_filename' file has disallowed extension!
Accept
Thanks for you help.
Paul Mcilfatrick
