Re: [exim] Silly Problem with acl - trying to stop various a…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dan_Mitton
Date:  
À: Sujit Acharyya-Choudhury
CC: exim-users
Sujet: Re: [exim] Silly Problem with acl - trying to stop various attachment
You could try something like:

  deny    set acl_m_ext = ${if match \
                           {${lc:$mime_filename}} \
                           {\N\.(exe|src|zip)$\N} \
                         {.$1}{}}
          condition   = ${if !eq{$acl_m_ext}{}{1}{0}}
          message     = Bad attachment filename ($acl_m_ext)
          log_message = Bad attachment filename ($acl_m_ext)





Sent by:        exim-users-bounces@???
To:     <exim-users@???>
cc:      (bcc: Dan Mitton/YD/RWDOE)
Subject:        [exim] Silly Problem with acl - trying to stop various 
attachment
LSN: Not Relevant
User Filed as: Not a Record


I am using exim 4.60 - and it was compiled without using demime option.
I am trying to block various blacklisted MIME attachment. It is not
working the way I want to work. Any advise will be helpful.

My ACL is as follows:
begin acl

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.

check_connect:
  warn   hosts = net32-lsearch;/mail/exim/files/acl/ichain
           control = no_enforce_sync
  accept


check_recipient:
  accept   hosts = :
  accept   recipients = postmaster@??? : \
                        postmaster@???:abuse@???: \
                        abuse@???



# allow some hosts to bypass the blacklist
accept hosts = net32-lsearch;/mail/exim/files/acl/accept_address


# Now comes deny rules
# allow only some internal hosts to communicate.
  deny     hosts =      !
net32-lsearch;/mail/exim/files/acl/net_reject_except : \
                        net16-lsearch;/mail/exim/files/acl/net_reject :
\


net32-lsearch;/mail/exim/files/acl/wmin_net_reject


# Now comes deny rules based on RBL
# address is in various spam blacklist - so rejected
# use drop instead of deny over here
  drop     message = rejected because \
                $sender_host_address is in a black list at \
                $dnslist_domain\n$dnslist_text
           dnslists = zen.dnsbl.ja.net: \
                rbl-plus.mail-abuse.ja.net: \
                list.dsbl.org : \
                web.dnsbl.sorbs.net : \
                zombie.dnsbl.sorbs.net : \
                nomail.rhsbl.sorbs.net : \
                combined.njabl.org


# use warn later to see what is happening with other sorbs
  warn     log_message = :X-blacklisted-at: $dnslist_domain
                dnslists = dnsbl.sorbs.net


# address is in University of Westminster blacklist
  deny     hosts = partial-lsearch;/mail/exim/files/acl/host_reject
                # Not used as RBL does most of the work
                # partial-lsearch;/mail/exim/files/sender_reject
           message = rejected because \
                $sender_host_address is in a black list at \
                University of Westminster


  deny     senders = lsearch;/mail/exim/files/acl/sender_reject
           message = rejected because \
                $sender_address is in a black list at \
                The University of Westmister


# deny because users are not in the Westminster domain
# The way it works is if domains = westminster & verify fails
# then it is rejected

  deny     domains = +local_domains
           !verify = recipient/callout



# rule for relaying
  accept   domains = +local_domains
  accept   domains = +forwarding_domains
  accept   hosts   = +relay_hosts
  deny     message = relay not permitted


# ACL for MIME check

check_mime:
  deny message = Bad attachment filename ($found_extension)
       condition = ${if match \
        {${lc:$mime_filename}} \
        {\N(\.exe|\.scr|\.zip)$\N} \
        {1}{0}}


# ACL that is used after the DATA command

check_message:
  warn    !verify = header_sender




  deny    message   = (C)This message contains a virus ($malware_name).
          set acl_m0=clamd:127.0.0.1 3310
          malware   = *


  warn    condition = ${if or{\
                        {eq
{${substr_0_6:$sender_host_address}}{161.74}}\
                        {>{$message_size}{60K}}\
                        }\
                        {0}{1}}
          spam = exim
          message               = X-New-Subject: **SPAM** $h_Subject:
          log_message   = found spam score over treshold ($spam_score
($spam_bar)) Sender=\'$sender_address\' Subject=$h_Subject



accept

# End of ACL section


Sujit Choudhury
University of Westminster




--
The University of Westminster is a charity and a company limited by
guarantee. Registration number: 977818 England. Registered Office:
309 Regent Street, London W1B 2UW, UK.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/