You could try something like:
deny set acl_m_ext = ${if match \
{${lc:$mime_filename}} \
{\N\.(exe|src|zip)$\N} \
{.$1}{}}
condition = ${if !eq{$acl_m_ext}{}{1}{0}}
message = Bad attachment filename ($acl_m_ext)
log_message = Bad attachment filename ($acl_m_ext)
Sent by: exim-users-bounces@???
To: <exim-users@???>
cc: (bcc: Dan Mitton/YD/RWDOE)
Subject: [exim] Silly Problem with acl - trying to stop various
attachment
LSN: Not Relevant
User Filed as: Not a Record
I am using exim 4.60 - and it was compiled without using demime option.
I am trying to block various blacklisted MIME attachment. It is not
working the way I want to work. Any advise will be helpful.
My ACL is as follows:
begin acl
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
check_connect:
warn hosts = net32-lsearch;/mail/exim/files/acl/ichain
control = no_enforce_sync
accept
check_recipient:
accept hosts = :
accept recipients = postmaster@??? : \
postmaster@???:abuse@???: \
abuse@???
# allow some hosts to bypass the blacklist
accept hosts = net32-lsearch;/mail/exim/files/acl/accept_address
# Now comes deny rules
# allow only some internal hosts to communicate.
deny hosts = !
net32-lsearch;/mail/exim/files/acl/net_reject_except : \
net16-lsearch;/mail/exim/files/acl/net_reject :
\
net32-lsearch;/mail/exim/files/acl/wmin_net_reject
# Now comes deny rules based on RBL
# address is in various spam blacklist - so rejected
# use drop instead of deny over here
drop message = rejected because \
$sender_host_address is in a black list at \
$dnslist_domain\n$dnslist_text
dnslists = zen.dnsbl.ja.net: \
rbl-plus.mail-abuse.ja.net: \
list.dsbl.org : \
web.dnsbl.sorbs.net : \
zombie.dnsbl.sorbs.net : \
nomail.rhsbl.sorbs.net : \
combined.njabl.org
# use warn later to see what is happening with other sorbs
warn log_message = :X-blacklisted-at: $dnslist_domain
dnslists = dnsbl.sorbs.net
# address is in University of Westminster blacklist
deny hosts = partial-lsearch;/mail/exim/files/acl/host_reject
# Not used as RBL does most of the work
# partial-lsearch;/mail/exim/files/sender_reject
message = rejected because \
$sender_host_address is in a black list at \
University of Westminster
deny senders = lsearch;/mail/exim/files/acl/sender_reject
message = rejected because \
$sender_address is in a black list at \
The University of Westmister
# deny because users are not in the Westminster domain
# The way it works is if domains = westminster & verify fails
# then it is rejected
deny domains = +local_domains
!verify = recipient/callout
# rule for relaying
accept domains = +local_domains
accept domains = +forwarding_domains
accept hosts = +relay_hosts
deny message = relay not permitted
# ACL for MIME check
check_mime:
deny message = Bad attachment filename ($found_extension)
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.scr|\.zip)$\N} \
{1}{0}}
# ACL that is used after the DATA command
check_message:
warn !verify = header_sender
deny message = (C)This message contains a virus ($malware_name).
set acl_m0=clamd:127.0.0.1 3310
malware = *
warn condition = ${if or{\
{eq
{${substr_0_6:$sender_host_address}}{161.74}}\
{>{$message_size}{60K}}\
}\
{0}{1}}
spam = exim
message = X-New-Subject: **SPAM** $h_Subject:
log_message = found spam score over treshold ($spam_score
($spam_bar)) Sender=\'$sender_address\' Subject=$h_Subject
accept
# End of ACL section
Sujit Choudhury
University of Westminster
--
The University of Westminster is a charity and a company limited by
guarantee. Registration number: 977818 England. Registered Office:
309 Regent Street, London W1B 2UW, UK.
--
## List details at
http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
