[exim] acl_check_content doesn't get applied to all mails

Góra strony
Delete this message
Reply to this message
Autor: Schürjann, Tobias
Data:  
Dla: exim-users@exim.org
Temat: [exim] acl_check_content doesn't get applied to all mails
Hi Guys!

I'm using two exim4 MTAs in our DMZ to route mails between our internal exchange-server and an external smarthost. We are using the acl_check_content to reject unwanted file extensions. After adding another extension (zip) we tested the config and noticed, that the acl only works sometimes. In the rejectlog I can see a few mails that got rejected with the message: "This message contains an unwanted file extension (zip)", so the acl works, but most of the Mails are not rejected although they contain zip files.

Are there conditions, when the acl can't be applied? Is it possible that files with the zip extension doesn't get recognized as a zip according to their mime information? We are using a smarthost for all outgoing/incoming mails as we don't have an unfiltered internet-connection, maybe some kind of encrypted connection/TLS are the problem? Is it possible that mails get accepted according to the sender/other acls, so that the acl_check_content doesn't get applied? The really strange thing throwing me off is: it does work, only not for all mails.

Kind regards,
schuert


Here is a short excerpt of the acl config:

acl_check_content:

 # First unpack MIME containers and reject serious errors.
 deny  message = This message contains a MIME error ($demime_reason)
       demime = *
       condition = ${if >{$demime_errorlevel}{2}{1}{0}}


 # Reject virus infested messages.
 #     deny    message = This message contains malware ($malware_name)
 #             malware = *


 # Reject typically wormish file extensions. There is almost no
 # sense in sending such files by email.
 deny  message = This message contains an unwanted file extension ($found_extension)
       demime = ade:adp:bas:bat:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shb:shs:url:vb:vbe:vb
s:wsc:wsf:wsh:zip


# Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
# (user "nobody"), no matter if over threshold or not.
#  warn  message = X-Spam-Score: $spam_score ($spam_bar)
#        spam = nobody:true:tobias.schuerjann*
#  warn  message = X-Spam-Report: $spam_report
#        spam = nobody:true


# Add X-Spam-Flag if spam is over system-wide threshold
#  warn message = X-Spam-Flag: YES
#       spam = nobody


# Reject spam messages with score over 10, using an extra condition.
#  deny  message = This message scored $spam_score points. Congratulations!
#        spam = nobody:true
#        condition = ${if >{$spam_score_int}{100}{1}{0}}


# finally accept all the rest
accept