Hi,
Try to change this line:
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
to
condition = ${if >{$demime_errorlevel}{2}}
>-------- Оригинално писмо --------
>От: Schürjann, Tobias Tobias.Schuerjann@???
>Относно: [exim] acl_check_content doesn't get applied to all mails
>До: "exim-users@???"
>Изпратено на: 11.12.2015 11:56
Hi Guys!
I'm using two exim4 MTAs in our DMZ to route mails between our internal exchange-server and an external smarthost. We are using the acl_check_content to reject unwanted file extensions. After adding another extension (zip) we tested the config and noticed, that the acl only works sometimes. In the rejectlog I can see a few mails that got rejected with the message: "This message contains an unwanted file extension (zip)", so the acl works, but most of the Mails are not rejected although they contain zip files.
Are there conditions, when the acl can't be applied? Is it possible that files with the zip extension doesn't get recognized as a zip according to their mime information? We are using a smarthost for all outgoing/incoming mails as we don't have an unfiltered internet-connection, maybe some kind of encrypted connection/TLS are the problem? Is it possible that mails get accepted according to the sender/other acls, so that the acl_check_content doesn't get applied? The really strange thing throwing me off is: it does work, only not for all mails.
Kind regards,
schuert
Here is a short excerpt of the acl config:
acl_check_content:
# First unpack MIME containers and reject serious errors.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject virus infested messages.
# deny message = This message contains malware ($malware_name)
# malware = *
# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
deny message = This message contains an unwanted file extension ($found_extension)
demime = ade:adp:bas:bat:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shb:shs:url:vb:vbe:vb
s:wsc:wsf:wsh:zip
# Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings
# (user "nobody"), no matter if over threshold or not.
# warn message = X-Spam-Score: $spam_score ($spam_bar)
# spam = nobody:true:tobias.schuerjann*
# warn message = X-Spam-Report: $spam_report
# spam = nobody:true
# Add X-Spam-Flag if spam is over system-wide threshold
# warn message = X-Spam-Flag: YES
# spam = nobody
# Reject spam messages with score over 10, using an extra condition.
# deny message = This message scored $spam_score points. Congratulations!
# spam = nobody:true
# condition = ${if >{$spam_score_int}{100}{1}{0}}
# finally accept all the rest
accept
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
