Re: [exim] acl_check_content doesn't get applied to all mail…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] acl_check_content doesn't get applied to all mails
Hi Tobias,

Schürjann, Tobias <Tobias.Schuerjann@???> (Fr 11 Dez 2015 10:56:51 CET):
> I'm using two exim4 MTAs in our DMZ to route mails between our internal exchange-server and an external smarthost. We are using the acl_check_content to reject unwanted file extensions. After adding another extension (zip) we tested the config and noticed, that the acl only works sometimes. In the rejectlog I can see a few mails that got rejected with the message: "This message contains an unwanted file extension (zip)", so the acl works, but most of the Mails are not rejected although they contain zip files.


The is no 'acl_check_content' per se. This seems to be a custom local
configuration.

> Are there conditions, when the acl can't be applied? Is it possible that files with the zip extension doesn't get recognized as a zip according to their mime information? We are using a smarthost for all outgoing/incoming mails as we don't have an unfiltered internet-connection, maybe some kind of encrypted connection/TLS are the problem? Is it possible that mails get accepted according to the sender/other acls, so that the acl_check_content doesn't get applied? The really strange thing throwing me off is: it does work, only not for all mails.
>
>  deny  message = This message contains a MIME error ($demime_reason)
>        demime = *
>        condition = ${if >{$demime_errorlevel}{2}{1}{0}}

>
>  # Reject virus infested messages.
>  #     deny    message = This message contains malware ($malware_name)
>  #             malware = *

>
>  # Reject typically wormish file extensions. There is almost no
>  # sense in sending such files by email.
>  deny  message = This message contains an unwanted file extension ($found_extension)
>        demime = ade:adp:bas:bat:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shb:shs:url:vb:vbe:vb
> s:wsc:wsf:wsh:zip

>
> accept


It should work. Maybe you can keep such message that should have
be rejected. (See the 'no_mbox_unspool').

And, maybe you should move to acl_smtp_mime, instead of using the
obsoleted demime extension.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -