Re: [exim] Exim misses some attachments.

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
MAlways Learning à <-
Mpencho kuncho à ->
Supprimer ce message
Répondre à ce message
Auteur: pencho kuncho
Date:  
À: Exim-users
Sujet: Re: [exim] Exim misses some attachments.
I found that message from Lena to one of ours members and wil try his solution.

Insert into the beggining of Exim config:

check_rfc2047_length = false
acl_smtp_mime = acl_check_mime
begin acl
acl_check_mime:
  deny message = Windows-executable attachments forbidden
      condition = ${if def:sender_host_address}
      !authenticated = *
      log_message = forbidden attachment: filename=$mime_filename, \
                    content-type=$mime_content_type, recipients=$recipients
      condition = ${if or{\
                          {match{$mime_content_type}{(?i)executable}}\
                          {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|pif\
    |scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
                          }}

  deny message = A .zip attachment contains a Windows-executable file - \
                blocked because we are afraid of new viruses \
                not recognized [yet] by antiviruses.
      condition = ${if match{$mime_filename}{\N(?i)\.zip$\N}}
      condition = ${if def:sender_host_address}
      !authenticated = *
      decode = default
      log_message = forbidden binary in attachment: filename=$mime_filename, \
                    recipients=$recipients
      condition = ${if match{${run{/usr/local/bin/unzip -l \
                                    $mime_decoded_filename}}}\
                            {\N(?i)\n .+\.(zip|exe|com|vbs|bat|pif|scr|hta\
          |js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)\n\N}}

  accept 


      From: Always Learning <exim@???>
 To: Exim <exim-users@???> 
 Sent: Thursday, December 17, 2015 8:45 PM
 Subject: Re: [exim] Exim misses some attachments.



On Thu, 2015-12-17 at 17:11 +0000, Jeremy Harris wrote:

> On 17/12/15 16:42, Always Learning wrote:
> >
> > warn demime    = ace:bat:btm:cab:chm:cmd:com:cpl:dat:dll:exe:hta: \
> >                    js:jsp:lnk:msi:pif:prf:reg:scr:sys:url:vbe:vbs

> At a guess, the acl_smtp_mime equivalent:
>
>  warn condition = ${if match {$mime_filename} \
>                      {\\.(ace|bat|btm|cab|chm|cmd|com|\
>                            cpl|dat|dll|exe|hta|\
>                            js|jsp|lnk|msi|pif|prf|reg|scr|\
>                            sys|url|vbe|vbs)\$}}
> >
> > .... et cetera.

Thank you. It looks correct.

> ... assuming you don't need the content of the file.

No. Being exclusively, and happily, Linux (Centos) for the last 6? years
we reject everything M$ except for word processing and spreadsheets.

Unlike some, we have the freedom to successfully reject spam and other
crap before ACL Data (and now ACL Mime) so this mime defence may never
be deployed.

Thanks again.




--
Regards,

Paul.
England, EU.      England's place is in the European Union.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-users
Informations sur la liste de diffusion | Messages voisins		<-Re: [exim] Help with log message: failed to find host nameRe: [exim] Exim misses some attachments.->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)