Hi, we are using the suse IMAP2 mail server. I have added a body_check statemant to reject exe and other stuff. However it works for outgoing mail, but not for incoming ! I looked in the mailinglist and tried a few attach_filters, but none of them worked. Any idea ? system suse imap2 + H+BEDV Antiviren Scanner main.cf: ---------------------- ... alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldapml body_checks = regexp:/etc/postfix/attach_filter canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin content_filter = smtp:localhost:10024 daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 10 default_privs = cyrus header_checks = regexp:/etc/postfix/attach_filter .... ---------------------------- #cat attach_filter /^begin [0-9]+ .*\.(dll|pif|vb|vbe|vbs|exe|com|bat|lnk)/ REJECT ---------------------------- Mit freundlichem Gruss Peer-Joachim Koch _________________________________________________________ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Carl-Zeiss-Promenade 10 Telefon: ++49 3641 6437-52 D-07745 Jena Telefax: ++49 3641 6437-10
Peer-Joachim Koch wrote:
Hi,
we are using the suse IMAP2 mail server. I have added a body_check statemant to reject exe and other stuff. However it works for outgoing mail, but not for incoming ! I looked in the mailinglist and tried a few attach_filters, but none of them worked.
Any idea ?
system suse imap2 + H+BEDV Antiviren Scanner main.cf: ---------------------- ... alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldapml body_checks = regexp:/etc/postfix/attach_filter canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin content_filter = smtp:localhost:10024 daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 10 default_privs = cyrus header_checks = regexp:/etc/postfix/attach_filter .... ---------------------------- #cat attach_filter /^begin [0-9]+ .*\.(dll|pif|vb|vbe|vbs|exe|com|bat|lnk)/ REJECT
maybe, your attachments are not encoded, try to add: /^(.*)name\=\"(.*)\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|eml|hlp|spl|swf|shb|vba|dll|reg|ocx|wsf|wsh|lnk)\"$/ REJECT and don't forget to reload ;) -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
Hi,
--On Montag, Januar 07, 2002 12:25:49 +0100 Sven Michels
Peer-Joachim Koch wrote:
Hi, ..... # cat attach_filter /^begin [0-9]+ .*\.(dll|pif|vb|vbe|vbs|exe|com|bat|lnk)/ REJECT
maybe, your attachments are not encoded, try to add: /^(.*)name\=\"(.*)\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|e ml|hlp|spl|swf|shb|vba|dll|reg|ocx|wsf|wsh|lnk)\"$/ REJECT
and don't forget to reload ;)
I tried it - without success. Using a WEB-Mailer I can still send exe-files
:(
I have added the test mail:
----------------------------------------
X-Sieve: cmu-sieve 2.0
Return-Path:
Hi, from the number of rejections of my posting it seems to work on other mail server very well - even if no attachment is included. Bye, Peer-Joachim Koch _________________________________________________________ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Carl-Zeiss-Promenade 10 Telefon: ++49 3641 6437-52 D-07745 Jena Telefax: ++49 3641 6437-10
Peer-Joachim Koch wrote:
maybe, your attachments are not encoded, try to add: /^(.*)name\=\"(.*)\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|e ml|hlp|spl|swf|shb|vba|dll|reg|ocx|wsf|wsh|lnk)\"$/ REJECT
and don't forget to reload ;)
I tried it - without success. Using a WEB-Mailer I can still send exe-files :(
--'ThIs-RaNdOm-StRiNg-/=_.639734355: Content-Type: application/octet-stream;name=nshc.exe Content-Disposition: attachment;filename=nshc.exe
take a look: the regex match name="something.extension" notice the ". your can remove them in the regex to let it work or modify the regex, maybe to "* HTH -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
participants (2)
-
Peer-Joachim Koch
-
Sven Michels