Here's the policy as it currently stands: o mail that consists only of a MIME attachment gets bounced o HTML mail gets bounced o all attachments that aren't text/plain get stripped o other than the bounces in the first two cases, no notification is sent to the sender that their attachments have been removed
Sounds good. Have you also considered implementing AV scanning so that people who are infected get notification? I find it very amusing to receive emails like "so and so tried to email you, but it was blocked cause they have a virus, they have also been notified" I noticed these picked up a LOT shortly after sircam became popular (although today so far I've receieved upwards of 10 Sircam infected emails :P. One thing, Mutt with GnuPG signed email shows up as two attachments, make sure you don't block those or you might get some crypto people unhappy. One thing to consider for a total ban: ctrl-R in pine, cut and paste, etc. You can put stuff into the email message. It shouldn't be so long that it needs compression or causes problems. The main argument against is imap users can get headers/message bodies/attachments seperately, so for people on dialup with imap it sort of sucks.
I think that this is reasonable compromise that allows people to attach log snippets or gpg keys while keeping HTML and "vcards" out, but you comments are of course welcome.
Amen.
Thanks again for the input, I really appreciate it.
-ckm
-Kurt