From: Noel Jones (no email)
Date: Mon Sep 01 2003 - 01:39:56 EDT
On Sun, Aug 31, 2003 at 11:19:33PM -0600, LuKreme wrote:
> I have separate files. the above is in /etc/postfix/header_checks
>
> /etc/postfix/mime_header_checks:
> # Noel Jones <> showed a better way:
> /^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(
> ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
> inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
> ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|shs|shm|swf|
> vb[esx]?|vxd|wsc|wsf|wsh))(\?=)?"?\s*(;|$)/x
> REJECT 598 Attachment name "$2" may not end with ".$3"
this is a mime header. If you have separet files it belongs in
mime_header_checks. The header_checks function will never see this.
Also please note that I don't claim the above is a complete list
of potentially dangerous content. In particular, I don't reject html?
extenstions which could contain executable code.
I'm sure there are others extensions that I just don't reject for
local policy reasons.
and to give full credit, the expression is based on and nearly
identical to one posted here last year by Russell Moseman.
>
>
> /etc/postfic/main.cf:
> mime_header_checks = pcre:/etc/postfix/mime_header_checks
> header_checks = pcre:/etc/postfix/header_checks
>
> % postmap -q - pcre:/etc/postfix/header_checks < test.spam
> content-type: text/html; charset="windows-1251" WARN 597 No HTML-ONLY
> email allowed.
>
Yes, you can use
/..../ REJECT 597 No HTML-ONLY
where the 597 is a local accounting/logging code.
You can grep 'postfix/cleanup.*: reject:' to get all items rejected by
*header_checks and body_checks.
-- Noel Jones
|
|
|