Maurizio,
> I am able to filter DSN very simply:
>
> $banned_filename_re = new_RE(
> [..snip..]
> qr'^multipart/report$'i,
>
> what i should do is block per-recipient, not for all.
> Can i do that with amavis or should i use procmail?
Per-recipient handling is possible for banning. You need to
give rulesets a name through %banned_rules, then reference these
names through a list of per-recipient lookups @banned_filename_maps.
For example (not necessarily useful):
%banned_rules = (
'NO-MS-EXEC'=> new_RE( qr'^\.(exe-ms)$' ),
'PASSALL' => new_RE( [qr'^' => 0] ),
'ALLOW_EXE' => # pass executables except if name ends in .vbs .pif .scr .bat
new_RE( qr'.\.(vbs|pif|scr|bat)$'i, [qr'^\.exe$' => 0] ),
'ALLOW_VBS' => # allow names ending in .vbs
new_RE( [qr'.\.vbs$' => 0] ),
'NO-VIDEO' => new_RE( qr'^\.movie$',
qr'.\.(asf|asx|mpg|mpe|mpeg|avi|mp3|wav|wma|wmf|wmv|mov|vob)$'i, ),
'NO-MOVIES' => new_RE( qr'^\.movie$', qr'.\.(mpg|avi|mov)$'i, ),
'MYNETS-DEFAULT' => new_RE(
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
qr'.\.(vbs|pif|scr)$'i, # banned extension - rudimentary
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
qr'^\.(exe-ms)$', # banned file(1) types
),
'DEFAULT' => $banned_filename_re,
);
@banned_filename_maps = (
{'use...@example.com' => 'ALLOW_EXE',
'use...@example.com' => 'NO-MS-EXEC,PASSALL',
'use...@example.com' => 'ALLOW_EXE',
'us...@example.com' => 'ALLOW_VBS',
'us...@example.com' => 'ALLOW_VBS,ALLOW_EXE',
'.' => 'DEFAULT',
},
);
amavisd-new-2.3.0 release notes :
- banned filename/filetype rules can now be specified on a per-recipient basis
Structure of @banned_filename_maps config variable has changed in
incompatible way to allow per-recipient banned rules: it is now a
two level map, similar to the structure of @score_sender_maps.
Lookup keys used at the first level are recipient addresses, results from
this lookup can be either a ref to a list of second-level lookup tables, or
a string which is interpreted as a comma-separated (or whitespace-separated)
list of _names_ of second-level lookup tables. These names are mapped to
actual second-level lookup tables through an associative array %banned_rules.
The indirection by names through %banned_rules is primarily intended for
SQL and LDAP lookups, which can not return complex data structures and
Perl code (and should not do so for security reasons), but names may just
as well be used by static lookups.
The resulting list of second-level lookup tables (which in most cases is
a list containing a single element $banned_filename_re, which makes it
compatible with existing setups) is looked up by using keys such as part
file name and part file type, exactly like in previous versions.
The previous default assignment:
@banned_filename_maps = ( \$banned_filename_re );
is now incorrect, it can be rewritten (if explicit assignment is desired) as:
@banned_filename_maps = ( {'.' => [$banned_filename_re]} );
or (by giving a name to a lookup table):
@banned_filename_maps = ( {'.' => 'MYRULES'} );
%banned_rules = ('MYRULES' => $banned_filename_re);
which is equivalent to the default setting of both variables:
@banned_filename_maps = ( {'.' => 'DEFAULT'} ); # proper two-level struct.
@banned_filename_maps = ( 'DEFAULT' ); # same as previous, but shorter
%banned_rules = ('DEFAULT' => $banned_filename_re);
The SQL table 'policy' may now contain an optional field 'banned_rulenames',
which is a comma-separated (or whitespace-separated) list of _names_ of
second-level lookup tables, with semantics as described above for static
lookups.
The configuration variable @banned_filename_maps is a member of policy banks
as before. The associative array %banned_rules is global and is not a member
of policy banks.
The alternative 'banned file' mechanism $banned_namepath_re hasn't changed
and is still not merged into @banned_filename_maps, which means it can not
be used when per-recipient banned rules are needed. Perhaps in the
next version...
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
