Ian Ward writes:
>>
>> Is it possible to have courier remove attachments such as exe, com, bat,
>> url, etc on incoming mail, as well as, indicate in the message that the
>> attachment was removed?
>
> < SAM - do not read this you will hate it >
>
> I use the following in my .mailfilter file:
>
> # Quarantine
> if( ! /From:.*mydomain.com.au/)
> if(/.*name=.*\.exe\"/:b \
> || /.*name=.*\.vbs\"/:b \
> || /.*name=.*\.bat\"/:b \
> || /.*name=.*\.com\"/:b \
> || /.*name=.*\.scr\"/:b \
> || /.*name=.*\.pif\"/:b )
> {
> to "Maildir/.Quarantine"
> }
>
> It scans the body of the message for matching lines. It's crude but traps
> suspect messages sent to me.
> I also use the following in the global /etc/courier/maildroprc, this will
> redirect all suspect mail in my domain to me (and then subsequently into
> quarantine)
>
> if(/Delivered-To:.*ian\@mydomain.com.au/)
> {
> }
> else
> if(/.*name=.*\.exe\"/:b \
> || /.*name=.*\.vbs\"/:b \
> || /.*name=.*\.bat\"/:b \
> || /.*name=.*\.com\"/:b \
> || /.*name=.*\.scr\"/:b \
> || /.*name=.*\.pif\"/:b )
> {
> to "[EMAIL PROTECTED]"
> }
>
> </SAM>
>
> I do not recommend you do this on a busy server, it can load the server.
> Ian
>
I suspect it would load a busy server much less if you did one search for a
more complicated pattern rather than many searches for a simple pattern, as
you have done...
--
Bill Michell
[EMAIL PROTECTED] (home)
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
