Hi Guys!
I'm using two exim4 MTAs in our DMZ to route mails between our internal
exchange-server and an external smarthost. We are using the acl_check_content
to reject unwanted file extensions. After adding another extension (zip) we
tested the config and noticed, that the acl only works sometimes. In the
rejectlog I can see a few mails that got rejected with the message: "This
message contains an unwanted file extension (zip)", so the acl works, but most
of the Mails are not rejected although they contain zip files.
Are there conditions, when the acl can't be applied? Is it possible that files
with the zip extension doesn't get recognized as a zip according to their mime
information? We are using a smarthost for all outgoing/incoming mails as we
don't have an unfiltered internet-connection, maybe some kind of encrypted
connection/TLS are the problem? Is it possible that mails get accepted
according to the sender/other acls, so that the acl_check_content doesn't get
applied? The really strange thing throwing me off is: it does work, only not
for all mails.
Kind regards,
schuert
Here is a short excerpt of the acl config:
acl_check_content:
# First unpack MIME containers and reject serious errors.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject virus infested messages.
# deny message = This message contains malware ($malware_name)
# malware = *
# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
deny message = This message contains an unwanted file extension
($found_extension)
demime =
ade:adp:bas:bat:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shb:shs:url:vb:vbe:vb
s:wsc:wsf:wsh:zip
# Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide
settings
# (user "nobody"), no matter if over threshold or not.
# warn message = X-Spam-Score: $spam_score ($spam_bar)
# spam = nobody:true:tobias.schuerjann*
# warn message = X-Spam-Report: $spam_report
# spam = nobody:true
# Add X-Spam-Flag if spam is over system-wide threshold
# warn message = X-Spam-Flag: YES
# spam = nobody
# Reject spam messages with score over 10, using an extra condition.
# deny message = This message scored $spam_score points. Congratulations!
# spam = nobody:true
# condition = ${if >{$spam_score_int}{100}{1}{0}}
# finally accept all the rest
accept
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
