Hi Tobias, Schürjann, Tobias <[email protected]> (Fr 11 Dez 2015 10:56:51 CET): > I'm using two exim4 MTAs in our DMZ to route mails between our internal > exchange-server and an external smarthost. We are using the acl_check_content > to reject unwanted file extensions. After adding another extension (zip) we > tested the config and noticed, that the acl only works sometimes. In the > rejectlog I can see a few mails that got rejected with the message: "This > message contains an unwanted file extension (zip)", so the acl works, but > most of the Mails are not rejected although they contain zip files.
The is no 'acl_check_content' per se. This seems to be a custom local
configuration.
> Are there conditions, when the acl can't be applied? Is it possible that
> files with the zip extension doesn't get recognized as a zip according to
> their mime information? We are using a smarthost for all outgoing/incoming
> mails as we don't have an unfiltered internet-connection, maybe some kind of
> encrypted connection/TLS are the problem? Is it possible that mails get
> accepted according to the sender/other acls, so that the acl_check_content
> doesn't get applied? The really strange thing throwing me off is: it does
> work, only not for all mails.
>
> deny message = This message contains a MIME error ($demime_reason)
> demime = *
> condition = ${if >{$demime_errorlevel}{2}{1}{0}}
>
> # Reject virus infested messages.
> # deny message = This message contains malware ($malware_name)
> # malware = *
>
> # Reject typically wormish file extensions. There is almost no
> # sense in sending such files by email.
> deny message = This message contains an unwanted file extension
> ($found_extension)
> demime =
> ade:adp:bas:bat:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shb:shs:url:vb:vbe:vb
> s:wsc:wsf:wsh:zip
>
> accept
It should work. Maybe you can keep such message that should have
be rejected. (See the 'no_mbox_unspool').
And, maybe you should move to acl_smtp_mime, instead of using the
obsoleted demime extension.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
