>craig here from geologistics,
>
>as you know we are blocking attachments here, but we are seeing on occasions
>
>some attachments getting through
Hi Craig,
I suggest you upgrade to latest postfix, the "trace" version of this month.
That will also give you the new sender address verification feature.
Also in there, there is a new mime_header_checks feature as well as the
body_checks and header_checks.
Here is a list from Russell Moseman on the postfix list:
mime_header_checks
# block windows executables
/^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(
ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|eml|exe|hlp|hta|
inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|url|
vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh))"?\s*$/x
REJECT Attachment name "$2" may not end with ".$3"
body_checks
# don't bother checking each line of attachments
/^[0-9a-z+\/=]{60,}\s*$/ OK
# block iframe hack
/<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>/ REJECT iframe exploit
detected
# UUencoded files
/^begin(-base64)? [0-9]{1,4} (.*\.(
ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|
eml|exe|hlp|hta|inf|ins|isp|js|jse|lnk|
mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|
pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
url|vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh))$/x
REJECT Encoded file name "$1" may not end with ".$2"
** edit the texts after REJECT's to suit
** don't forget the /x a the end so the whitespace in the multi-line
/...../ is excluded.
** and compile postfix with PCRE, and replace
regexp:/path/to/file
with
pcre:/path/to/file
... PCRE being wonderfully faster then POSIX.
Len
