Anybody here today? :)) ok, I can say after a few hours that the following regex picked up 200+ attachments that weren't being caught, body_checks.regexp:
/name=.*\.((exe|ex_|eml|scr|pif|bat|shs|shb|vxd|rm|chm|vbs|ini|cmd|hta|reg|lnk|js|jse))/ REJECT Interdicted file attachment of type "filename .$1" yep, not BOL-anchored (these line start with " ") and no MIME header BOL of ^content, either. note: that "=.*" in place of the filename is dangerous, and I had to remove "com" and "net" from the (match) because it was picking up www.domain.com and URL crap in HTML. it gives rejects like: Jan 29 21:06:18 mx1 postfix/cleanup[87173]: 39AAC2A877: reject: body ?name="text_pif" from mail.xxxxx.com[xxxx]; from=<> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<mail.xxx.com>: Interdicted file attachment of type "filename_pif" I'd like some of you to try that regex, putting it at the end of body_checks.regexp, so that all other regex's have their chance to catch them first. btw, if you're nervous, replace REJECT with WARNING, but be sure to use a unique msg txt so you can trace the maillog lines. Len
