I'm looking to understand best practices with regard to rejecting filename extensions.
The example provided in /usr/share/doc/mimedefang shows a very long list of extensions to be rejected. I know some hosted mail providers don't allow .exe. It annoys me but I just change the extension and it goes through. And I know that some providers don't allow .zip. So folks using those providers just change it to .piz and it goes through. I presume this is, indeed, a little safer, since the recipient has to take an extra step to change the extension. And, presumably, they would only do that if they knew what they were getting. But I wonder if that's just the appearance of additional security or if it's a true improvement. So, what do the folks here with much more experience than I do, and why? Thanks much, Michael _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
