On 16 Sep 2013, at 15:39, Noel Jones wrote:
> On 9/16/2013 6:41 AM, Rowland Onobrauche wrote:
>
>>
>> Postfix config
>>
>> postconf -n
>> smtpd_recipient_restrictions = permit_mynetworks,
>> reject_invalid_hostname, reject_non_fqdn_hostname,
>> reject_non_fqdn_sender, reject_non_fqdn_recipient,
>> reject_unknown_sender_domain, reject_unknown_recipient_domain,
>> reject_unauth_pipelining, reject_unauth_destination, reject_rbl_client
>> bl.spamcop.net, reject_rbl_client ix.dnsbl.manitu.net,
>> reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client
>> smtp.dnsbl.sorbs.net, reject_rbl_client web.dnsbl.sorbs.net,
>> reject_rbl_client nomail.rhsbl.sorbs.net, reject_rbl_client
>> http.dnsbl.sorbs.net, reject_rbl_client pbl.spamhaus.org,
>> reject_rbl_client psbl.surriel.com, reject_rbl_client
>> zombie.dnsbl.sorbs.net, whitelist_policy, permit
>
>
> I'm wondering the purpose of "whitelist_policy, permit". That's far
> too late in processing for a whitelist.
>
>
>>
>> cat mime_header_checks
>> /name=[^>]*\.(scr|pif|bat|exe|dll|vbs)/ REJECT
>
> Your expression is broken.
>
> There's an excellent example on the header_checks(5) man page. Note
> this is PCRE and not regexp.
> http://www.postfix.org/header_checks.5.html
>
> /etc/postfix/header_checks.pcre:
> /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
> ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
> hlp|ht[at]|
> inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
>
> \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
> ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
> vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
> REJECT Attachment name "$2" may not end with ".$4"
>
>
> If this expression doesn't catch something you think it should, show
> the mime headers of the offending message.
>
>
>
> -- Noel Jones
Ok, cheers noel. I have not tried the PCRE yet. And regarding the
whitelist_policy - disregard it...it does not do what it sounds like it should.
