On 16 Sep 2013, at 15:39, Noel Jones wrote: > On 9/16/2013 6:41 AM, Rowland Onobrauche wrote: > >> >> Postfix config >> >> postconf -n >> smtpd_recipient_restrictions = permit_mynetworks, >> reject_invalid_hostname, reject_non_fqdn_hostname, >> reject_non_fqdn_sender, reject_non_fqdn_recipient, >> reject_unknown_sender_domain, reject_unknown_recipient_domain, >> reject_unauth_pipelining, reject_unauth_destination, reject_rbl_client >> bl.spamcop.net, reject_rbl_client ix.dnsbl.manitu.net, >> reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client >> smtp.dnsbl.sorbs.net, reject_rbl_client web.dnsbl.sorbs.net, >> reject_rbl_client nomail.rhsbl.sorbs.net, reject_rbl_client >> http.dnsbl.sorbs.net, reject_rbl_client pbl.spamhaus.org, >> reject_rbl_client psbl.surriel.com, reject_rbl_client >> zombie.dnsbl.sorbs.net, whitelist_policy, permit > > > I'm wondering the purpose of "whitelist_policy, permit". That's far > too late in processing for a whitelist. > > >> >> cat mime_header_checks >> /name=[^>]*\.(scr|pif|bat|exe|dll|vbs)/ REJECT > > Your expression is broken. > > There's an excellent example on the header_checks(5) man page. Note > this is PCRE and not regexp. > http://www.postfix.org/header_checks.5.html > > /etc/postfix/header_checks.pcre: > /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( > ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| > hlp|ht[at]| > inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| > > \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| > ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| > vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x > REJECT Attachment name "$2" may not end with ".$4" > > > If this expression doesn't catch something you think it should, show > the mime headers of the offending message. > > > > -- Noel Jones
Thanks to all that contributed to a possible resolution. I have decided to allow the attachments and leave them to mailscanner to filter/quarantine as some we are receiving are actually legit attachments. At least if they are quarantined, i have the option to release. thanks
