Hi, > > I believe there's a dot missing in the first one, as in '.(386' but > > it's more than that, because I experimented with that too. > > No, it would have to be: \.(386|...) > otherwise '.' just matches any character. Your RE pattern is sloppy > in places, ... correct REs take some care.
Yes, that is what I meant. I believe there were problems with the regex that I fixed, but I was also using header_checks instead of mime_header_checks. Just for completeness, here's what worked for me. Given the following attachment: --000000000000caef4405d964f4b8 Content-Type: text/html; charset="US-ASCII"; name="download.html" Content-Disposition: attachment; filename="download.html" Content-Transfer-Encoding: base64 Content-ID: <f_l0chj96g0> X-Attachment-Id: f_l0chj96g0 TWFpbGd1biBNYWduaWZpY2VudCBBUEk= --000000000000caef4405d964f4b8-- $ postmap -c /etc/postfix -q 'Content-Disposition: attachment; filename="download.html"' pcre:/etc/postfix/mime_header_checks.pcre REJECT ".html" file attachment types not allowed mime_header_checks = pcre:/etc/postfix/mime_header_checks.pcre /^Content-(Disposition|Type):\s+.+?(file)?name="?.+?\.(386|exe|ad[ept]|app|as[dpx]|ba[st]|bin|btm|cab|cb[lt]|cgi|chm|cil|cla(ss)?|cmd|cp[el]|crt|cs[chs]|cvp|dll|dot|drv|em(ai)?l|ex[_e]|fon|fxp|hlp|ht[ar]|in[fips]|html|isp|jar|jse?|keyreg|ksh|lib|lnk|md[abetw]|mht(m|ml)?|mp3|ms[ciopt]|nte|nws|obj|ocx|ops|ov.|pcd|pgm|pif|p[lm]|pot|pps|prg|reg|sc[rt]|sh[bs]?|slb|smm|sw[ft]|sys|url|vb[esx]?|vir|vmx|vxd|wm[dsz]|ws[cfh]|xlw|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/ REJECT ".$3" file attachment types not allowed Can I also ask a more general question? How are other people handling attachments such as those I've listed which really have no purpose these days but to spread malware? The vast majority of HTML attachments we receive are not malicious, but just silently quarantining them was leading to too many support requests. Thanks so much for your help.