We are also considering adding another postfix machine to handle incoming
mail so we can filter that as well.
You can use the same postfix machine for the filtering on both inbound and outbound, and it will hand off to sims. The advantage of doig it on the inbound is you can rejecte attachments based on their extensions:
% cat /etc/postfix/mime_header_checks
# Noel Jones <[EMAIL PROTECTED]> showed a better way (based on a pst by Russell Moseman):
/^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(
ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|eml|hlp|hta|
inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|shs|shm|swf|
vb[esx]?|vxd|wsc|wsf|wsh))(\?=)?"?\s*(;|$)/x
REJECT 598 Attachment name "$2" may not end with ".$3"
and in main.cf
mime_header_checks = pcre:/etc/postfix/mime_header_checks
If a attachment named "innocentfile.pif" arrives it is rejected with the reason "Attachment name 'innocentfile.pif may not end with '.pif'"
Thus, in the extremely unlikely case that someone really means to send a .exe attachment they get a rejection clearly stating what the problem is.
-- I listen to the wind, to the wind of my soul
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
