|
|
< Day Day Up > |
|
Recipe 21.7. Rejecting Messages with Attachments21.7.1 ProblemYou want to block messages with certain attachments at the SMTP level. 21.7.2 SolutionUse Postfix's mime_header_checks, using the following regexp: # this must be one unbroken line
/filename=\"?(.*)\.(bat|cmd|com|dot|exe|hta|scr|pif|vbe|vbs)\"?$/
REJECT keep your malware off my network
# this must be one unbroken line
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|vxd
|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|))"?\s*$/
REJECT Attachments that contain or end in "$3" are prohibited on this server. "$2" is
the name of the rejected filePut this in a file and call it /etc/postfix/mime_header_checks. Then add it to main.cf: mime_header_checks = regexp:/etc/postfix/mime_header_checks Remember to run postfix reload after changing main.cf. Edit the list of file types to suit your own needs. The list in the example does not include any MS Office document file formats, such as .xls, .xlk, .doc, .wdb, .wri, .wrs, .ppt, and so forth; you may wish to add some of these. 21.7.3 DiscussionYou can, with one simple regexp, reject all messages with attachments: /filename=\"/ REJECT all messages with attachments are rejected Just keep in mind that this will also reject messages with Vcards, messages with GPG signatures that are attached rather than inline, HTML messages that attach images as separate files, and Outlook/Outlook Express messages that use MS-TNEF (MS-TNEF is useless to anyone not running Outlook/Outlook Express, because it's a proprietary rich-text format that no one else can read). Keep in mind that even if you don't care about rejecting all these things, the senders will not know that their messages were rejected, unless they read their mail logs. Why list only Microsoft file types? That's up to you—you can list anything you want. Certainly, Windows is the hands-down winner at extending a warm, friendly welcome to malware via email. 21.7.4 See Also
|
|
|
< Day Day Up > |
|