On Sat, Sep 19, 2009 at 01:15:51AM +1200, Paul Collins wrote:
> You can probably implement pretty much any policy you desire with the
> aid of header_checks and/or body_checks.
True, that.
I currently have
v64:/etc/postfix# cat body_checks.regexp
/^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$/
REJECT Keep your executables!
/^Subject:xyzzy/ REJECT demo xyzzy reject
/^Content-Type: *text\/html/ REJECT
which doesn't seem to be working anymore. Which is strange, since
I do have in my /etc/postfix/main.cf
body_checks = regexp:/etc/postfix/body_checks.regexp
mime_header_checks = pcre:/etc/postfix/mime_header_checks.pcre
Below works though
v64:/etc/postfix# cat mime_header_checks.pcre
/^Content-(?:Disposition:\s+attachment;|Type:).*\b(?:file)?name\s*=.*\.(?:
ad[ep] |
asd |
ba[st] |
chm |
cmd |
com(?=$|") |
cpl |
crt |
dll |
eml |
cpl |
crt |
dll |
do |
eml |
exe |
gif |
png |
jpg |
jpeg |
hlp |
hta |
in[ifs] |
isp |
js |
jse? |
lnk |
md[betw] |
ms[cipt] |
nws |
ocx |
ops |
pcd |
p[ir]f |
pps |
reg |
rm |
sc[frt] |
sh[bsm] |
swf |
url |
vb[esx]? |
vxd |
zip |
ws[cfh] |
\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}
)\b/x REJECT The content you sent to this destination is no longer accepted here due to spam and malware load.
I guess I should just take it to the postfix-users list. Thanks.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE