|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mime & body smtp filtering image attachments
From: Adam D (emlists
gmail.com)
Date: Tue Dec 12 2006 - 21:41:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Noel Jones wrote:
> At 02:30 PM 12/12/2006, Adam D wrote:
>> I have been working hard for a server to block all image attachments
>> esp. the gif with all the pump and dump scams/spam. However every
>> smtp rule I create they still make it through the door. Is it
>> because the embed attached gif is in 64 bit format and postfix can
>> not do anything in the 64 bit?
>>
>> part of message...
>>
>> ------=_NextPart_001_0005_01C71D7E.35A6D800--
>>
>> ------=_NextPart_000_0004_01C71D7E.35A6D800
>> Content-Type: image/gif;
>> name="management.gif"
>> Content-Transfer-Encoding: base64
>> Content-ID: <000301c71d3b$27839800$00000000hkzjze1tfbdrxy>
>>
>>
>>
>> I have been creating rules in the mime and header files to block
>> accepting gifs but they still get through.
>>
>> sample of mime_header_checks
>>
>> #### Image attachements
>> /name=\"(.*)\.(gif|xcf|pix|matte|mask|alpha|als|fli|flc|dcm|dicom|eps|fit|fits|gif|gbr|gih|xjt|xjtgz|xjbz2|pat|html|htm|jpg|jpeg|jpe|cel|mng|ico|pgm|png|ppm|psd|ps|shp|im1|im8|im24|im32|rs|ras|sgi|rgb|bw|icon|tif|tiff|tga|bmp|xbm|icon|bitmap|xpm|xwd|pcx|pcc)\"$/
>>
>> REJECT Image attachements not allowed
>>
>>
>>
>> sample of body_checks
>>
>> /name=\"(.*)\.(gif|xcf|pix|matte|mask|alpha|als|fli|flc|dcm|dicom|eps|fit|fits|gif|gbr|gih|xjt|xjtgz|xjbz2|pat|html|htm|jpg|jpeg|jpe|cel|mng|ico|pgm|png|ppm|psd|ps|shp|im1|im8|im24|im32|rs|ras|sgi|rgb|bw|icon|tif|tiff|tga|bmp|xbm|icon|bitmap|xpm|xwd|pcx|pcc)\"$/
>>
>> REJECT Image attachements not allowed
>>
>>
>>
>> What I am guessing postfix can't filter out the gif because of the
>> base64 as shone above? Thanks for any new input on this.
>
>
> The mime_header_checks expression you posted should work on the header
> shown.
> Note the quote marks are optional, there may be whitespace around the
> =, and there may be either whitespace or additional mime options after
> the filename. For file blocking I use a mime_header_checks similar to:
> (all one line, edit the extensions as you wish)
>
> /^Content-.*name[[:space:]]*=[[:space:]]*"?(.*(\.|=2E)(
> ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta
> ))(\?=)?"?[[:space:]]*(;|$)/
> REJECT bad attachment
>
> so what does
> # postconf mime_header_checks
> show?
>
> have you disabled header checks with received_override_options either
> in main.cf or master.cf?
>
> Postfix isn't trying to match the base64 content, only the filename in
> the header. Body_checks aren't going to be much help here.
> Occasionally the filename will be quoted-printable encoded, and
> postfix must be able to match that exactly. Check the message source
> using vi or some other low-level tool on the unix mail store. Don't
> trust what it shows in your mail reader.
>
That worked perfectly. I updated the mime_header_checks on the other
servers as well. All I had to do was have a correctly written rule.
Thank you.
-Adam
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]