Introduction
You may use the following procedure to whitelist certain attachments through the Exim filter.
Procedure
- Access your server via SSH as the root user
- Make a copy of the default attachment filter file:
cp -v /usr/local/cpanel/etc/exim/sysfilter/options/attachments /usr/local/cpanel/etc/exim/sysfilter/options/custom_attachments
- Open the custom filter file with your preferred text editor
- Find the following lines that define the default attachment filters:
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]" - Edit the lines to remove the attachment types you wish to allow. This step must be done carefully to avoid issues with the regex rule. If you are not comfortable making the required changes, please work with your System Administrator to avoid issues.
- When the filter has been edited and saved, access the server via WHM as the root user
- Navigate to "Home / Service Configuration / Exim Configuration Manager"
- In the "Basic" editor, select the "Filter" tab
- Enable your custom Exim filter by selecting the custom radio button for "Custom Filter: custom_attachments."
- Disable the filter "Attachments: Filter messages with dangerous attachments"
- Select "Save" to commit your changes and rebuild the Exim configuration
Comments
0 comments
Article is closed for comments.