Question
How can I block specific extensions to prevent email delivery?
Answer
cPanel allows you to create custom Exim filters which can be used to block specific file extensions like ".zip" or ".bin" to mention a few examples.
This can be done by creating a new filter file within the following path:
/usr/local/cpanel/etc/exim/sysfilter/options/
The new file would contain the filter, for example, would have the following regular expressions which are located by default within "/usr/local/cpanel/etc/exim/sysfilter/options/attachments":
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|zip|sct|shs|url|vb[se]|ws[fhc])\")"
if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|zip|scr|sct|shs|url|vb[se]|ws[fhc]))"
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|zip|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|zip|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
For detail information on how to create a custom filter to block extensions or reject emails, please visit: How to Customize the Exim System Filter File