Exim system filter
Hi Friends!
I'm trying to create a filter to reject messages containing zip files attached, BUT only for a single domain:
The information about creating the filter was get in
#/etc/cpanel_exim_system_filter2 -- Set in WHM to use this file as system filter.
################################
if "$h_to:, $h_cc:, $h_bcc:" contains "domain.com"
then
if $header_content-type: matches "(?:file)?name=(\"[^\">+\\\\.(?:zip)\")"
or $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:zip))"
or $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\">+\\\\.(?:zip)\")[\\\\s;]"
or $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:zip))[\\\\s;]"
then
fail text "This message has been rejected because it has a forbidden attachment."
seen finish
endif
endif
The information about creating the filter was get in
-
Hello :) Are you sending a test email from a remote server with the .zip extension to reproduce this issue, or do you only notice it on actual emails that are sent? Note that you may want to try copying the rules from the following file for this filter: /etc/cpanel_exim_system_filter Simply add "zip" to the rules that list the other file extensions (e.g. exe, eml) and apply it to the single account. Thank you. 0 -
]Hello :) Are you sending a test email from a remote server with the .zip extension to reproduce this issue
Yes, exactly.] Note that you may want to try copying the rules from the following file for this filter: /etc/cpanel_exim_system_filter Simply add "zip" to the rules that list the other file extensions (e.g. exe, eml) and apply it to the single account. Thank you.
Something like this?if "$h_to:, $h_cc:, $h_bcc:" contains "domain.com" and $header_content-type: matches "(?:file)?name=(\"[^\">+\\\\.(?:zip)\")" then fail text "This message has been rejected because it has\n\ potentially executable content $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finish endif0 -
Yes, that would be one way to implement the rule. Thank you. 0 -
Thanks Michael. Unfortunatelly, the rule do not works yet. Well, I'll continue trying. Thanks ;) 0 -
You may want to post to the Exim users mailing list for advice on custom Exim filter rules: Exim Users Mailing List Thank you. 0
Please sign in to leave a comment.
Comments
5 comments