search

sbidy / MacroMilter

This python based milter (mail-filter) checks an incoming mail for suspicious VBA macro code in MS 20xx Office attachments (doc, xls, ppt ...).
MIT License
37 stars 14 forks source link

Add new option to allow suspicious macros depending on recipient #47

Open robert-scheck opened 5 years ago

robert-scheck commented 5 years ago

I think it would be helpful to introduce a new configuration option to allow suspicious macros depending on recipient, so that special destination e-mail addresses/mailboxes still can receive e-mails with suspicious macros. A typical scenario that comes to my mind is abuse@… or postmaster@….

In order to be flexible, the suggestion is to make the configuration option something like an array of strings with regular expression support. If I run example.net and would like to ensure that somebody can send suspicious macros to abuse@example.net, that's one case (= string). However, if I (or my users) would like to be able to report such suspicious macros, including to remote abuse teams of foreign domains, something like ^(abuse|postmaster)@ (= regular expressions) could get important, too.

dvadell commented 5 years ago

Hi I would love to have this. I have 50 domains in one server, and it would be great to start using it on a per-domain or per-mailbox basis.

Thanks for making macromilter available!