Closed ecki closed 7 years ago
I guess we'll just remove the topmost 6 lines from vexim-acl-check-content.conf
.
Removing is just a workaround. There is now a special acl-list for mime-variables: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
Rules are a bit longer and more diverse, I found a list with some examples here: http://wiki.wlug.org.nz/EximMailFilter
Thanks to regexp, we could block potentially dangerous double extensions like .doc.exe. Or only allow a few exceptions like .tar.gz. We should test these rule with some standard mail programs and webmailers.
Ahh, github search didn't tell me that the second filter in vexim-acl-check-content.conf
also uses demime, so I was under an impression that we're only using this option to filter out emails with MIME errors.
I doubt it's worthy to filter particularly on double extensions though, if we disallow .exe and similar dangerous attachments in general.
Since Exim 4.88 (on FreeBSD) the "demime" ACL option is removed. I needed to remove some of the rules in vexim-acl-check-content.conf, is it planned to provide a new temlate for this?