rimas-kudelis
commented
7 years ago I guess we'll just remove the topmost 6 lines from vexim-acl-check-content.conf.
Closed ecki closed 7 years ago
rimas-kudelis
commented
7 years ago I guess we'll just remove the topmost 6 lines from vexim-acl-check-content.conf.
Udera
commented
7 years ago Removing is just a workaround. There is now a special acl-list for mime-variables: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
Rules are a bit longer and more diverse, I found a list with some examples here: http://wiki.wlug.org.nz/EximMailFilter
Thanks to regexp, we could block potentially dangerous double extensions like .doc.exe. Or only allow a few exceptions like .tar.gz. We should test these rule with some standard mail programs and webmailers.
rimas-kudelis
commented
7 years ago Ahh, github search didn't tell me that the second filter in vexim-acl-check-content.conf also uses demime, so I was under an impression that we're only using this option to filter out emails with MIME errors.
I doubt it's worthy to filter particularly on double extensions though, if we disallow .exe and similar dangerous attachments in general.
Since Exim 4.88 (on FreeBSD) the "demime" ACL option is removed. I needed to remove some of the rules in vexim-acl-check-content.conf, is it planned to provide a new temlate for this?