[Pkg-exim4-users] acl_smtp_mail - acl_check_mail on debian Etch
Marco Kammerer
marco.kammerer at uibk.ac.at
Sun Nov 5 20:44:10 CET 2006
Hello,
I use a debian testing - etch, with exim 4.63, SA-exim, clamav with the
split config
The configs are have been minimally changed to support the executable
blocking
I read about couple of pages found via the exim list
http://www.gossamer-threads.com/lists/exim/users for a solution,
i also google 3 days, found pages like
http://www.wlug.org.nz/EximMailFilter, read the exiscan example file,
many pdfs but not one single solution worked out for me.
I tried stuff from
http://wiki.debian.org/PkgExim4UserFAQ#head-892f945cadf27c164ae86875dda7de41020088f3
also the old demime stuff from http://koivi.com/exim4-config/
i also tried the acl with the regex described at
http://www.gossamer-threads.com/lists/exim/users/55735
but NO way.
What I want is quite simple, blocking a mail with exe and co attachments.
Thats what is configed right now:
I added to
/etc/exim4/conf.d/main/02_exim4-config_options
######
# My own check acl for mime
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_SMTP_MIME = acl_check_mime
.endif
acl_smtp_mime = MAIN_ACL_CHECK_SMTP_MIME
######
added a file
/etc/exim4/conf.d/acl/50_exim4-config_check_mime
with this content
######
acl_check_mime:
deny message = Blacklisted file extension detected ($found_extension)
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.scr|\.vbs|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
{1}{0}}
######
also i set in the file /etc/exim4/conf.d/main/00_localmacros (just for info)
######
MESSAGE_SIZE_LIMIT = 51200k
MAIN_LOG_SELECTOR = +all -subject -arguments
av_scanner = clamd:/var/run/clamav/clamd.ctl
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = yes
MAIN_TLS_ENABLE = true
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/local_acl_data
CHECK_DATA_VERIFY_HEADER_SYNTAX = yes
CHECK_RCPT_VERIFY_SENDER = yes
CHECK_RCPT_REVERSE_DNS = yes
CHECK_RCPT_IP_DNSBLS = yes
CHECK_RCPT_DOMAIN_DNSBLS = yes
CHECK_RCPT_SPF = yes
######
and filled the file /etc/exim4/local_acl_data
with
######
# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject messages containing malware.
# Reject after DATA
#
deny message = This message contains a virus ($malware_name) and has been
rejected
demime= *
malware = *
######
triggered a
update-exim4.conf && invoke-rc.d exim4 restart
and sent a test mail from another host with
uuencode file.exe file.exe | mail -s "testmail with exe" test at blabla.com
but the mail comes through. The log tells that the message was spam scanned,
but nothing about that it is blocked.
Kind regards
Marco
More information about the Pkg-exim4-users
mailing list