spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: How to reject all mails with docs attached?
Date Mon, 01 Feb 2016 14:09:42 GMT


Am 01.02.2016 um 15:05 schrieb Thomas Barth:
> No viruses were found.
> Banned name: .exe,.exe-ms,23676883772984656662(1).doc.exe
> Content type: Banned
> Not quarantined.
> The message WAS NOT relayed to:
> xxx
> 554 5.7.0 Reject, id=09201-09 - BANNED:
> .exe,.exe-ms,23676883772984656662(1).doc.exe
>
> This message is a test result of ClamAV? I would like to add .doc as
> banned name

sounds like amavis and as already suggested: reject it at smtpd level

mime_header_checks = pcre:/etc/postfix/mime_header_checks.cf

[root@mail-gw:~]$ cat /etc/postfix/mime_header_checks.cf
# Reject Attachment Extensions
/^Content-(?:Disposition|Type):(?:.*?;)? \s*(?:file)?name \s* = 
\s*"?(.*?(\.|=2E)(386|acm|ade|adp|apk|awx|ax|bas|bat|bin|cdf|chm|class|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jar|jse|lnk|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|rar|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x

REJECT Attachment Blocked (Executables And RAR-Files Not Allowed) "$1"


> Am 01.02.2016 um 13:50 schrieb Reindl Harald:
>>
>> Am 01.02.2016 um 13:48 schrieb Thomas Barth:
>>> for a week or so I get a lot of mails with bills as doc-documents and
>>> Spamassassin is actually not able to mark it as spam
>>
>> it is able
>>
>> combined BAYES scores and other rules on a proper trained SA leads to
>> 99.9% milter-reject rate of these malware mails here


Mime
View raw message