Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Filtering Mail Attachments 1

Status
Not open for further replies.
Sleidia

Sleidia

Technical User
May 4, 2001
1,284
FR
Good Morning.

It looks like there is little activity on this forum, but
I'm so desesparate that I will ask my question anyway:

I would like to know if there is any possible way to
prevent the mail server from delivering mails with
attached files having the following mime types: *.exe,
*.bat, *.pif.

I think it should be done with procmail, but there is
nothing I can understand in the documentation.
I can't even find a tutorial about how to set up such a filter.

Any help (Urls, advice) will be really apreciated.
Thanks!!!



 
Sort by date Sort by votes
Upvote 0 Downvote
I know this is a bit late but it may be useful. Below is a procmail recipe which I have called rc.attach. This enables our server to reject any attachments of various types (which we can alter by changing ONE line in the recipe.)
I found that viruses used varying methods of attaching files, so within the recipe there is differing methods of detection. Normal Attachments, Audio attachments and what I call "embedded" attachments.
Since activating it we have saved ourselves from HUNDREDS of infected messages. The rejected messages are stored in a folder on the unix server.
It is not 100% foolproof as sometimes legitimate messages can be blocked (but the sender is always sent a message informing him of this). Usually this is because the filename they have given is stupidly long (example: This is what I did on my holidays.doc). I consider putting spaces in filenames is BAD PRACTICE.
Tailor the reply message so that it includes your tech-support contact details.
I've also included a secondary file called rc.spamdump2
This is not necessarily a spam filter but it also reject messages with blank subjects, blank FROM fields etc. Sometimes it's spam, sometimes it's a virus, sometimes it's just someone being lazy.
At the end I've put the /etc/.procmailrc contents.
Remember this will be system-wide (recipies for individuals are placed elsewhere)



<< /etc/rc.attach >>

# Script to reject certain attachments. Neil Barnes
8/2/2001.
# First specify a variable to contain list of attachments
to reject.
# Essentially, &quot;.*&quot; means any preceding characters. &quot;\.&quot;
followed by a dot.
# The backslash before the dot is required because the dot
is a metachar.
# Then, in brackets, the list of extensions seperated by
the pipe char.

filext=&quot;.*\.
(exe|vbs|bat|com|scr|mpg|mpe|mpeg|m1v|rm|rv|wmv|avi|qt|aif|p
if|lnk|dat|swf|chm)&quot;

# This first rule detects messages with the forbidden
attachments and sends
# a message to the sender informing them that the message
is rejected.
# I've had to add a second rule (identical to the first) to
do the actual
# rejection (dumping into /dev/null). This is because I
couldn't get it to
# perform the sendmail function and the dumping in one
blow. Don't know why.
# .....yet!

:0
* ^Content-Type: (multipart/mixed|application/octet-stream)
{
:0 HB
* ^Content-Disposition: (attachment|inline);
* $ filename=$filext
|(/usr/bin/formail -r -i&quot;Subject: Returned e-mail - Attachment rejected&quot; -A&quot;X-Loop: Extension Filter&quot; ;
echo &quot;*************************************&quot; ;
echo &quot;** This is an automated response &quot; ;
echo &quot;*************************************&quot; ;
echo &quot;** For SECURITY reasons the &quot; ;
echo &quot;** Your Company Limited Mail System &quot; ;
echo &quot;** does not accept e-mail attachments&quot; ;
echo &quot;** of certain types (e.g. *.exe). &quot; ;
echo &quot;*************************************&quot; ;
echo &quot;** We apologise for any inconvenience&quot; ;
echo &quot;** this may cause. &quot; ;
echo &quot;*************************************&quot; ; )
|/usr/lib/sendmail -t
}


###################
### reject html attachments
##################
:0 HB
* $ ^begin 666 $filext
HTML

:0
* ^Content-Type: (multipart/mixed|application/octet-stream)
{
:0 HB
* ^Content-Disposition: (attachment|inline);
* $ filename=$filext
ATTACH
}

:0 HB
# reject all Audio files (embedded exe)
* ^Content-Type: audio/x-wav;
AUDIO

:0 HB
# Reject all embedded attachments
* $ name=$filext
EMBEDD

<<< end of /etc/.procmail/rc.attach >>>

<<< /etc/.procmail/rc.spamdump2 >>>
:0:
# Reject all messages with Blank &quot;To&quot; Fields
* ^To:[ ]*$
/dev/null

:0:
# Reject all messages with Blank &quot;From&quot; Fields
* ^From:[ ]*$
/dev/null

:0:
# Reject all messages with missing &quot;From&quot; Fields
* ! ^From:
/dev/null

:0:
# Reject all messages from hahaha (the sender of virus emails Jan2001
* ^From:.*\hahaha
/dev/null


:0h
# Reject all messages with no SUBJECT line
* ! ^Subject:

|(/usr/bin/formail -r -i&quot;Subject: Message
Rejected&quot; -A&quot;X-Loop: Subject Filter&quot; ;
cat /etc/.procmail/blanksubject.txt ;)|/usr/lib/sendmail -
t -F &quot;support@yourcompany.com&quot;
/dev/null

:0h
# Reject all messages with a Blank Subject
* ^Subject:[ ]*$
|(/usr/bin/formail -r -i&quot;Subject: Message
Rejected&quot; -A&quot;X-Loop: Subject Filter&quot; ;
cat /etc/.procmail/blanksubject.txt ;)|/usr/lib/sendmail -
t -F &quot;support@yourcompany.com&quot;
/dev/null

<< end of /etc/.procmail/rc.spamdump2 >>

<< /etc/procmailrc >>

##VERBOSE=on
PMDIR=/etc/.procmail
SHELL=/bin/sh
LOGFILE=$PMDIR/log
##MAILDIR=$HOME/mail
##INCLUDERC=$PMDIR/rc.vacation
INCLUDERC=$PMDIR/rc.spamdump2
INCLUDERC=$PMDIR/rc.attach

<< end of /etc/procmailrc >>


#############
## PS #######
#############
The file rc.spamdump2 shows the technique for including the reply message from a text file (rather than embedding the message in the recipe as in rc.attach )
 
Upvote 0 Downvote

Hello Speculus!

In fact, it is NEVER too late!
That's why I want to thank you warmly for posting
this now.
I'll test it when I have more time to do so.

Have a good day!


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cndgk
  • Locked
  • Question
What might cause local-originated (submit.cf?) mail not to show up in syslog,but incoming mail does?
Replies
0
Views
838
cndgk
cndgk
lolodirezo
  • Locked
  • Question
detect unused sendmail mailboxes in order to delete these boxes
Replies
0
Views
581
lolodirezo
lolodirezo
cjtucker1976
  • Locked
  • Question
Sendmail- can only send mail to external domains
Replies
0
Views
601
cjtucker1976
cjtucker1976
bazil2
  • Locked
  • Question
Sending informative mail if sender's mail exceeds MB size limit - can this be done? 1
Replies
1
Views
69
ChrisHirst
ChrisHirst
futureweb
  • Locked
  • Question
Mails with attachments delayed
Replies
1
Views
70
futureweb
futureweb

Part and Inventory Search

Sponsor

Back
Top