[Mimedefang] best practices for handling filename extensions
Frank Doepper
mimedefang at taz.de
Thu Oct 5 09:24:58 EDT 2017
Am 04.10.17 um 21:41 schrieb Michael Fox:
> The example provided in /usr/share/doc/mimedefang shows a very long list
> of extensions to be rejected.
I am mainly not blocking by filename extensions, but by content. I am
blocking:
- Files with contents beginning with "MZ" (DOS EXE);
- the same inside ZIP files;
- the same inside ZIP files inside ZIP files :-)
- short or broken ZIP files;
- encrypted ZIP files with $name=~/\.(?:com|exe|bat|pif|scr|vbs|hta|cpl|js)$/i as member;
- zip files with *.js as member;
- several well-known spam or virus file names like Rechnung.rar etc.
Also I have built in a sqlite DB where several other conditions (HELO
string, unknown recipient rate per IP,...) are tracked for delaying or
refusing certain connections.
Thanks for that great and highly customizable software, which reduces the
spam and malware amount for years now!
best regards,
Frank
More information about the MIMEDefang
mailing list