[Mimedefang] best practices for handling filename extensions
Michael Fox
news at mefox.org
Thu Oct 5 00:41:34 EDT 2017
I'm looking to understand best practices with regard to rejecting filename
extensions.
The example provided in /usr/share/doc/mimedefang shows a very long list of
extensions to be rejected. I know some hosted mail providers don't allow
.exe. It annoys me but I just change the extension and it goes through.
And I know that some providers don't allow .zip. So folks using those
providers just change it to .piz and it goes through.
I presume this is, indeed, a little safer, since the recipient has to take
an extra step to change the extension. And, presumably, they would only do
that if they knew what they were getting. But I wonder if that's just the
appearance of additional security or if it's a true improvement.
So, what do the folks here with much more experience than I do, and why?
Thanks much,
Michael
More information about the MIMEDefang
mailing list