Hello
Tonight, while checking Postfix config, I have stumbled upon something
weird.
I am blocking executables and potentially dangerous extensions with
header_checks = pcre:/etc/postfix/header_checks.pcre
Inside header_checks.pcre I have:
/^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(ade|adp|asp|bas|bat|c
hm|cmd|com|cpl|crt|dll|exe|hlp|ht[at]|inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]
|nws|\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|ops|pcd|pif
|prf|reg|sc[frt]|sh[bsm]|swf|vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
REJECT Attachment name "$2" not allowed
Sending an email with a *.bat extension gives the expected result. The email
is blocked with the message:
't...@domain.xx' on 01.06.2014 07:41
550 5.7.1 Attachment name "test.bat" not allowed
I also have a mime_header_checks = regexp:/etc/postfix/mime_header_checks
with the content:
/name=[^>]*\.(ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|ht|inf|ins
|isp|jse?|lnk|md|ms|nws|ops|pcd|pif|prf|reg|sc|sh|swf|vb|vxd|ws|pl|py)/
REJECT Attachment not allowed
Nevertheless, using http://www.emailsecuritycheck.net/ and sending a test
email to my address, a file with .bat extension slips through without being
blocked.
I must be doing something wrong, but no matter how I look at it, I do not
see it.
Any hints please?
Thank you.
Razvan
