Viktor Dukhovni:
> On Mon, Jun 02, 2014 at 01:15:37PM +0200, Alessandro Vesely wrote:
>
> > and even a dubious:
> >
> > Content-Disposition: attachment;
> > filename*0*="''attached%2E";
> > filename*1*="%62";
> > filename*2=at
>
> That's not dubious, that's RFC 2231. The MIME normalizer I wrote
> some years back, (sorry not publically available) was able to
> recognize restricted file extensions even in this case.
>
> Sufficiently advanced MIME encodings require more than than a
> regular expression matcher to recognize. The attachment filtering
> in header_checks is a best-effort junk reduction technique, not a
> robust defense.
Postfix documentation states in more than one place that
header/body_checks are not and will not be a deep content filter.
If that is what you want, then use the right tool for the right job.
Wietse
