Thank you Wietse, Viktor, Learned something new today. Even though I read the documentation regarding content filtering, it seems I missed that part. Will look for a complementary solution.
All the best Razvan -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Monday, June 02, 2014 4:34 PM To: postfix-users@postfix.org Subject: Re: Blocking executables. What did I miss? Viktor Dukhovni: > On Mon, Jun 02, 2014 at 01:15:37PM +0200, Alessandro Vesely wrote: > > > and even a dubious: > > > > Content-Disposition: attachment; > > filename*0*="''attached%2E"; > > filename*1*="%62"; > > filename*2=at > > That's not dubious, that's RFC 2231. The MIME normalizer I wrote some > years back, (sorry not publically available) was able to recognize > restricted file extensions even in this case. > > Sufficiently advanced MIME encodings require more than than a regular > expression matcher to recognize. The attachment filtering in > header_checks is a best-effort junk reduction technique, not a robust > defense. Postfix documentation states in more than one place that header/body_checks are not and will not be a deep content filter. If that is what you want, then use the right tool for the right job. Wietse
