On 4/8/2015 1:00 PM, CSS wrote: > Google’s not feeding me much on doing this on a per-user basis… > > I’d like to give users the option to block emails with certain attachments - > zip, exe, etc. > > I know that server-wide the simplest option is header checks. I’m open to > adding another milter to my chain of milters. I already have sql-backed > prefs for other purposes, so it seems like it should be easy, I just need the > right milter… > > Of course if anyone has any general hints about the current rash of malware > coming from clean IPs that passes some fairly strict postscreen and SA > checks, I’m more than happy to hear about that as well. > > Thanks, > > Charles >
The easiest way I know of is to use the amavisd-new banned_files feature. Add the folks who *don't* want filtering to the banned_file_lovers table. amavisd-new can be run as a pre-queue smtpd_proxy_filter or milter, or as a post-queue content_filter. Setup details can be found in the excellent amavisd-new docs, or the helpful user mail list. http://www.ijs.si/software/amavisd Alternately, reconsider blocking all executable attachments as a site-wide policy. That will take care of a lot of problems, and is becoming a fairly common policy. Greylisting may help, but brings its own set of problems. Using the postscreen "after 220 tests" may also help, with some of the limitations of greylisting. The advantages of using postscreen in this manner include the ability to pre-pass known good clients listed in the dnswl whitelist, and fewer disconnects than most greylist services. http://www.postfix.org/POSTSCREEN_README.html#after_220 -- Noel Jones
