I use amavis-new and block based on file type. My users should never get legit executables via email, so they are sent to a quarantine.
### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary qr'^\.(exe|lha|cab|dll)$', # banned file(1) types # block certain double extensions in filenames qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic Which results in my admin mailbox receiving messages like the following: > ------------=_1424346907-90515-0 > Content-Type: text/plain; charset="us-ascii" > Content-Disposition: inline > Content-Transfer-Encoding: 7bit > > No viruses were found. > > Banned name: .exe,.exe-ms,in.exe > Content type: Banned > Internal reference code for the message is 90515-05/T9Uh2zuM5Ym6 > > First upstream SMTP client IP address: [23.113.51.23]:56334 > 23-113-51-23.lightspeed.irvnca.sbcglobal.net > > Received trace: ESMTP://[23.113.51.23]:56334 > > Return-Path: <nycs...@csis.dk> > From: <nycs...@csis.dk> > Message-ID: <048678970043189683240541243784...@csis.dk> > Subject: Attention csis > The message has been quarantined as: banned-T9Uh2zuM5Ym6 > > The message WAS NOT relayed to: > <spamt...@ubefree.net>: > 250 2.7.0 ok, discarded, id=90515-05 - banned: .exe,.exe-ms,in.exe > > -Chad
smime.p7s
Description: S/MIME cryptographic signature
