Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions docs/configure
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,10 @@ acl_smtp_data = acl_check_content

acl_smtp_helo = acl_check_helo

# This ACL can be used to refuse certain file extension in ZIP files

#acl_smtp_mime = acl_check_mime

# This configuration variable defines the virus scanner that is used with
# the 'malware' ACL condition of the exiscan acl-patch. If you do not use
# virus scanning, leave it commented. Please read doc/exiscan-acl-readme.txt
Expand Down Expand Up @@ -389,6 +393,25 @@ acl_check_rcpt:

deny message = relay not permitted

# Check zip files for suspicious mail extensions
# http://www.gossamer-threads.com/lists/exim/users/98336#98336

#acl_check_mime:
#
# deny message = A .zip attachment contains a Windows-executable file - \
# blocked because we are afraid of new viruses \
# not recognized [yet] by antiviruses.
# condition = ${if match{$mime_filename}{\N(?i)\.zip$\N}}
# condition = ${if def:sender_host_address}
# !authenticated = *
# decode = default
# log_message = forbidden binary in attachment: filename=$mime_filename, \
# recipients=$recipients
# condition = ${if match{${run{/usr/bin/unzip -l \
# $mime_decoded_filename}}}\
# {\N(?i)\.(exe|com|ade|adep|adp|bas|bat|chm|cmd|cnf|com|cpl|crt|dll|hlp|hta|inf|ins|isp|js|jse|lnk|mad|maf|mag|mam|maq|mar|mas|matmav|maw|ocx|pcd|pif|reg|scf|scr|sct|vbe|vbs|wsc|wsf|wsh|url|xnk)\n\N}}
#
# accept

# This access control list is used for content scanning with the exiscan-acl
# patch. You must also uncomment the entry for acl_smtp_data (scroll up),
Expand Down