sieve filter on pigeonhole to remove exe attached emails doesn't work
hi all, I am running slackware 14.1 32bit with dovecot and pigeonhole installed from sbopkg.
Problem: I am trying to filter emails with attachments that are exe or zip files into junk. what has been done: I have looked at http://www.emaildiscussions.com/show...522#post238522 which suggests Code:
header :contains "X-Attached" [".zip", ".exe"] Code:
header :contains ["Content-Type","name","filename"] does anyone have any clues how to filter by content-type in multi-mime messages. an example message fragment that should match is: Code:
Subject: testa1 |
seems to me you're not using the correct syntax for mime-header matching. i would start by reading this RFC.
|
Unfortunately, pigeonhole does not appear to have the mime extension. I have already checked the rfc5703, as like you say, it should do the trick happily, but it is not available for pigeonhole AFAIK, which means I need some other way of doing it.
I'm happy to be corrected if I am mistaken, but looking at http://pigeonhole.dovecot.org/index.html would seem to indicate that support may arrive eventually, but is not currently available. any alternative solution would be helpful, as the spammers sending malware as zip and exe (and scr and pif) attachments aren't waiting :-) (I have put a request for rfc5703 support on the dovecot mailing list, as it would make things much simpler if it was implimented) |
you're right. the dovecot site says the extension "will be added as soon as the necessary infrastructure is available".
regarding the syntax, i think the test should be "header :mime ..." in order to match a mime header. Quote:
you could use something like postfix's check_mime_headers to block / hold mail in the meantime. |
thanks for the suggestions berhanie. I will be attempting to use something like clamav or spamassasin eventually.
Until the mime support gets added, the following catches zip and scr attachements Quote:
I have tried Quote:
Quote:
|
Quote:
|
Hi, timsoft. rfc 5173 mentions a :content keyword which is designed to match MIME content-type. It may better to use that than :raw. The .exe may fall under application/octet-stream, but so would other types of files. Regarding the regexp, what you were after was "filename=.*\.exe".
|
many thanks. I have looked at :content but, like you say, it doesn't help with exe ( or with pif) because there are so many file extensions that use the same content-type
for others looking at this thread, body :raw :regex ["filename=.*\.exe","filename=.*\.pif","filename=.*\.scr","filename=.*\.zip"] works (for those using sieve without a :mime implementation) |
All times are GMT -5. The time now is 10:53 PM. |