Hi guys, I created a few content filter rules. Some of them are working great, for example this: Code: Filter: MIME-Header-Filter Regex Pattern: /^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(ADE|ADP|BAT|CHM|CMD|COM|CPL|DDL|EXE|HTA|INS|ISP|JAR|JS|JSE|LIB|LNK|MDE|MSC|MSI|MSP|MST|NSH|PIF|SCR|SCT|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH))(\?=)?"?\s*(;|$)/x Action: DISCARD Active: checked The Sender will receive a nice Mail saying: Code: BANNED CONTENTS ALERT Our content checker found banned name: application/octet-stream,.asc,liste.cmd in email presumably from you <[email protected]> to the following recipient: -> [email protected] I did not check every file extension but I would assume all of them work if one of them works. Now, considering that there are a lot of zip files going around, with encryption javascript, I wanted to apend the filter above with "zip". This does not work. I also tried creating a new Filter that looks like this: Code: Filter: MIME-Header-Filter Regex Pattern: /^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(zip))(\?=)?"?\s*(;|$)/x Action: DISCARD Active: checked Same result, the zip file will go trough. I then created this Filter: Code: Filter: MIME-Header-Filter Regex Pattern: /name=[^>]*\.(zip)/ REJECT Action: DISCARD Active: checked This works but the sender does not recive a message like the one above but rather a "Delivery has failed" from, in my case, [email protected]. Am I doing something wrong? Does my regex pattern check for capitalization? OS: Debian 8.7 ISPConfig: 3.1.2
You are right I don't need the "REJECT" with the /name filter, however it still works. If possible I don't want to use the /name filter because of the "Delivery has failed" message most people don't know what to do with that unlike the other message with "BANNED CONTENTS ALERT".
