We are seeing a large increase in very convincing malicious word documents coming through to our users. I would like to create a filter to move .doc attachments into a "Potentially harmful" folder. There is no real reason why any of our clients or vendors should be sending us .doc with any regularity, but occasionally something legit may come through. I would like to do this on a per user or per domain level, because accounts on other domains may not want to implement this change.
There is no way to create per-domain filters (that would be worth creating a feature request for), and I don't see a way to do it in the mail filters interface either, so you would have to create custom sieve rules for that. You could create a postfix header rule (mime_header_checks) to add a header to messages with a .doc attachment, then a sieve rule to move those to some folder as needed.
