Block attachment files without extensions in Postfix via mime_header_checks?

Question

We know how to reject executables and other potentially dangerous file extensions via mime_header_checks directive:

mime_header_checks = regexp:/etc/postfix/mime_header_checks  (main.cf)
/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT  (mime_header_checks)

This way bat,com,exe,dll,vbs are gone. But, since there's OS's that treats extensionless files like executables, it came to my mind that these should be blocked also.

How to have that/what would be regexp to match these files along with known executables?

score 2 · Accepted Answer · answered Mar 07 '15 at 19:42

How about adding

/name="[^>]*[^.]{7}"/ REJECT

It will match if there is dot anywhere else than for separating the (max. 4 character) extension

NAME="=?ISO-8859-1?Q?document?="
NAME="=?ISO-8859-1?Q?doc.ument?="

but won´t match

NAME="=?ISO-8859-1?Q?document.pdf?="
NAME="=?ISO-8859-1?Q?document.xlsx?="

Just add to number "{7}" if you wish to allow longer extensions.

Block attachment files without extensions in Postfix via mime_header_checks?

1 Answers1