[Rspamd-Users] Finetune MIME_BAD_EXTENSION reject
C. Bernard
rspamd_users_ml at cmb.ch
Wed Feb 24 13:18:24 UTC 2021
Hi
Zitat von Sandy Drobic <rspamd at drobic.de>:
> Am 24.02.2021 um 12:39 schrieb Carsten Rosenberg:
>> On 24.02.21 11:06, Sandy Drobic wrote:
>> Hey,
>> Best option is not to use the mime_types plugin to reject bad
>> extensions. Setting high scores here will end up in learning mails from
>> good senders with bad attachments.
>>
>> Use multimap to match extensions and use the mime_types plugin with
>> default settings. The multimap extension filter also matches on file
>> extenstions and mime_types.
>>
>> --
>> Carsten
> Hello Carsten,
>
> thanks for the hint. You mean something like what google found for me:
>
> local.d/multimap.conf:
> FORBIDDEN_FILE_EXTENSION {
> type = "filename";
> filter = "extension";
> map = ["${CONFDIR}/forbidden_file_extension.map",];
> action = "reject";
> symbol = "FORBIDDEN_FILE_EXTENSION";
> description = "List of forbidden file extensions";
> }
>
> And then add all the extensions to be rejected to
> forbidden_file_extension.map:
>
> vbs
> exe
> scr
>
>
> Can I just list them or do I need regexp?
>
> Greetings
> Sandy
I have something like this:
root at beastly /usr/local/etc/rspamd/local.d]# cat file_extensions.map
doc
docm
xls
xlsm
scr
lnk
and in multimap.conf:
filename_blacklist {
type = "filename";
filter = "extension";
map = "/${LOCAL_CONFDIR}/file_extensions.map";
symbol = "FILENAME_BLACKLISTED";
prefilter = true;
action = "reject";
}
Which looks almost the same as your example, except for map = line....
Cheers
Christian
More information about the Users
mailing list