[Rspamd-Users] Finetune MIME_BAD_EXTENSION reject
Sandy Drobic
rspamd at drobic.de
Wed Feb 24 21:19:54 UTC 2021
Am 24.02.2021 um 14:18 schrieb C. Bernard:
>
> Hi
>
> Zitat von Sandy Drobic <rspamd at drobic.de>:
>
>> Am 24.02.2021 um 12:39 schrieb Carsten Rosenberg:
>>> On 24.02.21 11:06, Sandy Drobic wrote:
>>> Hey,
>>> Best option is not to use the mime_types plugin to reject bad
>>> extensions. Setting high scores here will end up in learning mails from
>>> good senders with bad attachments.
>>>
>>> Use multimap to match extensions and use the mime_types plugin with
>>> default settings. The multimap extension filter also matches on file
>>> extenstions and mime_types.
>>>
>>> --
>>> Carsten
>> Hello Carsten,
>>
>> thanks for the hint. You mean something like what google found for me:
>>
>> local.d/multimap.conf:
>> FORBIDDEN_FILE_EXTENSION {
>> type = "filename";
>> filter = "extension";
>> map = ["${CONFDIR}/forbidden_file_extension.map",];
>> action = "reject";
>> symbol = "FORBIDDEN_FILE_EXTENSION";
>> description = "List of forbidden file extensions";
>> }
>>
>> And then add all the extensions to be rejected to
>> forbidden_file_extension.map:
>>
>> vbs
>> exe
>> scr
>>
>>
>> Can I just list them or do I need regexp?
>>
>> Greetings
>> Sandy
>
> I have something like this:
>
>
> root at beastly /usr/local/etc/rspamd/local.d]# cat file_extensions.map
> doc
> docm
> xls
> xlsm
> scr
> lnk
>
> and in multimap.conf:
>
> filename_blacklist {
> type = "filename";
> filter = "extension";
> map = "/${LOCAL_CONFDIR}/file_extensions.map";
> symbol = "FILENAME_BLACKLISTED";
> prefilter = true;
> action = "reject";
> }
>
> Which looks almost the same as your example, except for map = line....
>
> Cheers
> Christian
>
This is probably a lot more in line with proper extension handling.
More information about the Users
mailing list