Pkg exim4 users - Nov 2006 - acl_smtp_mail - acl_check_mail on debian Etch

Hello,

I use a debian testing - etch, with exim 4.63, SA-exim, clamav with the
split config

The configs are have been minimally changed to support the executable
blocking

I read about couple of pages found via the exim list
http://www.gossamer-threads.com/lists/exim/users for a solution,
i also google 3 days, found pages like
http://www.wlug.org.nz/EximMailFilter, read the exiscan example file,
many pdfs but not one single solution worked out for me.
I tried stuff from
http://wiki.debian.org/PkgExim4UserFAQ#head-892f945cadf27c164ae86875dda7de41020088f3
also the old demime stuff from http://koivi.com/exim4-config/
i also tried the acl with the regex described at
http://www.gossamer-threads.com/lists/exim/users/55735

but NO way.

What I want is quite simple, blocking a mail with exe and co attachments.

Thats what is configed right now:

I added to
/etc/exim4/conf.d/main/02_exim4-config_options

######
# My own check acl for mime
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_SMTP_MIME = acl_check_mime
.endif
acl_smtp_mime = MAIN_ACL_CHECK_SMTP_MIME
######

added a file
/etc/exim4/conf.d/acl/50_exim4-config_check_mime
with this content
######
acl_check_mime:
 deny message = Blacklisted file extension detected ($found_extension)
 condition = ${if match \
 {${lc:$mime_filename}} \
 {\N(\.exe|\.scr|\.vbs|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
 {1}{0}}
######

also i set in the file /etc/exim4/conf.d/main/00_localmacros (just for info)
######
MESSAGE_SIZE_LIMIT = 51200k
MAIN_LOG_SELECTOR = +all -subject -arguments
av_scanner = clamd:/var/run/clamav/clamd.ctl
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = yes
MAIN_TLS_ENABLE = true
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/local_acl_data
CHECK_DATA_VERIFY_HEADER_SYNTAX = yes
CHECK_RCPT_VERIFY_SENDER = yes
CHECK_RCPT_REVERSE_DNS = yes
CHECK_RCPT_IP_DNSBLS = yes
CHECK_RCPT_DOMAIN_DNSBLS = yes
CHECK_RCPT_SPF = yes
######


and filled the file /etc/exim4/local_acl_data
with
######
 # Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

# Reject messages containing malware.
# Reject after DATA
#
deny message = This message contains a virus ($malware_name) and has been
rejected
demime= *
malware = *
######

triggered a
update-exim4.conf && invoke-rc.d exim4 restart

and sent a test mail from another host with
uuencode file.exe file.exe | mail -s "testmail with exe"
test@blabla.com

but the mail comes through. The log tells that the message was spam scanned,
but nothing about that it is blocked.

Kind regards

Marco

Marco Kammerer wrote:
>Hello,
>
>I use a debian testing - etch, with exim 4.63, SA-exim, clamav with the
>split config
>
>The configs are have been minimally changed to support the executable
>blocking
>
>[snip]
>
>What I want is quite simple, blocking a mail with exe and co attachments.
>  
>
Marco,

Try including this segment in your data_local_acl_file in /etc/exim4:

deny message = This message contains malformed MIME ($demime_reason).
     demime  = *
     condition = ${if >{$demime_errorlevel}{2}{1}{0}}

deny message = Blacklisted file extension detected
     condition = ${if match \
                      {${lc:$mime_filename}} \
                      {\N(\.bat|\.com|\.exe|\.pif|\.prf|\.scr|\.vbs) $\N} \
                    {1}{0}}

HTH.

Bill

Bill Horne wrote:
> Marco Kammerer wrote:
> >
> >I use a debian testing - etch, with exim 4.63, SA-exim, clamav with the
> >split config
> >
> >The configs are have been minimally changed to support the executable
> >blocking
> >
> >[snip]
> >
> >What I want is quite simple, blocking a mail with exe and co
attachments.
> >
> >
>
> Marco,
>
> Try including this segment in your data_local_acl_file in /etc/exim4:
>
> deny message = This message contains malformed MIME ($demime_reason).
>      demime  = *
>      condition = ${if >{$demime_errorlevel}{2}{1}{0}}
>
> deny message = Blacklisted file extension detected
>      condition = ${if match \
>                       {${lc:$mime_filename}} \
>                       {\N(\.bat|\.com|\.exe|\.pif|\.prf|\.scr|\.vbs) $\N}
\
>                     {1}{0}}
>
Thank you Bill for your feedback.

I figured out what was the real problem. I tested with uuencode from an
other linux box.

that was the problem, the acls where working, but didnt catch the uuencoded
file. I tested it via Windows / Outlook Express and the emails was rejected.

I know that sounds. Whoever, it took me 2 days to discover that.

Marco