Postfix mail server block .bat, .exe .com .vbs mime attachments – common virus spreading files

Postfix provides Mime header check for all incoming messages. You can put restrictions on .exe / .bat / .vbs files and block all attachments.

mime_header_checks directive allows you to define file, you will place a restriction for any file extensions that you do not want to have passing through your mail sever system.

On most mail server the first thing that needs to be done is to enable header checks and block dangerous files.

Define mine header checks

Open main.cf file:
# vi /etc/postfix/main.cf
Append / set mime_header_checks directive as follows:
mime_header_checks = regexp:/etc/postfix/mime_header_checks

Save and close the file.

Block attachments

Now open /etc/postfix/mime_header_checks file:
# vi /etc/postfix/mime_header_checks
Append following line:
/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT
Save and close the file.

Restart postfix

First create postfix lookup table for mime_header_checks file:
# /etc/init.d/postfix restart

Watch log file

You should see rejected mail log in /var/log/maillog file:
# tail -f /var/log/maillog
Output:

Jun 20 14:28:06 server postfix/smtpd[5442]: connect from web31601.mail.mud.yahoo.com[68.142.198.147]
Jun 20 14:28:07 server postfix/smtpd[5442]: 245F913906EE: client=web31601.mail.mud.yahoo.com[68.142.198.147]
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: message-id=<274995.40473.qm@web31601.mail.mud.yahoo.com>
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: reject: header Content-Type: application/x-msdos-program; name="updatebankdetails.bat" from web31601.mail.mud.yahoo.com[68.142.198.147]; from= to= proto=SMTP helo=: Message content rejected

For more information please read postfix and header_checks man page.

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 4 comments… read them below or add one }

1 Yannick 06.26.07 at 10:19 pm

Do not postmap regexp (or pcre) files ;)

2 Sreedhar 01.17.08 at 6:51 am

If i wanted to allow send these extensions for few members. How to configure ?

3 movzx 02.05.09 at 2:10 pm

After a LONG afternoon spent on removing Bagle from users’ PCs, no more exe attachments in mail ;)

4 Özkan ŞENOVA 04.17.09 at 10:20 am

If you use this rule, you may have problems with the emails, which has attachments containing a website adress in file name. For example: “yahoo.com statistics.xls”

I use /name=[^>]*\.(bat|com|exe|dll|vbs)$/ REJECT to fix this issue :)

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Tagged as: , , , , , , , ,

Previous post: Red Hat and Canonical (Ubuntu) rejected any patent deals with Microsoft

Next post: Install and configure MySQL on Windows XP or Vista or 2003 server