Postfix provides Mime header check for all incoming messages. You can put restrictions on .exe / .bat / .vbs files and block all attachments.


mime_header_checks directive allows you to define file, you will place a restriction for any file extensions that you do not want to have passing through your mail sever system.

On most mail server the first thing that needs to be done is to enable header checks and block dangerous files.

Define mine header checks

Open file:
# vi /etc/postfix/
Append / set mime_header_checks directive as follows:
mime_header_checks = regexp:/etc/postfix/mime_header_checks

Save and close the file.

Block attachments

Now open /etc/postfix/mime_header_checks file:
# vi /etc/postfix/mime_header_checks
Append following line:
/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT
Save and close the file.

Restart postfix

First create postfix lookup table for mime_header_checks file:
# /etc/init.d/postfix restart

Watch log file

You should see rejected mail log in /var/log/maillog file:
# tail -f /var/log/maillog

Jun 20 14:28:06 server postfix/smtpd[5442]: connect from[]
Jun 20 14:28:07 server postfix/smtpd[5442]: 245F913906EE:[]
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: message-id=<>
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: reject: header Content-Type: application/x-msdos-program; name="updatebankdetails.bat" from[]; from= to= proto=SMTP helo=: Message content rejected

For more information please read postfix and header_checks man page.

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

10 comments… add one
  • Yannick Jun 26, 2007 @ 22:19

    Do not postmap regexp (or pcre) files 😉

  • Sreedhar Jan 17, 2008 @ 6:51

    If i wanted to allow send these extensions for few members. How to configure ?

  • movzx Feb 5, 2009 @ 14:10

    After a LONG afternoon spent on removing Bagle from users’ PCs, no more exe attachments in mail 😉

  • Özkan ÅžENOVA Apr 17, 2009 @ 10:20

    If you use this rule, you may have problems with the emails, which has attachments containing a website adress in file name. For example: “ statistics.xls”

    I use /name=[^>]*.(bat|com|exe|dll|vbs)$/ REJECT to fix this issue 🙂

    • sin Jul 27, 2010 @ 14:29

      with only $ at the end this rule will not work at all, because filename is placed between “”, so all line looks like follows:
      /name=[^>]*.(bat|com|exe|dll|vbs)”$/ REJECT

  • ya Aug 10, 2009 @ 6:18

    Can I do this only for a user list or a group? This is a global setting which is applied to all users. If its possible, please send some guidelines.

  • indhran Sep 3, 2009 @ 9:15

    Need to perform postmap /etc/postfix/mime_header_checks to create the db.

  • nick Dec 5, 2014 @ 12:10

    How to block uploading of .exe and virus flies

  • Jondo Feb 4, 2015 @ 15:44

    If i block EXE files does this method blocks zip files witch contains EXE files? I need to block exe files in zip archives but zip file need to be allowed. Is this method real?

  • Andy H May 11, 2016 @ 10:09

    Thank you for this – simple, and (at least so far) effective. Whilst Plesk/Postfix is doing a great job of filtering out infected files, mostly in ZIP archives, it’s infinitely better to simply reject the mail rather than dealing with it!

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.