I have succesfully set up my procmailrc with a recipe to block incoming mail
with certain executable attachments (.exe, .scr, etc.)
Is it possible to set up a recipe in procmailrc or a config option in
sendmail.cf to block outgoing emails with executable attachments as well?
I'm also running SpamAssassin on the server so that would need to still
work.
TIA
"DesignGuy"
> I have succesfully set up my procmailrc with a recipe to block incoming mail
> with certain executable attachments (.exe, .scr, etc.)
>
> Is it possible to set up a recipe in procmailrc or a config option in
> sendmail.cf to block outgoing emails with executable attachments as well?
>
> I'm also running SpamAssassin on the server so that would need to still
> work.
Have you considered using milter for integrating sendmail and SA?
AFAIK MIMEDefang milter should be able to deliver what you want.
[ http://www.mimedefang.org/
--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html
http://anfi.homeunix.net/sendmail/
"DesignGuy"
news:_cKdnbiFB9afO4PbnZ2dnUVZ_qWvnZ2d@insightbb.com:
> I have succesfully set up my procmailrc with a recipe to block
> incoming mail with certain executable attachments (.exe, .scr, etc.)
>
> Is it possible to set up a recipe in procmailrc or a config option in
> sendmail.cf to block outgoing emails with executable attachments as
> well?
>
> I'm also running SpamAssassin on the server so that would need to
> still work.
I have some software which does a rather complete job of blocking
executable attachments (including scanning for PC executable header
formats). It works from procmail. Check out
http://www.pc-tools.net/unix/renattach/
It is not currently maintained, but works fine. It can also be used to
block outgoing executable attachemnts. The configuration describes Postfix
but you might be able to easily put it into sendmail too, I'm not familiar
with that platform.
--
Jem Berkes
www.sysdesign.ca
On Apr 13, 12:35 am, Jem Berkes
> "DesignGuy"
>
> > I have succesfully set up my procmailrc with a recipe to block
> > incoming mail with certain executable attachments (.exe, .scr, etc.)
>
> > Is it possible to set up a recipe in procmailrc or a config option in
> > sendmail.cf to block outgoing emails with executable attachments as
> > well?
>
> > I'm also running SpamAssassin on the server so that would need to
> > still work.
>
> I have some software which does a rather complete job of blocking
> executable attachments (including scanning for PC executable header
> formats). It works from procmail. Check outhttp://www.pc-tools.net/unix/renattach/
>
> It is not currently maintained, but works fine. It can also be used to
> block outgoing executable attachemnts. The configuration describes Postfix
> but you might be able to easily put it into sendmail too, I'm not familiar
> with that platform.
>
> --
> Jem Berkeswww.sysdesign.ca
Why does the renattach web page say:
> As of 2006, renattach used on its own is not enough to filter potentially harmful emails.
I thought MS had pretty much stopped adding new executable types, so
that renattach would
still work well with little maintainance. That was always the charm of
this approach. Or does the
harm referred to mean harm from non-executable attachments, such as
phishing?
Daniel Feenberg
feenberg@gmail.com wrote in
news:1176463032.867521.90070@w1g2000hsg.googlegroups.com:
> Why does the renattach web page say:
>
>> As of 2006, renattach used on its own is not enough to filter
>> potentially harmful emails.
>
> I thought MS had pretty much stopped adding new executable types, so
> that renattach would
> still work well with little maintainance. That was always the charm of
> this approach. Or does the
> harm referred to mean harm from non-executable attachments, such as
> phishing?
Yes it will still catch the executables by filename, and I still use it for
that. But the new techniques it will not catch are various archive files
that contain executables (say EXE inside ZIP inside ZIP) or ZIP inside RAR,
undetected.
There are also some variants of MIME formatting, ways to embed executable
code inside the message that don't fit the attached file format renattach
expects. renattach's understanding of MIME is incomplete.
So those are the problems. It still catches nearly everything, but since
there are these various ways to slip executable code past, I did not want
to imply that it is a 100% solution. A proper virus scanner must be used.
--
Jem Berkes
www.sysdesign.ca