Attachment filename filtering

[dandadude]

Hi!

My main question:
I would like to filter based on an exact attachment name (Form.zip). So no mails can get through that have exactly a "Form.zip" file attached.
How is that possible? Every solution is OK, even spamassassin to give a high score for it... This can be used site-wide also, doesn't have to apply to an account.

Another question, but this might be a hard one:
We are getting lot of impersonating mails (with almost valid signatures, maybe some external address was hacked who received mail from that somebody) where only the "Full Name" from the From header is spoofed (because of strict SPF) and the e-mail address is a spam address, but for some reason, spamassassin and RBL lists don't have a chance (SPF is valid, hardly any rules apply to get extra points...). If I would be able to create a rule for instance if the mail has "one of the Full Names from a txt" in the From header and not a valid local e-mail address -> make it spam, then it would be easy to catch these spoofers.

Thank you,
Daniel

 

[Spirogg]

My main question:
I would like to filter based on an exact attachment name (Form.zip). So no mails can get through that have exactly a "Form.zip" file attached.
How is that possible? Every solution is OK, even spamassassin to give a high score for it... This can be used site-wide also, doesn't have to apply to an account.

I only had this bookmarked before for myself but you can read this and see if that helps

Attachments: Filter messages with dangerous attachments

It seems that .JAR files are being recieved in emails, so I'm guessing that the above exim rule doesn't consider .JAR files dangerous, or the rule doesn't work. Do I need to add .JAR as a dangerous file in any sort of config ?

forums.cpanel.net

I don't have any suggestions for your other question but I'm sure someone will reply

kind regards,
Spiro

 

[cPRex]

For the global filter issue, you might want to check this out: How to Customize the Exim System Filter File | cPanel & WHM Documentation

Would one of those filter types also work for your second issue?

 

[dandadude]

I only had this bookmarked before for myself but you can read this and see if that helps

Attachments: Filter messages with dangerous attachments

It seems that .JAR files are being recieved in emails, so I'm guessing that the above exim rule doesn't consider .JAR files dangerous, or the rule doesn't work. Do I need to add .JAR as a dangerous file in any sort of config ?

forums.cpanel.net

I don't have any suggestions for your other question but I'm sure someone will reply

kind regards,
Spiro

Thanks for the link!
It would be nice to receive an exact line for "Form.zip", cause I don't know how to change the regex-extension list to an exact attachment name.

Thanks

 

[dandadude]

For the global filter issue, you might want to check this out: How to Customize the Exim System Filter File | cPanel & WHM Documentation

Would one of those filter types also work for your second issue?

Thanks, sounds nice!
Can you give me an example with a specific "Form.zip" filename instead of examples of whole extension filtering?

Thanks

 

[cPRex]

How about the details here:

Block custom attachments EXIM issue

Following the instructions from How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation I have created a custom system filter at /etc/cpanel_exim_system_filter_custom by copying the /etc/cpanel_exim_system_filter file then I chose that file at WHM >> Home >>...

forums.cpanel.net

that thread looks very similar to what you're trying to do.