The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

want to reject .pps files, doesn't work

Discussion in 'E-mail Discussions' started by zombo, Apr 20, 2008.

  1. zombo

    zombo Active Member

    Joined:
    Jan 28, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austria
    I want to reject email attachments ending in .pps or .ppt temporarily.

    I inserted "pps|ppt|" into the "/etc/cpanel_exim_system_filter" text file at the same point where e.g. .exe, .pif and .scr are listed most likely to reject them.

    I saved the file and restarted exim. Unfortunately this doesn't have any effect, all .pps files still come in.

    I have spent hours on finding where to achieve this, can anyone drop me a hint on how to achieve this ?
     
  2. mohakevin

    mohakevin Well-Known Member

    Joined:
    Jan 19, 2005
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    I think that you can do this with spamassassin or clamav.

    Do a review of the configuration of these programs.
     
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    IIRC, there are four places where you need to enter that to be sure its filtered. Do a search in the filter file for 'eml' and you'll find four of them.

    Code:
    if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
    if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
    if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
    if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
    
    Add them in all for if statements and you should be fine.

    Keep in mind the filter gets updated from time to time, or could. It woudl be wise to copy it over to another name and then in WHM / Exim Configuration Editor specify the path to the newly named file. That way if the basic filter gets overwritten during a Cpanel upgrade you won't lose that change.

    Mike
     
  4. zombo

    zombo Active Member

    Joined:
    Jan 28, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austria
    @mohakevin thanks for your very valuable remark that I should RTFM .. but clamav is not installed and I'd prefer to stay without another ressource hog. Also, the combination of spamasassin and exim does not look like it tolerates experiments. and I do not want to destroy anything.

    @mtindor thanks, this is exactly where I inserted "pps|ppt|" (I am not concerned about .eml files) but the problem is that the file attachments I want to get rid of still go through. Hm ... I'll control one more time, give me some minutes ......
     
    #4 zombo, Apr 20, 2008
    Last edited: Apr 20, 2008
  5. zombo

    zombo Active Member

    Joined:
    Jan 28, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austria
    @mike, thanks after all for confirming that I was basically doing right.

    I Finally found out that I had one '\' too much in the "/etc/cpanel_exim_system_filter" file.
    One of those terrific errors you find out only by checking char by char. But thanks for referring to the 'eml' thread since it showed me I am not completely on the wrong vessel. :)
     
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I simply referenced 'eml' since you couldn't very well look for four instances of pps by default (since it's not in there by default).

    Glad you got it working. Yes I know all about those typing mistakes. I often make them, spend an hour tracking them down, and then spend another hour kicking myself in the ass for making the mistake in the first place :)

    Mike
     
Loading...

Share This Page