[[postfix]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
postfix [2006/02/20 21:34]
193.77.56.193 some useful links 		postfix [2012/07/31 12:45] (current)
greebo old revision restored
Line 1: Line 1:
 ====== Postfix ====== ====== Postfix ======
-==== Useful links ==== 
-  * [[http://www.securitysage.com/antispam/]] 
  
  
 +==== Useful links ====
 +  * [[http://www.securitysage.com/antispam/]]
 +  * [[http://openrbl.org/|OpenRBL check]]
 +  * [[http://www.rfc-ignorant.org/]]
 +  * [[http://www.acme.com/mail_filtering/]]
 +  * [[http://www.pantz.org/os/openbsd/postfix-spamd-dovecot.shtml|Some useful postfix rules]]
 +  * [[http://blog.dkorunic.net/|Spam Ninjas - Dinko Korunic’s blog]]
  
  
 ===== TODO ===== ===== TODO =====
   * **berljivost clanka**   * **berljivost clanka**
 +  * **RAZLICNI SCENARIJI**
   * vrstni red   * vrstni red
   * razlicni scenariji   * razlicni scenariji
Line 19: Line 25:
   * append_dot_mydomain = yes   * append_dot_mydomain = yes
   * pcre   * pcre
-  * IGNORE deletes lines in headers(?)+  !* IGNORE deletes lines in headers(?) 
 +  unverified_recipient_reject_code = 550 
 +  unverified_sender_reject_code = 550
  
 +
 +
 +smtpd_discard_ehlo_keywords = silent-discard, ETRN  VRFY
 +
 +===== Different Setups =====
 +  * [[postfix:mx|Postfix as MX server]]
 +  * [[postfix:smtp|Postfix as SMTP relay]]
 +  * [[postfix:smtp-auth|Postfix with SMTP-auth]]
 +  * [[postfix:asrelay|Postfix as relaying server (to Exchaneg/Domino)]]
 +  * [[postfix:advance|Advance postfix hacks]]
  
  
Line 26: Line 44:
 here are some tips .. here are some tips ..
  
-==== Hide internal address ====+==== Making postfix only send through 'smart relayhost' when direct connection is not available ==== 
 + 
 +I use this construction to have a fallback option when the direct connected ADSL-line is down: replace '**''relayhost''**' in '**main.cf**' by '**''smtp_fallback_relay''**'
 + 
 +==== Hide internal/intranet address ====
  
 See [[http://www.securitysage.com/antispam/hedrem.html|this page]] See [[http://www.securitysage.com/antispam/hedrem.html|this page]]
Line 39: Line 61:
   /^received: / IGNORE   /^received: / IGNORE
   /^X-Sender: / IGNORE   /^X-Sender: / IGNORE
 +  /^Received: .*\[192\.168\.101\..*\]\)/  IGNORE
 +  /^Received: .*\[127\.0\.0\.1\]\)/       IGNORE
  
-**Still looking for a better way?!**+keeping only the headers that you want:
  
 +    /^((Resent-)?From|To|Cc|Date|Return-Path|Message-ID):/ OK
 +    /./ IGNORE
  
  
 +
 +
 +==== LMTP and over-quota ====
 +''Be aware that if your IMAP server receives messages over LMTP, over-quota situations won't be discovered until after Postfix has accepted the message, so it will have to be bounced. If you want to reject mail for users over their quotas, you'll have to use an access table listing users who are over their quotas.''
 +
 +2008-02-06 (b) Not necessarily. If you use reject_unverified_recipient, cyrus LMTP rejects mail for over-quota mailbox and Postfix rejects them at SMTP stage.
  
 ---------------- ----------------
 +
 +
  
 ===== Unsorted stuff ===== ===== Unsorted stuff =====
  
-owner_request_special = no +  owner_request_special = no 
-show_user_unknown_table_name = no+  show_user_unknown_table_name = no
  
-#       reject_rhsbl_client +  #       reject_rhsbl_client 
-        reject_rhsbl_sender    dsn.rfc-ignorant.org+          reject_rhsbl_sender    dsn.rfc-ignorant.org
  
 === ===
-smepd_error_sleep_time+  smtpd_error_sleep_time
  
-Timh to wait in seconds before sending a 4xx or 5xx server error response.+Time to wait in seconds before sending a 4xx or 5xx server error response.
  
-smtpd_soft_error_limit+  smtpd_soft_error_limit
  
 When an SMTP client has made this number of errors, wait error_count seconds before responding to any client request. When an SMTP client has made this number of errors, wait error_count seconds before responding to any client request.
  
-smtpd_hard_error_limit+  smtpd_hard_error_limit
  
 Disconnect after a client has made this number of errors. Disconnect after a client has made this number of errors.
  
-smtpd_junk_command_limit+  smtpd_junk_command_limit
  
 Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays. Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays.
 === ===
 +tired of  "postfix/smtpd : OTP unavailable because can't read/write key database"
 +
 +add to /etc/postfix/sasl/smtp.conf 
 +
 +mechlist: plain login crammd5 digestmd5
 +
 +or try this:
 +cd /usr/lib/sasl2
 +mkdir deactivated
 +mv *otp* deactivated
 +# for good measure
 +mv *ntlm* deactivated
 +
  
 ============= =============
Line 82: Line 129:
 #postfix on ircnet #postfix on ircnet
  
-konrads> for testing purposes i need a complete catch-all setup that reroutes all incoming mails to /dev/null+''for testing purposes i need a complete catch-all setup that reroutes all incoming mails to /dev/null 
  
-weasel> 250 no problem +tail .. master.cf: 
-weasel> tail .. master.cf: +devnull unix    -                               pipe 
-weasel> devnull unix    -                               pipe +flags=R user=nobody argv=/usr/local/bin/devnull 
-weasel>     flags=R user=nobody argv=/usr/local/bin/devnull +where bin/devnull is something like 
-weasel> where bin/devnull is something like +#!/bin/sh 
-weasel> #!/bin/sh +cat > /dev/null 
-weasel> cat > /dev/null +then set local_transport to devnull''
-weasel> then set local_transport to devnull+
  
 ============== ==============
 How to change sender/recipient/both: How to change sender/recipient/both:
  
-canonical_maps = hash:/etc/postfix/canonical_maps +  canonical_maps = hash:/etc/postfix/canonical_maps 
-recipient_canonical_maps = +  recipient_canonical_maps = 
-sender_canonical_maps = hash:/etc/postfix/sender_maps+  sender_canonical_maps = hash:/etc/postfix/sender_maps
  
-/etc/postfix/canonical_maps +  /etc/postfix/canonical_maps 
-@thisisfakedomain.foo  makeitreal.com+  @thisisfakedomain.foo  makeitreal.com
  
-/etc/postfix/sender_maps +  /etc/postfix/sender_maps 
-# this server is sending, but not receiving e-mail +  # this server is sending, but not receiving e-mail 
-# so we reroute the error msgs to the postmaster :] +  # so we reroute the error msgs to the postmaster :] 
-eVecer@[195.246.18.38]  postmaster@slon.net+  eVecer@[195.246.18.38]  postmaster@slon.net
  
 =========== ===========
Line 115: Line 162:
 out that many clients won't accept a REJECT after the (HELO|MAIL out that many clients won't accept a REJECT after the (HELO|MAIL
 FROM:connect) and would return every second. FROM:connect) and would return every second.
 +
 +===== ABKO ====
 +
 +check_*_mx_access cidr:/etc/postfix/sender_mx_access.cidr
 +
 + 0.0.0.0/8 REJECT Domain MX in broadcast network
 + 10.0.0.0/8 REJECT Domain MX in RFC 1918 private network
 + 127.0.0.0/8 REJECT Domain MX in loopback network
 + 169.254.0.0/16 REJECT Domain MX in link local network
 + 172.16.0.0/12 REJECT Domain MX in RFC 1918 private network
 + 192.0.2.0/24 REJECT Domain MX in TEST-NET network
 + 192.168.0/16 REJECT Domain MX in RFC 1918 private network
 + 224.0.0.0/4 REJECT Domain MX in class D multicast network
 + 240.0.0.0/5 REJECT Domain MX in class E reserved network
 + 248.0.0.0/5 REJECT Domain MX in reserved network
 +
 +source - IPv4 bogon list - http://www.cymru.com/Documents/bogon-bn-agg.txt
  
 ========== ==========
 /etc/postfix/main.cf: /etc/postfix/main.cf:
  
-alias_maps = hash:/etc/aliases +  alias_maps = hash:/etc/aliases 
-alias_database = $alias_maps+  alias_database = $alias_maps
  
-smtpd_banner = $myhostname ESMTP http://www.rfc.net/rfc2821.html +  smtpd_banner = $myhostname ESMTP http://www.rfc.net/rfc2821.html 
-mail_name = smtpd+  mail_name = smtpd
  
-# what kind of errors should postmaster receive +  # what kind of errors should postmaster receive 
-# notify_classes = resource,software,protocol,policy,delay,2bounce +  # notify_classes = resource,software,protocol,policy,delay,2bounce 
-# default is:  notify_classes = resource,software+  # default is:  notify_classes = resource,software
  
-# postfix tries to get hostname from the system, but it usually failes, because the hostname +  # postfix tries to get hostname from the system, but it usually failes, because the hostname 
-# is not FQDN +  # is not FQDN 
-myhostname = host.domain.org+  myhostname = host.domain.org
  
-# default is: +  # default is: 
-# myorigin = $myhostname +  # myorigin = $myhostname 
-# mydomain = domain part of $myhostname+  # mydomain = domain part of $myhostname
  
-# what domains are LOCAL to this server +  # what domains are LOCAL to this server 
-# DO NOT list virtual domains here! +  # DO NOT list virtual domains here! 
-# Use virtual_maps for virtual domains +  # Use virtual_maps for virtual domains 
-mydestination = $myhostname, localhost.$mydomain+  mydestination = $myhostname, localhost.$mydomain
  
  
-#address_verify_map+  #address_verify_map
  
-#owner_request_special = no +  #owner_request_special = no 
-# for Mailman Mailing-list+  # for Mailman Mailing-list
  
-# virtual domains +  # virtual domains 
-virtual_maps = hash:/etc/postfix/virtual+  virtual_maps = hash:/etc/postfix/virtual
  
-# Reject unknown local/virtual recipients at the SMTP port. +  # Reject unknown local/virtual recipients at the SMTP port. 
-# proxy (v2.x) local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_maps +  # proxy (v2.x) local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_maps 
-local_recipient_maps = unix:passwd.byname $alias_maps $virtual_maps+  local_recipient_maps = unix:passwd.byname $alias_maps $virtual_maps
  
-mynetworks = 127.0.0.0/8 192.168.0.0/24 10.3.74.0/24 +  mynetworks = 127.0.0.0/8 192.168.0.0/24 10.3.74.0/24 
-mynetworks_style = host+  mynetworks_style = host
  
-mailbox_size_limit = 0 +  mailbox_size_limit = 0 
-recipient_delimiter = ++  recipient_delimiter = +
  
-# Maildir format +  # Maildir format 
-# if you use Courier IMAP/POP +  # if you use Courier IMAP/POP 
-home_mailbox = Maildir/+  home_mailbox = Maildir/
  
-#if you use maildrop +  #if you use maildrop 
-#mailbox_command = /usr/bin/maildrop +  #mailbox_command = /usr/bin/maildrop 
-#local_destination_concurrency_limit = 1+  #local_destination_concurrency_limit = 1
  
-delay_warning_time = 3h+  delay_warning_time = 3h
  
-smtpd_helo_required = yes +  smtpd_helo_required = yes 
-biff = no +  biff = no 
-disable_vrfy_command = yes +  disable_vrfy_command = yes 
-strict_rfc821_envelopes = no+  strict_rfc821_envelopes = no
  
-transport_maps = hash:/etc/postfix/transport +  transport_maps = hash:/etc/postfix/transport 
-message_size_limit = 40960000+  message_size_limit = 40960000
  
-maps_rbl_domains =+  maps_rbl_domains =
  list.dsbl.org,  list.dsbl.org,
  relays.ordb.org  relays.ordb.org
  
-body_checks = regexp:/etc/postfix/body_checks +  body_checks = regexp:/etc/postfix/body_checks 
-header_checks = regexp:/etc/postfix/header_checks+  header_checks = regexp:/etc/postfix/header_checks
  
-# smart-relay server +  # smart-relay server 
-# probably smtp server of your ISP +  # probably smtp server of your ISP 
-#relayhost = [smtp.isp.com]+  #relayhost = [smtp.isp.com]
  
-# smtp server to use if we get errors sending directly +  # smtp server to use if we get errors sending directly 
-#fallback_relay = [smtp.isp.com]+  #fallback_relay = [smtp.isp.com]
  
-# use it to TEST(!) your new config +  # use it to TEST(!) your new config 
-# smtp will issue 4xx (temporary error) instead of 5xx (permanent) thus allowing +  # smtp will issue 4xx (temporary error) instead of 5xx (permanent) thus allowing 
-# transmission later +  # transmission later 
-#soft_bounce = yes+  #soft_bounce = yes
  
-#broken PIX/cisco firewall +  #broken PIX/cisco firewall 
-smtp_always_send_ehlo = no+  #smtp_always_send_ehlo = no
  
-smtpd_client_restrictions = hash:/etc/postfix/client_access+  smtpd_client_restrictions = hash:/etc/postfix/client_access
  
-smtpd_helo_restrictions = hash:/etc/postfix/helo_checks+  smtpd_helo_restrictions = hash:/etc/postfix/helo_checks
  
-smtpd_sender_restrictions =+  smtpd_sender_restrictions =
  regexp:/etc/postfix/sender_checks  regexp:/etc/postfix/sender_checks
  
 smtpd_recipient_restrictions = smtpd_recipient_restrictions =
- reject_unauth_pipelining,+# reject_unauth_pipelining, http://www.irbs.net/internet/postfix/0311/1455.html
  reject_non_fqdn_sender,  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,  reject_non_fqdn_recipient,
Line 220: Line 284:
  reject_rbl_client dnsbl.sorbs.net  reject_rbl_client dnsbl.sorbs.net
  reject_unauth_destination  reject_unauth_destination
 +
 +smtpd_data_restrictions = 
 + reject_unauth_pipelining
  
 #mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp #mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
Line 232: Line 299:
 #### ####
 /etc/postfix/client_access /etc/postfix/client_access
-# amis +  # amis 
-212.18.32.4             OK +  212.18.32.4             OK 
-212.18.32.14            OK +  212.18.32.14            OK 
-# triera +  # triera 
-213.161.0.24            OK +  213.161.0.24            OK 
-213.161.0.25            OK +  213.161.0.25            OK 
-# volja +  # volja 
-217.72.64.59            OK +  217.72.64.59            OK 
-217.72.64.60            OK +  217.72.64.60            OK 
-#  softnet +  #  softnet 
-212.103.128.68          OK +  212.103.128.68          OK 
-# mojnet +  # mojnet 
-212.93.226.6            OK +  212.93.226.6            OK 
-# telemach +  # telemach 
-213.143.65.10           OK +  213.143.65.10           OK 
-# netsi +  # netsi 
-212.72.100.100          OK +  212.72.100.100          OK 
-# siol +  # siol 
-193.189.160.25          OK +  193.189.160.25          OK 
-193.189.160.18          OK +  193.189.160.18          OK 
-# perftech +  # perftech 
-195.246.0.20            OK +  195.246.0.20            OK 
-195.246.0.21            OK +  195.246.0.21            OK 
-195.246.0.22            OK +  195.246.0.22            OK 
-# arnes +  # arnes 
-193.2.1.74              OK +  193.2.1.74              OK 
-193.2.1.75              OK +  193.2.1.75              OK 
-+  
-BSN-77-157-5.dsl.siol.net       OK +  BSN-77-157-5.dsl.siol.net       OK 
-193.77.157.5            OK +  193.77.157.5            OK 
-+  
-dsl.siol.net            554 Uporabite streznik mail.siol.net za odhodno posto ali si uredite 'povratni naslov' za vas IP. Za nadaljne informacije klicite 080 1000 +  dsl.siol.net            554 Uporabite streznik mail.siol.net za odhodno posto ali si uredite   'povratni naslov' za vas IP. Za nadaljne informacije klicite 080 1000 
-dial-up.siol.net        554 Uporabite streznik mail.siol.net za odhodno posto! Za nadaljne informacije klicite 080 1000 +  dial-up.siol.net        554 Uporabite streznik mail.siol.net za odhodno posto! Za nadaljne informacije klicite 080 1000 
-dial-up.volja.net       554 Uporabite streznik smtp.volja.net za odhodno posto. Za nadaljne informacije klicite 01 5875 888 +  dial-up.volja.net       554 Uporabite streznik smtp.volja.net za odhodno posto. Za nadaljne informacije klicite 01 5875 888 
-dial.netsi.net          554 Uporabite streznik smtp.netsi.net za odhodno posto! +  dial.netsi.net          554 Uporabite streznik smtp.netsi.net za odhodno posto! 
-dial-up.arnes.si        554 Uporabite streznik mail.arnes.si za odhodno posto! +  dial-up.arnes.si        554 Uporabite streznik mail.arnes.si za odhodno posto! 
-dial-up.moj.net         554 Uporabite streznik smtp.moj.net za odhodno posto ! For further info call 01 2345860! +  dial-up.moj.net         554 Uporabite streznik smtp.moj.net za odhodno posto ! For further info call 01 2345860! 
-dialup.amis.net         554 Uporabite streznik smtp.amis.net za odhodno posto ! Za nadaljne informacije klicite 080 2010 +  dialup.amis.net         554 Uporabite streznik smtp.amis.net za odhodno posto ! Za nadaljne informacije klicite 080 2010 
-adsl.amis.net           554 Uporabite streznik smtp.amis.net za odhodno posto ali si uredite 'povratni naslov' za vas IP. Za nadaljne informacije klicite 080 2010 +  adsl.amis.net           554 Uporabite streznik smtp.amis.net za odhodno posto ali si uredite 'povratni naslov' za vas IP. Za nadaljne informacije klicite 080 2010 
-dsl.net                 554 Use smtp.dsl.net as outgoing e-mail server!+  cable.triera.net        554 Uporabite streznik smtp.triera.net za odhodno e-posto. 
 + 
 +  dsl.net                 554 Use smtp.dsl.net as outgoing e-mail server! 
 + 
 + 
 +**B wrote** 
 +To matchne vsak hostname, v katerem se pojavi ".dsl." 
 + 
 +ali ce hoces bit natancen: 
 +/^.*\.dsl\..*$/ (^ in $ sta zacetek in konec stringa, na zacetku in koncu stringa je lahko karkoli (.*), nekje v stringu pa je tudi ".dsl."
  
 /etc/postfix/sender_checks /etc/postfix/sender_checks
-/@\[(10|127|0)\.|(192\.168)\./          554 Use real IP numbers or FQDN +  /@\[(10|127|0)\.|(192\.168)\./          554 Use real IP numbers or FQDN 
-/@\[172\.1[6-9]\./                      554 Use real IP numbers or FQDN +  /@\[172\.1[6-9]\./                      554 Use real IP numbers or FQDN 
-/@\[172\.2[0-9]\./                      554 Use real IP numbers or FQDN +  /@\[172\.2[0-9]\./                      554 Use real IP numbers or FQDN 
-/@\[172\.3[01]\./                       554 Use real IP numbers or FQDN+  /@\[172\.3[01]\./                       554 Use real IP numbers or FQDN
  
 /etc/postfix/helo_checks /etc/postfix/helo_checks
-your_fqdn_hostname_here     551    Bogus HELO+  your_fqdn_hostname_here     551    Bogus HELO 
 +  A.B.C.D           551     Bogus HELO 
 +  [A.B.C.D]         551     Bogus HELO
  
-/etc/postfix/virtual 
-virtual_domain.com whatever_that_is_not_used 
-abuse@virtual_domain.com root 
-postmaster@virtual_domain.com root 
-hostmaster@virtual_domain.com root 
-fu@virtual_domain.com other@email.com 
-fuu@virtual_domain.com local_user 
  
-# all e-mails go into one/single mbox +/etc/postfix/virtual 
-v_domain.org whatever_that_is_not_used +  virtual_domain.com whatever_that_is_not_used 
-@v_domain.org hegetsallmailfor@domena.org+  abuse@virtual_domain.com root 
 +  postmaster@virtual_domain.com root 
 +  hostmaster@virtual_domain.com root 
 +  fu@virtual_domain.com other@email.com 
 +  fuu@virtual_domain.com local_user 
 +   
 +  # all e-mails go into one/single mbox 
 +  v_domain.org whatever_that_is_not_used 
 +  @v_domain.org hegetsallmailfor@domena.org
  
 /etc/postfix/header_checks /etc/postfix/header_checks
-# NIMDA +  # NIMDA 
-/^.*boundary=\"====_ABC1234567890DEF_====\"/      REJECT +  /^.*boundary=\"====_ABC1234567890DEF_====\"/      REJECT 
-/^.*boundary=\"====_ABC123456j7890DEF_====\"/      REJECT +  /^.*boundary=\"====_ABC123456j7890DEF_====\"/      REJECT 
-+  
-/Subject:.*new photos from my party/   REJECT +  /Subject:.*new photos from my party/   REJECT 
-+  
-/^Content-Type: multipart\/mixed; boundary="----[a-zA-Z0-9]+_Outlook_Express_message_boundary"/ 554 Infected with SirCam. +  /^Content-Type: multipart\/mixed; boundary="----[a-zA-Z0-9]+_Outlook_Express_message_boundary"/ 554   Infected with SirCam. 
-# SIRCAM +  # SIRCAM 
-#/^.*_Outlook_Express_message_boundary/  REJECT +  #/^.*_Outlook_Express_message_boundary/  REJECT 
-# HYBRIS +  # HYBRIS 
-#/^.*boundary="--VE/     REJECT +  #/^.*boundary="--VE/     REJECT 
-# ALIZ +  # ALIZ 
-#/^.*boundary="bound"/   REJECT +  #/^.*boundary="bound"/   REJECT 
-# SPAM +  # SPAM 
-#/^Subject:.*Try It BEFORE You Buy It.*/         REJECT +  #/^Subject:.*Try It BEFORE You Buy It.*/         REJECT 
-#NextPart +  #NextPart 
-#/^.*boundary="----_=_NextPart_001.*"/   REJECT+  #/^.*boundary="----_=_NextPart_001.*"/   REJECT
  
  
 /etc/postfix/body_checks /etc/postfix/body_checks
  
-/^U*EsDBAoAAQAAA/ REJECT Encrypted Zip archive. /^Content-(Disposition|Type):.+file.+="?.*\.(doc|zip|exe|xls|jpg|gif)\.(vbs|scr|pif|bat|com|exe|lnk)"?$/ REJECT +/^U*EsDBAoAAQAAA/ REJECT Encrypted Zip archive.   /^Content-(Disposition|Type):.+file.+="?.*\.(doc|zip|exe|xls|jpg|gif)\.(vbs|scr|pif|bat|com|exe|lnk)"?$/ REJECT 
 /^begin [0-9]+*\.(scr|pif|exe|com|bat|shs|shb|vxd|rm|chm|vbs|ini|cmd|hta|reg|lnk|js|jse)/ REJECT  /^begin [0-9]+*\.(scr|pif|exe|com|bat|shs|shb|vxd|rm|chm|vbs|ini|cmd|hta|reg|lnk|js|jse)/ REJECT 
 /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ reject keep your viruses with you  /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ reject keep your viruses with you 
Line 325: Line 405:
  
 #or even more restrictive:  #or even more restrictive: 
-/<(iframe src=(3D)?cid:)/ REJECT ${1}: No exploitable iframe code accepted here PCRE version of the above: /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(doc|zip|exe|xls)\.(exe|vbe|vbs|vbx|vxd|wsc|wsf|wsh))(\?=)?"?\s*$/x REJECT Attachment name "$2" may not end with ".$3" +  /<(iframe src=(3D)?cid:)/ REJECT ${1}: No exploitable iframe code accepted here PCRE version of the above: 
 +/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(doc|zip|exe|xls)\.(exe|vbe|vbs|vbx|vxd|wsc|wsf|wsh))(\?=)?"?\s*$/x REJECT Attachment name "$2" may not end with ".$3"
postfix.1140467688.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready