Re: Email Attachment Blocking

[Vuong Phung <vphung () SCIENCE SJSU EDU>]

We reject email and notify sender regarding blocked extensions below. Vuong

Add the following to the end of /etc/postfix/check_headers

#Make sure the extension list below is 1 continuous line

/^content-(type|disposition):.*name[[:space:]]*=.*\.(ade|adp|app|asa|asp|asd|awk|bas|bat|cdx|cer|cgi|chm|cil|
chm|class|cmd|com|cpl|crt|csh|dek|dll|ds|eml|emf|esh|exe|ezs|fky|fxp|hlp|hta|htr|htw|ida|idc|idq|inf|ins|inx|ipf|
isp|its|jar|js|jse|ksh|lnk|mad|maf|mag|mam|maq|mar|mas|mat|mau|maw|mda|mdb|mde|mdt|mdw|mdz|mem|
mpx|msc|msi|msp|mst|nws|obs|ocx|ops|pcd|pif|prf|prg|printer|pst|pvd|pwc|pyc|pyo|pqx|reg|rgs|rox|scf|scr|sct|
shb|shs|shtml|stm|tlb|tms|udf|url|vb|vbe|vbs|vbscript|vdo|wcm|widget|workflow|wpk|ws|wsc|wsf|wsh|xqt)/
                REJECT Bad attachment file name extension: $2

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Steve Brukbacher
Sent: Tuesday, January 27, 2009 1:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Email Attachment Blocking


Hi,
I'm taking an informal survey to see if others are currently blocking
any email attachments at the mail server (or component of your mail
server infrastructure).  If so, which ones?

If yes, does the email simply get dropped or does the sender and/or
recipient receive some sort of notification?

Any comments on how you worked with your user community on this would be
helpful as well.

-- 
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Architect