Ban .html as attachment but not html mails?
Mark Sapiro
mark at msapiro.net
Thu Jul 1 00:18:53 UTC 2021
On 6/30/21 12:30 PM, Remco Barendse wrote:
> MOre and more malicious emails are coming in with .html as an attachment.
>
> I do not need my users to receive .html files, ever
>
> Blocking them in /etc/MailScanner/filename.rules.conf
> #deny \.htm$ Dangerous attachment type #deny
> \.html$ Dangerous attachment type
>
> Blocks every email in html, not exactly what I wanted.
>
> What is the proper way to do it?
Consider that most MUAs that compose "rich text" email will create a
message with the following MIME structure
multipart/alternative
text/plain
a plain text rendition of the message
text/html
a rich text rendition of the message
Compare that to the structure of a message with a plain text body and an
HTML attachment.
multipart/mixed
text/plain
the plain text message
text/html
an HTML attachment
MailScanner currently does not distinguish between these two cases.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list