1 (edited by RajeshM 2019-11-12 21:21:23)

Topic: files with .com in file name getting blocked

Hi,

i cannot receive incoming or send outgoing messages if the file attachment name contain the text " .com" anywhere in the file name.

example if my file attachment name is : abc.com.txt

it gets rejected

So it looks entire file name is analyzed for the extension check.

my /etc/postfix/mime_header_checks file contains the following text

/name=[^>]*\.(com|cpl|dll|docm|exe|hqx|hta|ins|iso|isp|jar|js|jse)/ REJECT

Is this is a known standard behavior required from security point of view ?

if not how can i modify the regex so that only files ending with .com extension will get blocked?

further on csr certificates attachments link example abc_com.crt files are also rejected with the following error
550 5.7.1 message content rejected

how do i resolve the above ?

Thanks
Rajesh

2

Re: files with .com in file name getting blocked

It's blocked in Amavisd, search "|com|" in Amavisd config file will give you the result.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

3

Re: files with .com in file name getting blocked

hi

it is not blocked by amavis but instead by postfix header check

please see this sample url

http://postfix.1071664.n5.nabble.com/FY … 70777.html

for example the current mime_header_checks of postfix will block the following real world examples

.scr and .com present within filenames will be wrongly rejected

* name="strace.Scripting-with-the-xss.pdf.txt"
* filename="BOOKING.COM: Hotel 342802.PDF"


rajesh

4

Re: files with .com in file name getting blocked

Then you need to update your mime_header_checks with correct regular expression to match/bypass it.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

5

Re: files with .com in file name getting blocked

hi,

i created a file called header_checks.pcre with the following content. This contains the default extensions from postfix website as well a few additonal ones blocked by gsuite.

/^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(ade|adp|asp|apk|appx|appxbundle|bas|bat|cab|chm|cmd|com|cpl|crt|dll|dmg|exe|hlp|ht[at]|inf|ins|iso|isp|jar|js|jse?|lib|lnk|md[betw]|ms[cipt]|msix|msixbundle|nsh|nws|{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|ops|pcd|pif|prf|ps1|reg|sc[frt]|sh[bsm]|sys|swf|vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x REJECT Banned File Extension type "$2" may not end with ".$4"

in main.cf
# Header and body checks with PCRE table
header_checks = pcre:/etc/postfix/header_checks.pcre

this blocks files ending with the above extensions without blocking files if the above extensions are a part of the file name.

rajesh