How to: Block Email by Attachment File Extension

It is possible to set the mail server to reject messages that include attachments with specific file extensions. This allows the user to block file extensions that could be linked to malicious activity. Any message containing an attachment with one of the blocked extensions will be rejected by the mail server, with a return message to the sender.

For example, if the blocked extension is .exe, the sender will receive:

The response from the remote server was:
554 Your email was rejected because it contains a bad attachment: test.exe

To Configure the Extension Block List

  1. Log in to the server at the CLI as root, either via SSH or from the terminal

  2. At the CLI, us a text editor to open the file /var/qmail/control/simcontrol. By default, the contents of the file should look similar to the following:

    :clam=no,spam=no,trophie=no,spam_hits=95

  3. Add attach={.EXT} to the comma-separated values already in the file, replacing {.EXT} with the desired extension. In the below example, the .exe extension will be blocked:

    :clam=no,spam=no,trophie=no,spam_hits=95,attach=.exe

    • Additional extensions can be added using : between each extension. In the below example, .ext, .gz, and .js will be blocked:

      :clam=no,spam=no,trophie=no,spam_hits=95,attach=.exe:.gz:.js

  4. Save and exit the text editor

  5. At the CLI, run /var/qmail/bin/simscanmk. This commits and rebuilds the extension block list

    [root@server ~]# /var/qmail/bin/simscanmk
simscan cdb file built. /var/qmail/control/simcontrol.cdb
[root@server ~]#