Postfix can be configured to block attachments with specific extensions that could be dangerous. Such as .exe; .bat etc. The blocking is done at the MTA level, eliminating back scatter.


  1. Edit /etc/postfix/ and add the following line: header_checks = pcre:/etc/postfix/header_checks

  2. Create a new file /etc/postfix/header_checks with following line: /^content-(type|disposition)\s=.*\.(exe|pif|app|asp|bat|cmd|com|cpl|csh|js|msc|prf|pst|vb|vbs|ws|wsc|wsh)/ REJECT We cannot accept executable attachments

  3. postmap /etc/postfix/header_checks
  4. For Debian and related distros: apt-get install postfix-pcre For other distros if the package is not available Postfix may need to be bulit with PRCE support: .

See Also

Postfix: header_checks directive

Category:Linux Category:Postfix