Replace old demime-function with acl_smtp_mime-rules

docs/configure

@@ -172,9 +172,11 @@ acl_smtp_data = acl_check_content
 
 acl_smtp_helo = acl_check_helo
 
-# This ACL can be used to refuse certain file extension in ZIP files
+# This ACL checks attached files to comply with certain rules (number of
+# attachments, file name length etc.). You can also block certain file
+# extensions.
 
-#acl_smtp_mime = acl_check_mime
+acl_smtp_mime = acl_check_mime
 
 # This configuration variable defines the virus scanner that is used with
 # the 'malware' ACL condition of the exiscan acl-patch. If you do not use
@@ -405,25 +407,13 @@ acl_check_rcpt:
 
   deny    message       = relay not permitted
 
-# Check zip files for suspicious mail extensions
-# http://www.gossamer-threads.com/lists/exim/users/98336#98336
+acl_check_mime:
 
-#acl_check_mime:
-#
-#  deny message = A .zip attachment contains a Windows-executable file - \
-#                blocked because we are afraid of new viruses \
-#                not recognized [yet] by antiviruses.
-#  condition = ${if match{$mime_filename}{\N(?i)\.zip$\N}}
-#  condition = ${if def:sender_host_address}
-#  !authenticated = *
-#  decode = default
-#  log_message = forbidden binary in attachment: filename=$mime_filename, \
-#  recipients=$recipients
-#  condition = ${if match{${run{/usr/bin/unzip -l \
-#        $mime_decoded_filename}}}\
-#        {\N(?i)\.(exe|com|ade|adep|adp|bas|bat|chm|cmd|cnf|com|cpl|crt|dll|hlp|hta|inf|ins|isp|js|jse|lnk|mad|maf|mag|mam|maq|mar|mas|matmav|maw|ocx|pcd|pif|reg|scf|scr|sct|vbe|vbs|wsc|wsf|wsh|url|xnk)\n\N}}
-#
-#  accept
+   #Include Vexim specific MIME rules:
+   .include /usr/local/etc/exim/vexim-acl-check-mime.conf
+
+  #accept content which is not forbidden
+  accept
 
 # This access control list is used for content scanning with the exiscan-acl
 # patch. You must also uncomment the entry for acl_smtp_data (scroll up),

docs/vexim-acl-check-content.conf

@@ -1,20 +1,3 @@
-  # First unpack MIME containers and reject serious errors.
-  #
-  deny  message   = This message contains a MIME error ($demime_reason)
-        demime    = *
-        condition = ${if >{$demime_errorlevel}{2}{1}{0}}
-
-  # Reject typically wormish file extensions. There is almost no
-  # sense in sending such files by email.
-  # Note that you might want to change the list of extensions.
-  #
-  deny  message = This domain has a policy of not accepting certain types of attachments \
-                  in mail as they may contain a virus.  This mail has a file with a .$found_extension \
-                  attachment and is not accepted.  If you have a legitimate need to send \
-                  this particular attachment, send it in a compressed archive, and it will \
-                  then be forwarded to the recipient.
-        demime  = ade:adep:adp:bas:bat:chm:cmd:cnf:com:cpl:crt:dll:hlp:hta:inf:ins:isp:js:jse:lnk:mad:maf:mag:mam:maq:mar:mas:mat:mav:maw:ocx:pcd:pif:reg:scf:scr:sct:vbe:vbs:wsc:wsf:wsh:url:xnk
-
   # Reject virus infested messages.
   #
   warn    message     = This message contains malware ($malware_name)

docs/vexim-acl-check-mime.conf

@@ -0,0 +1,34 @@
+  # Decode MIME parts to disk. This will support virus scanners later.
+  deny
+        decode      = default
+        condition   = ${if > {$mime_anomaly_level}{2} \
+                            {true}{false}}
+        message     = This message contains a MIME error ($mime_anomaly_text)
+        log_message = DENY: MIME Error ($mime_anomaly_text)
+
+  # File extension filtering.
+  deny
+        condition = ${if match \
+                        {${lc:$mime_filename}} \
+                        {\N(?i)\.(exe|com|ade|adep|adp|bas|bat|chm|cmd|cnf|com|cpl|crt|dll|hlp|hta|inf|ins|isp|js|jse|lnk|mad|maf|mag|mam|maq|mar|mas|matmav|maw|ocx|pcd|pif|reg|scf|scr|sct|vbe|vbs|wsc|wsf|wsh|url|xnk)\N} \
+                        {1}{0}}
+        message = Blacklisted file extension detected in "$mime_filename". If you legitimately need to send these files please use a compressed archive or a file exchange provider.
+        log_message = DENY: Blacklisted extension ("$mime_filename")
+
+# Check zip files for suspicious mail extensions
+# from: http://www.gossamer-threads.com/lists/exim/users/98336#98336
+#
+#  deny message = A .zip attachment contains a Windows-executable file - \
+#                blocked because we are afraid of new viruses \
+#                not recognized [yet] by antiviruses.
+#  condition = ${if match{$mime_filename}{\N(?i)\.zip$\N}}
+#  condition = ${if def:sender_host_address}
+#  !authenticated = *
+#  decode = default
+#  log_message = forbidden binary in attachment: filename=$mime_filename, \
+#  recipients=$recipients
+#  condition = ${if match{${run{/usr/bin/unzip -l \
+#        $mime_decoded_filename}}}\
+#        {\N(?i)\.(exe|com|ade|adep|adp|bas|bat|chm|cmd|cnf|com|cpl|crt|dll|hlp|hta|inf|ins|isp|js|jse|lnk|mad|maf|mag|mam|maq|mar|mas|matmav|maw|ocx|pcd|pif|reg|scf|scr|sct|vbe|vbs|wsc|wsf|wsh|url|xnk)\n\N}}
+
+# Further checks can be implemented, especially if older email clients are used: https://github.com/Exim/exim/wiki/ExiscanBugBlocking