Don't block S/MIME on your mail server
With all the viruses out there these days, many mail servers simply block all attachments, or only allow a small set through. One set of attachment extensions that you don't want to block however are the extensions defined in RFC 2311 § 3.2.1 for S/MIME.
MIME Type File Extension application/pkcs7-mime .p7m (signedData, envelopedData) application/pkcs7-mime .p7c (degenerate signedData "certs-only" message) application/pkcs7-signature .p7s application/pkcs10 .p10
S/MIME allows people to sign or encrypt email messages. A S/MIME signature is created by basically creating a checksum (MD5, or SHA1), then the checksum is signed (RSA or DSA - S/MIME is also used for PGP).
Even if you don't sign or encrypt email yourself, its not a good practice to block these attachments - you may prevent someone (like me) who signs all their email from reaching you. Also S/MIME signatures are a good way for companies like PayPal who are plagued with Phishing scams to send trusted email to their customers. Just last week, I got an email from PayPal, which turns out was actually from PayPal - but I had to view the message source to confirm this. If they had signed the message I would know instantly.
- Redirect www and non https in IIS using web.config
- Not authorized to perform: ssm:GetParameters
- What is the difference between ASCII Chr(10) and Chr(13)
- Fixinator and Foundeo Security Bundle
- Running CFML on AWS Lambda with FuseLess Slides
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2