Sieve Email Filtering By File Type

Add server-side rejection of email attachments by file type with these custom Sieve filters. Posted 11 April 2020

The Sieve email filtering language dates back to 2008 and is widely deployed. It does not require any particular operating system or email software, so pretty much anyone running an email server can use it to redirect messages or to add another layer of defense against spam.

Better email hosts let advanced users deploy custom Sieve ‘scripts’ to create their own filtering rules. These are not filters to apply once a message hits your inbox such as out of office autoresponders, these rules are applied upon receipt by the email server, and it is possible to categorically reject messages by their attached file type(s) and bounce them back to the sender along with an error message.

The majority of mail hosts block certain file type attachments, such as .exe, because they are abused and present security risks for the recipient. I use FastMail who support Sieve and wanted to expand that list of blocked file types.

My personal preference is to always reject Microsoft Office documents because they are containers (including the possibility of executable scripts) and are something I consider an unacceptable security risk.

Example Blocking Microsoft Office File Formats

The following two Sieve rules will return an error message to senders asking them to convert the attachment to PDF. PDF isn’t perfect, but I consider it an acceptable risk from known senders.

File types blocked in the examples are .doc .docx .xls .xlsx .ppt .pptx.

First Sieve Rule

This rule will block nearly all Microsoft document, spreadsheet, and presentation file formats. To adapt it for different file types, simply change the file extensions referenced in the script.

if header :matches "X-Attached" ["*.doc", "*.docx", "*.xls", "*.xlsx", "*.ppt", "*.pptx"] {
  reject "Message rejected, this attachment type is blocked. Please convert to PDF and re-send.";

Second Sieve Rule

I wrote ‘nearly all formats’ above because as usual, Microsoft is…special and some emails with the blocked file types sent by their users still got through the first filter, due to incomplete or incorrect email headers. Therefore a second rule in needed for Microsoft (just like with their browsers!). This one adds a regular expression check for filenames.

if body :raw :regex ["filename=.*\.doc","filename=.*\.docx","filename=.*\.xls","filename=.*\.xlsx","filename=.*\.ppt","filename=.*\.pptx"] {
  reject "Message rejected, this attachment type is blocked. Please convert to PDF and re-send.";


Blocking more attachment types is great for you, but it may frustrate non-technical senders. Be proactive about asking senders to convert files to an acceptable format. They may figure it out on their own after reading the error message, but it is best to notify them in advance.

You can also ask senders to share an uploaded copy of the document instead of sending it as an attachment. Mainstream document hosts scan these for malware so that provides another layer of protection for you, and it may help non-technical users discover when they inadvertently try to share files containing malware.

To learn more about Sieve visit