Re: [EXIM] Remove attachments

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [EXIM] Remove attachments
On Mon, 7 Jun 1999 16:26:45 +0100 (BST), you wrote:
>if "${perl{somefunction}{$message_id}}" is "fail it" then
> fail text "I don't like this message"
>else
> headers remove "appropriate:headers:for:attachments"
> headers add "X-I-Have-Removed-Any-Attachments: signed Exim"
>endif
>
>The perl script takes the message id and uses it to look at the spool
>file containing the message body (the -D file) directly.


*yuck*

That's what I'd call a dirty hack ;-)

It will break if one uses the "large spool dir" option (but anybody
doing this will probably have that much load on his machine that they
wouldn't do any scanning on the mail server.

It will break if somebody moves the spool directory.

It will break if you change the spool directory layout.

>At the time
>this is run, the -D file is open and locked, so you must modify it in
>place if that is what you want to do - but removing attachments is
>presumably a simple truncation. You should not modify the -H file,
>because the headers are in main memory at this point.


This is another reason to better stick with the pipe-and-redeliver
method or with a future extension of a pipe transport.

In <Pine.SOL.3.96.990604112959.8350H-100000@???>, you
say that "you can't really tamper with the message body in a system
filter". While it is clear now that exim can't do this at the moment,
are there reasons in the exim code that would make implementation
expensive?

Here is a suggestion how this could be implemented.

Have a "pipe_message" command in the filter language. Its argument is
either a shell command (expensive) or a perl function (that is to be
executed by the embedded perl interpreter, probably less expensive)
that is fed the entire message on its standard input. What it puts out
as standard output is taken as the message, standard error is either
logged or returned to the sender as delivery message. Thus, the
argument effectively runs as a filter itself. That filter could do
everything, including freeze and/or fail (this could be controlled by
the exit code).

For performance, a construct like

# Exim filter
if $header_Content-Type: multipart/mixed then
  if pipe_message "virus_scan()" <> 0 then
    fail
  endif
endif


could be used to invoke the pipe only for messages with attachments.

I really like that approach. However, I don't have any clue if it
would be very difficult to implement this.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29


--
*** Exim information can be found at http://www.exim.org/ ***