David Woodhouse wrote:
> I've received a complaint about the MIME filename filtering I use.
> Apparently Netscape forwards mail as a message/rfc822 attachment with
> the original Subject: header as the filename. And when that subject was
> "Your order from Amazon.com" it gets rejected for being an executable.
Makes sense, but they should at least append ".eml" to the filename.
Rejecting files ending in .com is so common that you won't be the only
one dropping it.
You can make an exception by checking $mime_content_type for
"message/rfc822".
> I'd like to be able to change the filename (or even just drop it) in the
> MIME ACL.
The MIME ACL can't make any modifications to the message in the spool,
sorry. You can of course remember and apply filtering later.
> Also, I don't see an obvious replacement for $demime_errorlevel in the
> new MIME stuff. Is there one?
Some of the old "demime" checks can be implemented on ACL level
(boundary and filename lengths, message/partial etc.). I have started to
implement the other checks. In 4.50, there are only two, yet undocumented:
/* MIME Anomaly list */
#define MIME_ANOMALY_BROKEN_BASE64 2, "Broken BASE64 encoding detected"
#define MIME_ANOMALY_BROKEN_QP 1, "Broken Quoted-Printable encoding
detected"
You can grab the severity level from "$mime_anomaly_level" and the human
readable message from "$mime_anomaly_text". They are set when "decode"
has been run on a part.
/tom
