Author: Tom Kistner Date: To: Dickenson, Steven CC: Exim-users Subject: Re: [exim] MIME errors and MIME ACL
Dickenson, Steven wrote:
> Thanks Tom. So based on your information, I've crafted the following
> ACLs that replicate the level 3 MIME error checks provided by the old
> demime function. All values are taken straight from demime.h.
Thanks! I'll include that in the MIME ACL FAQ document (which I started
months ago, must find it again).
> Some of these values seem a little high, particularly the line length of
> 131071 and the MIME boundary of 1024. I'll probably adjust the line
> length down to 1024 and the MIME boundary down to 76 (as indicated from
> the testvirus.org tests). Additionally, the maximum filename length for
> most Windows machines is 255 characters. Since that's what we run here,
> I'll probably go ahead and reduce that in size as well.
You'll probably get some collateral damage on the 1024 line length
(should be max. 1000 as per RFC, but noone seems to care, in particular
for HTML mail). Reducing file names to 255 is a good idea. There are
some known exploits for older Outlook Express versions which are still
in wide use.
> Additionally, am I correct in assuming that the line length check above
> is only for MIME parts? If I wanted to check the line length of the
> original message headers, I would need to perform a similar check in the
> DATA ACL?