> Anyone remember? Or did that even go into the Wiki?
I attached our mime_acl.cf which includes some mime tests.
- oliver
Tom Kistner schrieb:
> Philip Hazel wrote:
>
>
>>>There appear two variables "mime_anomaly_text" and "mime_anomaly_level".
>>>Did the documentation get lost in the conversion process to the new
>>>manual format?
>>
>>Tom? Any documentation for these variables?
>
>
> They are reserved for "future development". There's one check they
> already carry but I'd have to look in the source to find out which one :)
>
> The MIME ACL is actually quite flexible in its ability to apply basic
> sanity checks. There was a thread some months back where someone
> summarized a MIME ACL that had all the demime checks save one or so.
>
> Anyone remember? Or did that even go into the Wiki?
>
> Sorry I'm too busy to look right now, the kids are running rampage in my
> office ...
>
> /tom
>
>
>
# $Id: mime_acl.cf 5127 2005-08-28 17:20:24Z oliver $
###############################
# MIME-ACL
###############################
warn !condition = ${if eq {$acl_m2}{mime_acl_called}{1}{0}}
set acl_m6 = 0
# log_message = acl_m6 set to Zero (First MIME-Part) acl_m6 = $acl_m6
warn set acl_m2 = mime_acl_called
warn set acl_c6 =
# Interene Hosts werden diesen Checks nmicht unterzogen
accept hosts = +relay_from_hosts
# Decode MIME parts to disk. This will support virus scanners later.
warn decode = default
# warn log_message = DEBUG: [$mime_part_count] -> [$mime_filename] [$mime_content_type]
# File extension filtering.
warn message = This message contains a prohibited file extension (${extract{-1}{.}{${lc:$mime_filename}}})
condition = ${if match{${extract{-1}{.}{${lc:$mime_filename}}}}{\N^(BAD_ATTACHMENTS)$\N}{1}{0}}
set acl_m6 = ${eval:${acl_m6}+50}
set acl_c6 = $acl_c6 MIME-BAD-ATTACHMENT
# log_message = BAD_ATTACHMENT (${extract{-1}{.}{${lc:$mime_filename}}})
# CLSID Attachment Blocking
warn condition = ${if match{$mime_filename}{\N\{[a-hA-H0-9-]{25,}\}\N}{1}{0}}
set acl_m6 = ${eval:${acl_m6}+40}
set acl_c6 = $acl_c6 MIME-CLSID-ATTACHMENT
# message = BAD_ATTACHMENT (CLSID)
# Empty (invalid) MIME Boundaries
warn condition = $mime_is_multipart
condition = ${if eq{$mime_boundary}{}{yes}{no}}
set acl_m6 = ${eval:${acl_m6}+30}
set acl_c6 = $acl_c6 MIME-INVALID-BOUNDARIES
# message = MIME_ERROR (Empty MIME Boundary)
# Too many MIME parts
warn
condition = ${if >{$mime_part_count}{256}{yes}{no}}
message = MIME_ERROR : Too many MIME parts (max 256)
set acl_m6 = ${eval:${acl_m6}+30}
set acl_c6 = $acl_c6 MIME-INVALID-PART-COUNT
# log_message = MIME_ERROR : Too many MIME parts: $mime_part_count
# Excessive line length
warn
regex = ^.{16382}
set acl_m6 = ${eval:${acl_m6}+40}
set acl_c6 = $acl_c6 MIME-INVALID-LINE-LENGTH
# message = MIME_ERROR Line length in message or single header exceeds 16382.
# log_message = MIME_ERROR : Maximum line length exceeded
# Partial message
warn
condition = ${if eq {$mime_content_type}{message/partial}{yes}{no}}
set acl_m6 = ${eval:${acl_m6}+30}
set acl_c6 = $acl_c6 MIME-PARTIAL-MESSAGE
# message = MIME_ERROR : MIME type message/partial not allowed here
# log_message = MIME_ERROR : MIME type message/partial found
# Filename length too long (> 512 characters)
warn
condition = ${if >{${strlen:$mime_filename}}{512}{yes}{no}}
set acl_m6 = ${eval:${acl_m6}+35}
set acl_c6 = $acl_c6 MIME-INVALID-FILENAME-LENGTH
# message = MIME_ERROR : Proposed filename exceeds 512 characters
# log_message = MIME_ERROR : Proposed filename too long
# MIME boundary length too long (> 1024)
warn
condition = ${if >{${strlen:$mime_boundary}}{1024}{yes}{no}}
set acl_m6 = ${eval:${acl_m6}+35}
set acl_c6 = $acl_c6 MIME-INVALID-BOUNDARY-LENGTH
# message = MIME_ERROR : MIME boundary length exceed 1024 characters
# log_message = MIME_ERROR : (Boundary length too long)
# Boundary Space Gap
warn condition = ${if match{$mime_boundary}{^( |\t)}{yes}{no}}
set acl_m6 = ${eval:${acl_m6}+20}
set acl_c6 = $acl_c6 MIME-BOUNDARY-SPACE-GAP
# message = Broken MIME container (Boundary Space Gap)
accept
