Re: [exim] Replacing demime for MIME sanity check?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Oliver Egginger
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Replacing demime for MIME sanity check?
> Anyone remember? Or did that even go into the Wiki?

I attached our mime_acl.cf which includes some mime tests.

- oliver

Tom Kistner schrieb:
> Philip Hazel wrote:
>
>
>>>There appear two variables "mime_anomaly_text" and "mime_anomaly_level".
>>>Did the documentation get lost in the conversion process to the new
>>>manual format?
>>
>>Tom? Any documentation for these variables?
>
>
> They are reserved for "future development". There's one check they
> already carry but I'd have to look in the source to find out which one :)
>
> The MIME ACL is actually quite flexible in its ability to apply basic
> sanity checks. There was a thread some months back where someone
> summarized a MIME ACL that had all the demime checks save one or so.
>
> Anyone remember? Or did that even go into the Wiki?
>
> Sorry I'm too busy to look right now, the kids are running rampage in my
> office ...
>
> /tom
>
>
>



# $Id: mime_acl.cf 5127 2005-08-28 17:20:24Z oliver $

###############################
# MIME-ACL
###############################

warn !condition = ${if eq {$acl_m2}{mime_acl_called}{1}{0}}
set acl_m6 = 0
# log_message = acl_m6 set to Zero (First MIME-Part) acl_m6 = $acl_m6

warn set acl_m2 = mime_acl_called

warn set acl_c6 =

# Interene Hosts werden diesen Checks nmicht unterzogen
accept hosts = +relay_from_hosts

# Decode MIME parts to disk. This will support virus scanners later.
warn decode = default

# warn log_message = DEBUG: [$mime_part_count] -> [$mime_filename] [$mime_content_type]

# File extension filtering.
warn   message  = This message contains a prohibited file extension (${extract{-1}{.}{${lc:$mime_filename}}})
       condition       = ${if match{${extract{-1}{.}{${lc:$mime_filename}}}}{\N^(BAD_ATTACHMENTS)$\N}{1}{0}}
       set acl_m6 = ${eval:${acl_m6}+50}
       set acl_c6 = $acl_c6 MIME-BAD-ATTACHMENT
       # log_message     = BAD_ATTACHMENT (${extract{-1}{.}{${lc:$mime_filename}}})


# CLSID Attachment Blocking
warn condition = ${if match{$mime_filename}{\N\{[a-hA-H0-9-]{25,}\}\N}{1}{0}}
     set acl_m6 = ${eval:${acl_m6}+40}
     set acl_c6 = $acl_c6 MIME-CLSID-ATTACHMENT
     # message = BAD_ATTACHMENT (CLSID)


# Empty (invalid) MIME Boundaries
warn  condition  = $mime_is_multipart
      condition  = ${if eq{$mime_boundary}{}{yes}{no}}
      set acl_m6 = ${eval:${acl_m6}+30}
      set acl_c6 = $acl_c6 MIME-INVALID-BOUNDARIES
      # message = MIME_ERROR (Empty MIME Boundary)


# Too many MIME parts
warn
  condition   = ${if >{$mime_part_count}{256}{yes}{no}}
  message     = MIME_ERROR : Too many MIME parts (max 256)
  set acl_m6 = ${eval:${acl_m6}+30}
  set acl_c6 = $acl_c6 MIME-INVALID-PART-COUNT
  # log_message = MIME_ERROR : Too many MIME parts: $mime_part_count


# Excessive line length
warn
  regex       = ^.{16382}
  set acl_m6 = ${eval:${acl_m6}+40}
  set acl_c6 = $acl_c6 MIME-INVALID-LINE-LENGTH
  # message     = MIME_ERROR Line length in message or single header exceeds 16382.
  # log_message = MIME_ERROR : Maximum line length exceeded


# Partial message
warn
  condition   = ${if eq {$mime_content_type}{message/partial}{yes}{no}}
  set acl_m6 = ${eval:${acl_m6}+30}
  set acl_c6 = $acl_c6 MIME-PARTIAL-MESSAGE
  # message     = MIME_ERROR : MIME type message/partial not allowed here
  # log_message = MIME_ERROR : MIME type message/partial found


# Filename length too long (> 512 characters)
warn
  condition   = ${if >{${strlen:$mime_filename}}{512}{yes}{no}}
  set acl_m6 = ${eval:${acl_m6}+35}
  set acl_c6 = $acl_c6 MIME-INVALID-FILENAME-LENGTH
  # message     = MIME_ERROR : Proposed filename exceeds 512 characters
  # log_message = MIME_ERROR : Proposed filename too long


# MIME boundary length too long (> 1024)
warn
  condition   = ${if >{${strlen:$mime_boundary}}{1024}{yes}{no}}
  set acl_m6 = ${eval:${acl_m6}+35}
  set acl_c6 = $acl_c6 MIME-INVALID-BOUNDARY-LENGTH
  # message     = MIME_ERROR : MIME boundary length exceed 1024 characters
  # log_message = MIME_ERROR : (Boundary length too long)


# Boundary Space Gap
   warn condition   = ${if match{$mime_boundary}{^( |\t)}{yes}{no}}
   set acl_m6 = ${eval:${acl_m6}+20}
   set acl_c6 = $acl_c6 MIME-BOUNDARY-SPACE-GAP     
   # message     = Broken MIME container (Boundary Space Gap)




accept