[exim] security MIME ACL checks

Pàgina inicial
Delete this message
Reply to this message
Autor: Michael Sprague
Data:  
A: exim-users
Assumpte: [exim] security MIME ACL checks
Hi folks,

I was pouring over my logs for the past month and notices that I haven't
been getting any hits on various MIME ACLs. I'm not sure if they're
just broken or we're just not seeing these types of attacks much any
more. Curious what the rest of y'all are seeing with regards to MIME
ACLs. Here is a snippet of what I'm looking for in the MIME ACL:

deny
  condition   = ${if > {$mime_anomaly_level}{2} {true}{false}}
  message     = MIME error ($mime_anomaly_text)


deny
  condition   = ${if >{$mime_part_count}{1024}{yes}{no}}
  message     = Too many MIME parts (max 1024)


deny
  set ACL_MIMECNT = ${eval:$ACL_MIMECNT+1}
  condition       = ${if >{$ACL_MIMECNT}{1024}{yes}{no}}
  message         = Too many nested MIME parts (max 1024)


deny
  condition   = ${if eq {$mime_content_type}{message/partial}{yes}{no}}
  message     = MIME error: MIME type message/partial not allowed here


deny
  condition   = ${if >{${strlen:$mime_filename}}{255}{yes}{no}}
  message     = MIME error: Proposed filename exceeds 255 characters


deny
  condition   = ${if >{${strlen:$mime_boundary}}{76}{yes}{no}}
  message     = MIME error: MIME boundary length exceed 76 characters


deny
  condition   = $mime_is_multipart
  condition   = ${if eq{$mime_boundary}{}{yes}{no}}
  message     = MIME error (Empty MIME Boundary)


thanks,
mikeS

-- 
Michael F. Sprague     | mfs@???
http://www.saneinc.net | System and Network Engineering (SaNE), Inc
Providers of the SpamOnion anti-spam service