Hi folks,
I was pouring over my logs for the past month and notices that I haven't
been getting any hits on various MIME ACLs. I'm not sure if they're
just broken or we're just not seeing these types of attacks much any
more. Curious what the rest of y'all are seeing with regards to MIME
ACLs. Here is a snippet of what I'm looking for in the MIME ACL:
deny
condition = ${if > {$mime_anomaly_level}{2} {true}{false}}
message = MIME error ($mime_anomaly_text)
deny
condition = ${if >{$mime_part_count}{1024}{yes}{no}}
message = Too many MIME parts (max 1024)
deny
set ACL_MIMECNT = ${eval:$ACL_MIMECNT+1}
condition = ${if >{$ACL_MIMECNT}{1024}{yes}{no}}
message = Too many nested MIME parts (max 1024)
deny
condition = ${if eq {$mime_content_type}{message/partial}{yes}{no}}
message = MIME error: MIME type message/partial not allowed here
deny
condition = ${if >{${strlen:$mime_filename}}{255}{yes}{no}}
message = MIME error: Proposed filename exceeds 255 characters
deny
condition = ${if >{${strlen:$mime_boundary}}{76}{yes}{no}}
message = MIME error: MIME boundary length exceed 76 characters
deny
condition = $mime_is_multipart
condition = ${if eq{$mime_boundary}{}{yes}{no}}
message = MIME error (Empty MIME Boundary)
thanks,
mikeS
--
Michael F. Sprague | mfs@???
http://www.saneinc.net | System and Network Engineering (SaNE), Inc
Providers of the SpamOnion anti-spam service
