>Finer granularity on the codes isn't available yet, although in the future
>that may change. When I implemented this it wasn't obvious to me how to let
>the user define more codes in a sensible fashion: how should I deal with the
>case when both problem A and problem B occur? A bit-wise approach would
>work (A=1, B=2, C=4, ABC=7), but limit my options to reporting at most 7 or
>8 different kinds of problems. I'm still thinking about this.
I am interested in using your sanitizer on mailing lists, as opposed to my
own personal email. I run announcement lists, like joke of the day, where
one person sends email to lots of people. And discussion groups, like this
list, where any member can post a message.
The requirements for a mailing list seem to be a bit different from
filtering personal email, and here are some observations that might
highlight the differences.
The concept of scoring email, and having thresholds does not seem to apply.
I would prefer to be conservative and reject any email back to the sender
that violates any of the rules. I think I can do that by making the
score_bad and score_panic values very low.
Probably the first thing I want to do is reject any messages that have
filenames of known viruses. It looks like your "drop" with the exclamation
point at the end will accomplish this quite nicely. The ability to have an
external file of known poisoned files would be a plus.
The second big concern is active HTML, and again it looks like you have
this covered pretty well. I have some lists that send out text/plain
email, but the body of the email message contains HTML code snippets. For
example, a list teaching people how to code up web pages. In those cases,
I do not want those code snippets to trigger the defanging.
I would like to drop/panic any message containing a uuencoded file, as
there is very little need for uuencoded files to be sent to a mailing list.
I'm not sure how to make your system do that.
The ability to let thru some files, like gif and jpeg files is nice, and
your system seems to support that nicely. I have run into some cases where
Windows sends an attachment containing some sort of background stationary
graphic, and I think these are identified with a content type of CTE base64.
As far as digital signatures, I want to strip those signatures, while
allowing the message to pass thru (assuming the rest of the message meets
the criteria). This allows people in discussion groups to post messages
without having to remember to turn off their signature. I also want to
strip stuff like those ms-tnef and x-vcard crap stuck on by Microsoft and
Netscape browsers. Those sort of attachments can be identified by the
Content-Type headers, but I have not seen how to use your system to drop
The known problems with size limits on mime headers and file name
attachments, and I am not sure if your system can reject long file names
attachments or not.
I am in the process of integrating your system into my Smartlist based
mailing lists system, and I am optimistic that your system will plug some
of the security holes out there.
Thanks for the code and the support.
-- This mailing list's home page is: http://mailtools.anomy.net/archives/anomy-list/ There you can find subscription instructions and possibly an archive. Molar.is is a free Icelandic mailing list service.