bug-mailfromd

Re: [Bug-mailfromd] attachment filtering / removal

To: Sergey Poznyakoff <gray@xxxxxxxxxx>
Subject: Re: [Bug-mailfromd] attachment filtering / removal
From: Marc <Marc@xxxxxxxxxxxxxxxxx>
Date: Mon, 20 May 2024 08:47:05 +0000
Authentication-results: gnu.org.ua; spf=pass (gnu.org.ua: domain of f1-outsourcing.eu designates 87.233.156.135 as permitted sender); dkim=pass; header.i=@roosit.eu header.s=rsa header.b=tarX7JjY
Cc: "bug-mailfromd@xxxxxxxxxx" <bug-mailfromd@xxxxxxxxxx>
Dkim-signature: v=1;a=rsa-sha256;d=roosit.eu;s=rsa;c=relaxed/relaxed; q=dns/txt; h=From:From:Reply-To:Reply-To:Subject:Subject:Date:Date:To:Cc:Resent-Date :Resent-From:Resent-To:Resent-Cc:In-Reply-To:References:List-Id:List-Help :List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=exV4e151KN1ncpvdOeh7m+iHupf/hyAvbxx/rnCX1Gc=; b=tarX7JjY07fgLXcwucWPzwvcHWpjc86Q7W59htjdQdXua8sxYDNpgiQkrm3yQ+e8bZ4W73F6/1t3 Lnddj+6c4TVmD8RqU9D/2ADw5ucyU+R/6XsPCE2bxH1ZdE1TIIhVD7d0fxws+dZ5M0XfP8YXFzXymK +qIBouX09uMnouXTZSkf/5oC0QSJnNH3FCC0iYj9xp8gZDJx2yBmkyAjlED7gUhl2hZM6xBo0PTpfv gvdBhhKpZvt1O7QfZb04QOPfn0o+y6yjB+HEJZGhd6i805u0U4PKBuXgsrgM42Ah/7uUXv9ZIqRF7+ RxQocnjaxRR2gFcCNS5S9QldeMzHd7Ag==;
In-reply-to: <20240520093940.25416@pirx.gnu.org.ua>
References: <f0cf4fe8c7b247b7a22040eeab4d152f@f1-outsourcing.eu> <4f9443d06ae84ee9919abcc9ac0353ad@f1-outsourcing.eu> <20240520093940.25416@pirx.gnu.org.ua>
Thread-index: Adqj46Kc12umhXa6TlyFwpDOYHCaxgGWAVCwABNPZXIAAPTH4A==
Thread-topic: [Bug-mailfromd] attachment filtering / removal

> 
> > >
> > > Can you advise on some best practice for rejecting messages having
> > > attachments with specific file extensions?
> > >
> 
> Use current_message[1] to get the descriptor of the message.  Use
> message_count_parts[2] to obtain the number of MIME parts in the
> message, and iterate over them.  For each part, obtain its descriptor
> using message_get_part[2], and inspect the value of
> "Content-Disposition" and "Content-Type" headers using
> message_find_header[3]
> function.  You might need to unfold[4] these values before using them.
> In order to get the attachment file name, refer to discussions of these
> headers in RFC 1806[5] and 1521[6], correspondingly.
> 
> This all should be done in prog eom.  Furthermore, notice that MIME
> parts can be nested, so that this process is inherently recursive:
> the function that iterates over message parts is supposed to call
> itself when it encounters a message part of type "multipart/*".  It
> would be wise to limit the recursion depth somehow.  Finally, it is
> obvious that the process might be quite resource-consuming: you might
> need to tune your stack size[7] in order to silent expansion warning
> messages.
> 
> [1] https://www.gnu.org.ua/software/mailfromd/manual/Current-Message-
> Functions.html
> [2] https://www.gnu.org.ua/software/mailfromd/manual/MIME-functions.html
> [3] https://www.gnu.org.ua/software/mailfromd/manual/Header-
> functions.html
> [4] https://www.gnu.org.ua/software/mailfromd/manual/Mail-header-
> functions.html
> [5] https://www.rfc-editor.org/rfc/rfc1806.html
> [6] https://www.rfc-editor.org/rfc/rfc1521
> [7] https://www.gnu.org.ua/software/mailfromd/manual/stacksize.html


Thanks again very much! Perfect blueprint for implementing. I guess eom is parsing the whole message not? I am currently experimenting with dkim in eom from the example. So I guess adding this is not giving me extra overhead? I have sometimes quite large attachments, so maybe good if I can try and limit parsing the whole message.

switch dkim_verify(current_message())

I was also thinking of maybe checking if clamav can just reject on file extensions. I already have that running.

Follow-Ups:
- Re: [Bug-mailfromd] attachment filtering / removal
  - From: Sergey Poznyakoff

References:
- [Bug-mailfromd] attachment filtering / removal
  - From: Marc
- Re: [Bug-mailfromd] attachment filtering / removal
  - From: Marc
- Re: [Bug-mailfromd] attachment filtering / removal
  - From: Sergey Poznyakoff

Prev by Date: Re: [Bug-mailfromd] attachment filtering / removal
Next by Date: [Bug-mailfromd] proper use of dkim verify
Previous by thread: Re: [Bug-mailfromd] attachment filtering / removal
Next by thread: Re: [Bug-mailfromd] attachment filtering / removal
Index(es):
- Date
- Thread