From: paul.ockleford on 8 Jun 2010 07:04 Hi, Hopefully someone on this list can help me out. I am trying to set up mime-header checking to only allow through emails with a particular file extension, that is I want to block any email without this attachment type or any other attachment type. I have created the map file with postmap and it picks up my regexp ok, when I send emails through and look in the mail log though it warns on all emails and it also appears to be matching on other lines in the header such as Content-Transfer-Encoding, below are the regexp's I have tried and also the extract from my mail log. I would be grateful if anybody is able to offer some assistance. mime_header_checks #!/^\s*Content-(Disposition|Type).*name\s*=\s*"{1,1}.+\.(ecf)"{1,1}\s*$/!/name=[^>]*\.(ecf)/ WARN Would normally reject this message #!/^[[:space:]]*content-(type|disposition):.*name[[:space:]]*=.*\.(ecf)/ # WARN Bad attachment file name extension /var/log/maillog extract Jun 8 11:46:57 hriapp1 postfix/cleanup[10213]: 5CB123D8499: message-id=<494C599007DDA542A4811051B82E39DA540A7F603D(a)NHS-PCLI-MBC015.AD1.NHS.NET> Jun 8 11:46:57 hriapp1 postfix/cleanup[10213]: 5CB123D8499: warning: header Content-Type: multipart/alternative;??boundary="_000_494C599007DDA542A4811051B82E39DA540A7F603DNHSPCLIMBC015_" from unknown[xx.xx.xx.xx]; from=<paul.ockleford(a)nhs.net> to=<xx.xx(a)xx.xx.uk> proto=SMTP helo=<relay.xx..uk>: Would normally reject this message Jun 8 11:46:57 hriapp1 postfix/cleanup[10213]: 5CB123D8499: warning: header MIME-Version: 1.0 from unknown[xx.xx.xx.xx]; from=<xx.xx(a)xx.net> to=<xx.xx(a)xx.xx.uk> proto=SMTP helo=<relay.xx.uk>: Would normally reject this message Jun 8 11:46:57 hriapp1 postfix/cleanup[10213]: 5CB123D8499: warning: header Content-Type: text/plain; charset="us-ascii" from unknown[xx.xx.xx.xx]; from=<xx.xx(a)xx.net> to=<xx.xx(a)xx.xx.uk> proto=SMTP helo=<relay.xx.uk>: Would normally reject this message Jun 8 11:46:57 hriapp1 postfix/cleanup[10213]: 5CB123D8499: warning: header Content-Transfer-Encoding: quoted-printable from unknown[xx.xx.xx.xx]; from=<xx.xx(a)xx.net> to=<xx.xx(a)xx.xx.uk> proto=SMTP helo=<relay.xx.uk>: Would normally reject this message Jun 8 11:46:57 hriapp1 postfix/cleanup[10213]: 5CB123D8499: warning: header Content-Type: text/html; charset="us-ascii" from unknown[xx.xx.xx.xx]; from=<xx.xx(a)xx.xx> to=<xx.xx(a)xx.xx.uk> proto=SMTP helo=<relay.xx.uk>: Would normally reject this message Jun 8 11:46:57 hriapp1 postfix/cleanup[10213]: 5CB123D8499: warning: header Content-Transfer-Encoding: quoted-printable from unknown[xx.xx.xx.xx]; from=<xx.xx(a)xx.xx> to=<xx.xxs(a)xx.xx.uk> proto=SMTP helo=<relay.xx.uk>: Would normally reject this message Thanks, Paul ******************************************************************************************************************** This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail ********************************************************************************************************************
From: Simon Waters on 8 Jun 2010 07:17 On Tuesday 08 June 2010 12:04:36 Ockleford Paul (NHS Connecting for Health) wrote: > I would be grateful if anybody is able to offer some assistance. > > mime_header_checks > > #!/^\s*Content-(Disposition|Type).*name\s*=\s*"{1,1}.+\.(ecf)"{1,1}\s*$/!/n >ame=[^>]*\.(ecf)/ WARN Would normally reject this message > #!/^[[:space:]]*content-(type|disposition):.*name[[:space:]]*=.*\.(ecf)/ > # WARN Bad attachment file name extension > I have one scrounged from the list: regexp:headercheck /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(cpl|asd|hlp|ocx|reg|bat| c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))"? \s*$/ REJECT Attachment type not allowed. File "$2" has the unacceptable extension "$3" Which is tested in battle. There is an example for pcre in the Postfix docs. http://www.postfix.org/header_checks.5.html Isn't immediately apparent why your regexp fails to me, but I'd suggest not reinventing regexp here. Be careful to distinguish if it is regexp: or pcre: Simon
From: Wietse Venema on 8 Jun 2010 08:16 Ockleford Paul (NHS Connecting for Health): > Hi, > > Hopefully someone on this list can help me out. I am trying to > set up mime-header checking to only allow through emails with a > particular file extension, that is I want to block any email > without this attachment type or any other attachment type. First, you need to ensure that the rule is applied only to Content-Type/Disposition headers and not to other MIME headers. Second, negative matching can be tricky. It may be easier to eliminate the good cases first, as shown below. Untested PCRE example: if /^Content-(Disposition|Type):/ /name\s*=\s*"?(.*(\.|=2E)(aaa|bbb))(\?=)?"?\s*(;|$)/x DUNNO /./ REJECT Attachment name must end in ".aaa" or ".bbb" endif Wietse
From: paul.ockleford on 8 Jun 2010 08:30 Ok thanks, I'm not sure I completely understand the syntax of the perl reg ex. Do you know why even testing the example I was sent through this user list it still applies the reg ex to other mime headers? I understood that this expression was tested in production by users but when I look in my mail log I still see the check being applied to other mime headers. Is this something to do with the negative matching aspect? Paul -----Original Message----- From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of Wietse Venema Sent: 08 June 2010 13:16 To: Postfix users Subject: Re: Setting mime-header checking Ockleford Paul (NHS Connecting for Health): > Hi, > > Hopefully someone on this list can help me out. I am trying to > set up mime-header checking to only allow through emails with a > particular file extension, that is I want to block any email > without this attachment type or any other attachment type. First, you need to ensure that the rule is applied only to Content-Type/Disposition headers and not to other MIME headers. Second, negative matching can be tricky. It may be easier to eliminate the good cases first, as shown below. Untested PCRE example: if /^Content-(Disposition|Type):/ /name\s*=\s*"?(.*(\.|=2E)(aaa|bbb))(\?=)?"?\s*(;|$)/x DUNNO /./ REJECT Attachment name must end in ".aaa" or ".bbb" endif Wietse ******************************************************************************************************************** This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail ********************************************************************************************************************
From: Wietse Venema on 8 Jun 2010 09:01 Ockleford Paul (NHS Connecting for Health): > Ok thanks, I'm not sure I completely understand the syntax of the perl reg ex. > > Do you know why even testing the example I was sent through this > user list it still applies the reg ex to other mime headers? I > understood that this expression was tested in production by users > but when I look in my mail log I still see the check being applied > to other mime headers. Is this something to do with the negative > matching aspect? You could burn more taxpayer money wondering why some example did not work out, or you could use my example that by design does not match other MIME headers. Wietse > Paul > -----Original Message----- > From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of Wietse Venema > Sent: 08 June 2010 13:16 > To: Postfix users > Subject: Re: Setting mime-header checking > > Ockleford Paul (NHS Connecting for Health): > > Hi, > > > > Hopefully someone on this list can help me out. I am trying to > > set up mime-header checking to only allow through emails with a > > particular file extension, that is I want to block any email > > without this attachment type or any other attachment type. > > First, you need to ensure that the rule is applied only to > Content-Type/Disposition headers and not to other MIME headers. > > Second, negative matching can be tricky. It may be easier to > eliminate the good cases first, as shown below. > > Untested PCRE example: > > if /^Content-(Disposition|Type):/ > /name\s*=\s*"?(.*(\.|=2E)(aaa|bbb))(\?=)?"?\s*(;|$)/x DUNNO > /./ REJECT Attachment name must end in ".aaa" or ".bbb" > endif > > Wietse > > > ******************************************************************************************************************** > > This message may contain confidential information. If you are not the intended recipient please inform the > sender that you have received the message in error before deleting it. > Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: > to do so is strictly prohibited and may be unlawful. > > Thank you for your co-operation. > > NHSmail is the secure email and directory service available for all NHS staff in England and Scotland > NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients > NHSmail provides an email address for your career in the NHS and can be accessed anywhere > For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail > > ******************************************************************************************************************** > > >
|
Next
|
Last
Pages: 1 2 Prev: TLS smtp_tls_CApath and /etc/ssl/certs Next: unable to telnet localhost 25 |