|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: mail filtering tool --- audit needed please!
From: Bennett Todd (bet
rahul.net)Date: Thu May 04 2000 - 22:35:45 CDT
- Next message: Ralf Hildebrandt: "Re: pop3d smtpd"
- Previous message: Bennett Todd: "Re: /Content.*LOVE-LETTER-FOR-YOU.TXT.vbs/ REJECT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I think I've written the heart of the thing.
I did it in as little C as I could manage, as carefully as I could
figure out. I've tried to test carefully, it seems to be working
right. But of course testing is no good for finding exploitable
buffer overflows and so forth, and an email-handling tool is
bodaciously security critical.
This built on Red Hat 6.2beta Linux with PCRE 3.1, as far as I know
it should be portable elsewhere; I tried to stick to Posix standard
interfaces except of course for PCRE.
I've not yet waded into the details of Lars' doc to figure out how
to set up the two postfixes that this thing would live between; I
expect I'll need to do something smart with cmdline args, or with
extra envars, and explicitly popen sendmail to send messages on when
they pass the tests.
But this should be very nearly there.
My key goal is that the common case --- messages smaller than MAXMSG
(default 1MB, overridable at compile time or by envar) that _don't_
match any pattern --- should require only this one tiny C program
execution and no extra file I/O. It just sluurps the whole message
in, checks it against the patterns, and spits it out. If the message
is too big to fit in the buffer, or it contains a match, mailfilt
simply deposits it into a file for something else to chew on. I
figure once I figure out how to insert this thing in between a pair
of postfixes, I'll write a little Perl daemon that'll keep an eye
on the reject dir, and when files get deposited there it'll pick
'em up and decide what to do with them. I still like the idea of
forwarding messages that contain suspicious patterns on to their
original intended recipient, defanged. Now that I think about it
I'll need to use a write-to-tmpname and rename to communicate to the
daemon when the file is actually finished writing and ready to pick
up, grrh. That'll come tomorrow, I'm going to sleep.
Anybody who can spare me the time, I'll appreciate it if you give
the code a read and tell me if you see anything in it that smells
like a bug. I'll appreciate it plenty enough to include you in the
README and in the AUTHOR section of the manpage:-).
-Bennett
- application/x-gzip attachment: mailfilt-1.0.tar.gz
- application/pgp-signature attachment: stored
- Next message: Ralf Hildebrandt: "Re: pop3d smtpd"
- Previous message: Bennett Todd: "Re: /Content.*LOVE-LETTER-FOR-YOU.TXT.vbs/ REJECT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]