|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ulisses T V Guedes (utvg
terra.com.br)Date: Tue Jun 04 2002 - 06:58:45 CDT
Wietse Venema wrote:
> Your patch does not work. Demonstration:
>
> From: sender
> To: recipient
> Subject: demo 1
> Content-Transfer-Encoding: base64
> Content-type: text/plain
>
> ..base64 encoded stuff..
>
> You would not reject the base64 encoded mail.
It depends of main.cf parameters. It works under the
"mime_header_checks" if mime_header_checks and nexted_header_checks were
defined and under "header_checks" if they are undefined. Checking again ....
Testing under the following parameters (main.cf):
strict_mime_domain_encoding = yes
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = $mime_header_checks
header_checks = regexp:/etc/postfix/header_checks
and (following the sequence that the headers appear...)
/etc/postfix/mime_header_checks:
/content-transfer-encoding: base64/ NEXTB
/content-type: text\/plain/ ENDNEX blocked by mime_header
/etc/postfix/header_checks:
/content-transfer-encoding: base64/ NEXTB
/content-type: text\/plain/ ENDNEX blocked by header_checks
[utvgtorrinha utvg]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 torrinha.dt.guri.eti.br ESMTP
helo localhost
250 torrinha.dt.guri.eti.br
mail from: <utvg>
250 Ok
rcpt to: <utvg>
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: sender
To: recipient
Subject: demo 1
Content-Transfer-Encoding: base64
Content-Type: text/plain
bla
.
550 Error: blocked by mime_header
quit
221 Bye
Connection closed by foreign host.
Under this main.cf parameters mime_header_checks matches are prefered
over header_checks.
Commenting the lines ....
strict_mime_domain_encoding = yes
#mime_header_checks = regexp:/etc/postfix/mime_header_checks
#nested_header_checks = $mime_header_checks
header_checks = regexp:/etc/postfix/header_checks
and repeating the same test I got:
550 Error: blocked by header_checks
So, mime_header_check matches is overwriting header_check when the first
is defined... the evaluations preference is managed by main.cf
parameters and may affect the results. It also occurs for a simple match
Ex. inserting /Content-Type: text\/html/ REJECT
in "header_checks" will reject the mesage only if those parameters are
undefined (using default values). When mime_ and nested_ are defined,
the expression must go in file defined by "mime_header_check". Is a
postfix-1.1.11-20020602 (problem?/feature?).
>
> Here is another demo:
>
> From: sender
> To: recipient
> Subject: demo 2
> Content-Transfer-Encoding: 7bit
> Content-type: message/multipart; boundary=foobar
>
> --foobar
> Content-Transfer-Encoding: 7bit
>
>>>>>Content-type: text/plain
>>>>>
>
> Mary had a little lamb
>
> --foobar
>
>>>>>Content-transfer-encoding: base64
>>>>>
> Content-type: image/jpeg
>
> ..base64 encoded stuff here..
>
> --foobar--
>
> By matching the lines indicated with >>>>, you would incorrectly
> reject the image/jpeg portion.
This failure hapen because the patch does not check if the line matched
by NETXB is near enough to another (pointer+size of line NEXTB = pointer
of line ENDNEX, problem detected but not yet fixed).
Thanks.
Ulisses
>
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]