From: Wietse Venema (wietseporcupine.org)
Date: Thu Feb 01 2007 - 09:57:48 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Robert Schetterer:
> > Incompatible changes with Postfix 2.3.7
> > ---------------------------------------
> >
> > Postfix no longer inserts an empty-line header/body separator into
> > malformed MIME attachments, to avoid breaking digital signatures.
> >
> > This change introduces ambiguity. Postfix still treats the remainder
> > of the attachment as body content; header_checks rules will therefore
> > not detect forbidden MIME types inside a message/rfc822 attachment.
> >
> > With the empty-line header/body separator no longer inserted by
> > Postfix, other software may process the malformed attachment
> > differently, and thus may become exposed to forbidden MIME types.
>
> Hi ll
> please corect me if iam wrong
> just a small understanding question
>
> changes 20070112
> "will not" break such rules in body_checks
>
> /^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\
> *"?.*\.(lnk|asd|ocx|reg|bat|c[ho]m|cmd|exe|dll|.....etc
>
> should i be aware of other bugs with filters like clamsmtp, spampd etc
> with this change

As documented they DID NOT work in a MALFORMED attachment and they
STILL DO NOT work in a MALFORMED attachment.

        Wietse

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]