OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Sendmail vs *.vbs
From: Gert-Jan Hagenaars (gjHAGENAARS.COM)
Date: Mon May 08 2000 - 13:09:43 CDT

Apparently, Todd Garrison wrote:
% I was really bummed when I saw how they did it... I want to be able to
% block all *attachments* that have the string .vbs in the name - I don't
% want to rely on subject headers alone, but I haven't quite figured out
% how yet. I played with my .mc/.cf configs in sendmail for about six
% hours trying to get it to play nice, but the problem seems to be that
% all the different mailers describe their attachments differently. I
% must be pretty thick in the head, but the fact that I know others want
% to do the same thing and I have yet to see a filter that does it (in
% sendmail that is) bums me out.
%
% I could just use procmail, but that only seems to work for local
% delivery and is not any good for a relay server (for example - reducing
% the risks of running MS-Exchange as the front-line mail exchanger on the
% internet by relaying through sendmail). Maybe I am wrong on this though
% - can procmail be configured to process mail that isn't delivered locally?
%
% Any sendmail gurus out there that can help enlighten us lesser beings?

I'm no sendmail guru, not by a long shot, but in the scenario you
describe, provided you're willing to do put some time into it, I think
this can work.

Set up all your local users with their own home directory on your relay
host (this means you have an extra layer of system administration for
your email to look after). Write a procmail rule that looks for the
attachments and strips them out when a mail is about to be delivered to
a local user (via procmail), and then make sure that procmail does _not_
write the mail to a mailbox, but forwards it to your MS-Exchange box.

Ok, after writing this I did a little search and found the following
site that has all the good stuff.

http://www.wolfenet.com/~jhardin/procmail-security.html

CHeers,
Gert-Jan. 

--
+++++++++++++ -------- +++++ --- ++ - +0+ + ++ +++ +++++ ++++++++ +++++++++++++
sed '/^[when][coders]/!d         G.J.W. Hagenaars -- gj at hagenaars dot com
    /^...[discover].$/d          Remembering Mike Carty 1968-1994
   /^..[real].[code]$/!d         UltrixIrixAIXHPUXSunOSLinuxBSD, nothing but nix
' /usr/dict/words                I'm Dutch, what's _your_ excuse?