[Mimedefang] MIMEDefang

[David F. Skoll]

On Fri, 23 Nov 2001, Manjunath H.N wrote:

> Suppose sam or jack send a message with an attachment
> to some other domain say to a yahoo account I want a
> condition such that whenever the users jack or sam try
> to send a message an alert has to be sent to peter
> saying that an attachment is being sent by such a
> person and peter must decide whether or not the mail
> with the attachment can be sent or not depending on
> the contents of the attachment.

> This is for a strict security purpose in my comapny
> bcos all mails going out should be checked for this.

Let me preface this by saying that any feeling of security you
get from this is completely illusory.  I can think of half a dozen
ways off the top of my head to defeat this, from sending attachments
as uuencoded entities and encrypting the whole message, to simply
uploading the attachments to a Hotmail-style webmail service and
sending them that way.  In other words, I do not think it's worth
the trouble to implement this.

Having said that, if you still want to do it, the setup is rather
complicated:  Your filter must check the sender and message criteria,
and save messages away in some spool area (copy "./INPUTMSG" somewhere
safe.)  You then have to send the alert to the manager.  The manager
must have some mechanism for freeing the message from the spool area
and re-mailing it.  You'll need a different sendmail configuration file
for re-mailed messages, because obviously you do NOT want them processed
again by MIMEDefang.

Like I said:  Fairly complicated, and maybe not worth the effort.

--
David.