[Mimedefang] Request for suggestions: releasing quarantined messages
David F. Skoll
dfs at roaringpenguin.com
Fri May 3 12:45:56 EDT 2002
On Fri, 03 May 2002 10:30:46 -0600 "Ashley M. Kirchner"
<ashley at pcraft.com> wrote:
> So, I need of a way where the recipient would get the quarantine
> message (easy to do), and some solution for them to trigger that
> message to come through should they want it. Now, David said
> authorizing messages through email (via an X-Header flag) is a bad
> idea because mail can be easily spoofed. I agree with this. So what
> other solutions are there, short from coding some type of (web?)
> interface that would allow said recipient to discard/authorize or
> whatever?
My thoughts: When you quarantine the entire message, create a file
in the quarantine directory called HASH which contains the SHA1 hash
of the message and some secret (no error checking in example below:)
if ($condition) {
action_quarantine_entire_message();
my($ctx, $chunk, $hash);
$ctx = Digest::SHA1->new;
$ctx->add("MyVerificationSecret");
open(IN, "<INPUTMSG");
read IN, $chunk, 16384;
$ctx->add($chunk);
close(IN);
open(OUT, ">$QuarantineSubdir/HASH");
$hash = $ctx->hexdigest;
print OUT "$hash\n";
close(OUT);
# Send a message to recipient(s) that they can release
# $QuarantineSubdir if they supply $hash
}
The "hash" file contains a hash which people cannot guess unless they
(1) know your verification secret and the first 16KB of the message, or
(2) can break SHA1. :-) (You need the verification secret; otherwise,
the sender of the message could release it...)
Then have a little Perl script which listens for "release" requests.
The request looks something like this:
Subject: RELEASE /var/spool/MIMEDefang/qdir-xxx ab7b345ba7b7b...
where "/var/.../qdir-xxx" is the quarantine directory, and "ab7b345ba7b7b..."
is the hash. If the hash matches, release the message.
It's a few hours of Perl scripting.
Regards,
David.
More information about the MIMEDefang
mailing list