[Mimedefang] Question for the HOWTO page
Paul Murphy
pjm at ousekjarr.org
Tue Jan 31 06:50:33 EST 2006
Philip,
> I was wondering about making the following
> change to the stock mimedefang-filter:
>
> if (filter_bad_filename($entity)) {
> md_graphdefang_log('bad_filename', $fname, $type);
> # return action_drop_with_warning("An attachment named $fname was
> removed from this document as it\nconstituted a security hazard. If you
> require this document, please contact\nthe sender and arrange an
> alternate means of receiving it.\n");
> return action_bounce("Message rejected; an attachment named
> $fname of\ndubious nature was found in this message.\nContact the
> postmaster if this was a legitimate transfer.\n");
> }
>
>
> Or we could make the code switched on a variable, such as
> "$extreme_paranoia" ;-)
These are policy decisions, which vary enormously from one site to another.
Most people will have to edit the stock filter in several places to reflect
their policy - for example I reject (5xx) incoming spam rather than bouncing
it (in most cases it came from a zombie PC or open relay, so why waste my
bandwidth sending a bounce?). Others will insist that it has to be a bounce,
others still want it to be flagged but delivered, and so on.
The stock filter has a non-dangerous set of defaults. If the change you
proposed was included in the stock filter, many sites would be bouncing
important files with no indication to the recipient that anything was going
wrong.
By all means do it in your own filter, but leave the stock filter alone.
Best Wishes,
Paul.
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.25/246 - Release Date: 30/01/2006
More information about the MIMEDefang
mailing list