I use MIMEDefang to munge e-mail passing through my mail servers. The following are notes on how to configure MIMEDefang to perform various checks and alter e-mail as needed.
- Forged Sender Checking with MIMEDefang. Shows how to use md_check_against_smtp_server to make a reverse check of the sender against the incoming e-mail server for the domain in question.
- Passing sendmail macros to MIMEDefang. Includes notes on how to setup the %SendmailMacros early for use in routines like filter_recipient.
- Forthcoming notes on doing Sender Permitted From (SPF) checks via MIMEDefang.
- Using Clam AntiVirus (clamav) with MIMEDefang.
Content-Disposition
MIMEDefang's action_replace_with_url() function moves specified attachments onto a webserver. The filename used is based on a digest value of the file contents, and not the original filename. To preserve the original filename, both MIMEDefang and the webserver will need to be modified.
- Patch mimedefang.pl.in.
- Webserver configuration.
- Configure mimedefang-filter.
- Cleanup /var/tmp/defang.
This patch is already included with MIMEDefang 2.34 and above.
Apply the content-disposition.patch before running ./configure in the MIMEDefang source directory. This patch updates action_replace_with_url() to save the original filename to a dot file named after the digest name in question. For instance, the file Crypto.1600x1200.png would result in two files being written to the webserver area, one with the original filename.
$ ls .304* 304*
.3047913f36e9230ffca5c33ea2cf35feec8a2969.png
3047913f36e9230ffca5c33ea2cf35feec8a2969.png
$ cat .304*
Crypto.1600x1200.png
Various methods can be used to have a webserver add the Content-Disposition header in with the custom filename. If the server had mod_perl support, use the AddContentDisposition.pm module to add the data in on the fly. A configuration section for apache would look something like the following.
Alias /foo/ "/var/tmp/defang/"
<Directory "/www/defang/">
PerlTypeHandler Apache::AddContentDisposition
Options None
AllowOverride None
<Limit GET POST OPTIONS PROPFIND>
Order Allow,Deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order Deny,Allow
Deny from all
</LimitExcept>
</Directory>
Also ensure the MIMEDefang user has write access to the /var/tmp/defang directory, and that the apache user has read access to files therein. For a non-user access system, the easiest is to set the group to defang and let the apache user read the files under the other category.
# mkdir -p /var/tmp/defang
# chown root:defang /var/tmp/defang
# chmod 1775 /var/tmp/defang
Code will need to be added to the MIMEDefang filter file that specifies which attachments are to be moved to the website. Be sure to pass the filename to be served by the webserver as the fifth argument. See mimedefang-filter(5) for more information on how to code action_replace_with_url() properly.
return action_replace_with_url(
$entity,
"/var/tmp/defang",
"http://sial.org/foo",
($fname? "\"$fname\"" : "Attachment").
" (".humanize($size).") relocated:\n\n_URL_",
$fname # extra data to save
);
Depending on the attachments that get written to the website, they may need to be cleaned up by a periodic script such as tmpwatch or similar.
