From: Lars Hecking (lhecking at domain nmrc.ie)
Date: Sat 06 Jul 2002 - 17:50:19 IST
> I'm running postfix on a gateway... but people are saying to us that the
> exchange clients are vulnerable to various 'presumably automatically'
> executed mime types... which is true, but unless we move away from exchange
> 'which I have been arguing for for about 8 months now' we will always have
> this type of problem.
>
> But a guy from a security company is trying to pitch a seperate server as a
> mime type filterer...
> My question is, shouldn't it be possible to filter out mime types on postfix
> on my gateway 'before' it gets forwarded to the exchange server ... perhaps
> something like
> http://pagesperso.erasme.org/michel/piktpages/setups/postfix.php3 .
>
> Someone must have done this kind of thing already... so what is the general
> wisdom on such things?
Filtering on file extensions via body_checks is certainly the easiest and
simplest way to do this. Check out the postfix-users archive for example
regexps which are well thought-out (it is easily possible to bog down a
postfix server with inefficient regexps). The disadvantage is that such
regexps only catch filenames that are not encoded in some strange charater
set. See http://www.security.nnov.ru/advisories/content.asp for details.
Another approach can be taken by using postfix content_filter and perform
a more detailed analysis on attachments, e.g. the way amavis is doing it
(decompose MIME messages, unpack compressed files based on file magic
instead of extension, the scan for viruses).
In brief, a separate server is hardly ever necessary for this type of work,
but it may make sense if you have a large traffic volume.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:43 GMT