This example lists the MIME media types and file extensions this program is to consider potentially harmful.
DEBUG=1 BAD_MIME_TYPES=application/vbscript BAD_FILE_TYPES=bat,com,dll,exe,vb,vbs
The example that follows is the text of a sample input message the program in Example 5–2 is to process. The second message part is a file attachment. The attached file name is trojan_horse.vbs. Consequently when this message is processed by the channel, it should remove the attachment as the file extension .vbs is in the list of harmful file extensions. The sample program replaces the attachment with a text attachment indicating the content has been deleted.
Received: from [22.214.171.124] ([126.96.36.199]) by frodo.siroe.com (Sun Java System Messaging Server 6 2004Q2 (built Apr 7 2003)) with SMTP id <0HD7001023OYDA00@frodo.siroe.com\> for for email@example.com; Fri, 11 Apr 2003 13:03:23 -0700 (PDT) Date: Fri, 11 Apr 2003 13:03:08 -0700 From: firstname.lastname@example.org Subject: test message Message-id: <0HD7001033P1DA00@frodo.siroe.com\> Content-type: multipart/mixed; boundary=BoundaryMarke --BoundaryMarker Content-type: text/plain; charset=us-ascii Content-disposition: inline This is a test message! --BoundaryMarker Content-type: application/octet-stream Content-disposition: attachment; filename="trojan_horse.vbs" Content-transfer-encoding: base64 IyFQUwoxMDAgMTAwIG1vdmV0byAzMDAgMzAwIGxpbmV0byBzdHJva2UKc2hvd3Bh Z2UK --BoundaryMarker--
The MTA SDK is explicitly initialized. This call is not really necessary as the MTA SDK will implicitly initialize itself when mtaDequeueStart() is called. However, for debugging purposes, it can be useful to make this call at the start of a program so that an initialization failure will show clearly in the diagnostic output. If the call is omitted, initialization failure will be less obvious. The failure will still be noted in the diagnostic output, but it will be obscured through the routine call that triggered implicit initialization.
Channel options are loaded via a call to the load_options() routine. That routine is part of this example and, as discussed later, uses the SDK routines for obtaining channel option values from the channel’s option file.
The message dequeue processing loop is initiated with a call to mtaDequeueStart().
For each queued message to be processed, process_message() will be called by mtaDequeueStart().
A message enqueue is started. This enqueue is used to re-enqueue the queued message currently being processed. As the message is processed, its non-harmful content will be copied to the new message being enqueued.
The envelope recipient list is copied from the queued message to the new message being enqueued.
Since this is an intermediate channel, that is, it doesn’t effect final delivery of a message, successful processing of a recipient address is associated with a disposition of MTA_DISP_RELAYED.
After processing the message’s envelope, mtaDecodeMessage() is invoked to decode the message, breaking it into individual MIME message parts. mtaDecodeMessage() is told to use the current dequeue context as the input source for the message to decode. This supplies the queued message being processed as input to the MIME decoder. Further, the current enqueue context is supplied as the output destination for the resulting message. This directs mtaDecodeMessage() to output the resulting parsed message to the message being enqueued, less any harmful attachments that are explicitly deleted by the inspection routine. The routine decode_inspect() is supplied as the inspection routine. If the call to mtaDecodeMessage() fails, the CHECK() macro causes the queued message to be deferred and the message enqueue to be cancelled.
After a successful call to mtaDecodeMessage(), the message enqueue is committed. It is important that this be done before committing the dequeue. If the operation is done in the other order– dequeue finish followed by enqueue finish– then mail may be lost. For example, the message would be lost if the dequeue succeeds and then deletes the underlying message file before the enqueue, and then the enqueue fails for some reason, such as insufficient disk space.
The inspection routine, decode_inspect(). This routine checks the MIME header lines of each message part for indication that the part may contain harmful content.
Message parts with harmful content are discarded with a call to mtaDecodeMessagePartDelete(). The discarded message part is replaced with a text message part containing a warning about the discarded harmful content.
Message parts with safe content are kept by copying them to the output message with mtaDecodeMessagePartCopy().
Using the configured channel options, this routine determines if a message part’s media type is in the list of harmful types.
Using the configured channel options, this routine determines if a filename appearing in the MIME header lines has an extension considered harmful.
The load_options() routine is used to load the channel’s site-configured options from a channel option file.
The channel option file, if any, is opened and read by mtaOptionStart(). Since an explicit file path is not supplied, the file path specified with the PMDF_CHANNEL_OPTION environment variable gives the name of the option file to read.
After loading the channel’s options, the option file context is disposed of with a call to mtaOptionFinish().
The example that follows shows the output generated by the MIME decoding program found in Example 5–2.
Received: from sesta.com by frodo.siroe.com Sun Java System Messaging Server Version 6 2004 Q2(built Apr 7 2003)) id <0HDE00C01BFK6500@frodo.siroe.com\> for email@example.com; Tue, 11 Apr 2003 13:03:29 -0700 (PDT) Received: from [188.8.131.52] ([184.108.40.206]) by frodo.siroe.com (Sun Java System Messaging Server 6 2004 Q2 (built Apr 7 2003)) with SMTP id <0HD7001023OYDA00@frodo.siroe.com\> for firstname.lastname@example.org; Fri, 11 Apr 2003 13:03:23 -0700 (PDT) Date: Fri, 11 Apr 2003 13:03:08 -0700 From: email@example.com Subject: test message To: firstname.lastname@example.org Message-id: <0HD7001033P1DA00@frodo.siroe.com\> Content-type: multipart/mixed; boundary="Boundary_(ID_XIIwKLBET2/DDbPzRI7yzQ)" --Boundary_(ID_XIIwKLBET2/DDbPzRI7yzQ) Content-type: text/plain; charset=us-ascii Content-disposition: inline This is a test message! --Boundary_(ID_XIIwKLBET2/DDbPzRI7yzQ) Content-type: text/plain; charset=us-ascii Content-language: en Content-disposition: inline The content of this message part has been removed. It contained a potentially harmful file named "trojan_horse.vbs" --Boundary_(ID_XIIwKLBET2/DDbPzRI7yzQ)--