Making Use of the iPlanet Messaging Server Conversion Channel
Overview
When you work with the conversion channel, it is important to have a good understanding of MIME messages and their structure. The setup and implementation of conversion routines requires that you access the MIME type information of message parts as thery are presented to your conversion routines.
So we should begin with a general description of a MIME message. Consider the following analogy:
A train is made up of one or more engines coupled to a series of railcars. The railcars on the train are of different shapes and sizes and hold different kinds of cargo. The whole assembly is thought of as ONE train.
One can describe a MIME message in a similar way. A MIME message consists of a header and one or more message parts (for example, an attachment to a message might be one part, and the message itself would be one part). Each part can be of a different MIME type, but all the parts are joined together to form ONE message.
Each part of a MIME message will have content-type information which identifies the nature of that message part, perhaps the name that was given to that message part when it was created, and perhaps information on how to display that message part (inline or attachment).
The content-type header identifies the major type and subtype of the message part. The major type describes a family of related MIME types such as IMAGE or APPLICATION or AUDIO. The subtype describes the specific member of that family such as JPEG or WORDPERFECT5.1 or WAV. Common content-types are IMAGE/JPEG, APPLICATION/WORDPERFECT5.1 and AUDIO/WAV.
When the message enters the conversion channel, it is like a train that has all of its railcars and engines decoupled from each other. Each decoupled component is held in a temporary holding area and its MIME information catalogued.
The function of the conversion channel is to reassemble a message from its components and, during that reassembly, apply site-supplied criteria to decide whether or not that component should be altered before it is recoupled.
The level of examination of each message part is determined by the setup of the CONVERSION file, where the system administrator can set criteria as to which message parts should be examined. Such criteria can include, but is not limited to, the content-type of the message part.
Invoking your procedures
To invoke conversion procedures, use the CONVERSION mapping table in the IMTA_MAPPING_FILE to tell Messaging Server which messages should take a detour through the conversion channel. When messages pass through the conversion channel, instructions as to what commands are executed are specified in the IMTA_CONVERSION_FILE.
Basic Setup
The steps to implement attachment screening with the conversion channel are:1. Create a /usr/sitescripts directory (or similar) and make sure that it is owned by the user as which Messaging Server runs.
2. Move the conversion script to the /usr/sitescripts/ directory. Make sure that the script is executable.
3. Install your third party virus scanner on your machine and alter your new conversion script to point to the location of the scanning software.
4. Modify or create the IMTA_MAPPING_FILE file to trigger a trip through the conversion channel.
(The IMTA_MAPPING_FILE is $InstanceRoot/imta/config/mappings on UNIX.)
5. Modify or create the IMTA_CONVERSION_FILE file to include entries that call the virus scanning script.
The IMTA_CONVERSION_FILE is $InstanceRoot/imta/config/conversions on UNIX
Once the changes have been made, recompile & reinstall your configuration, and then restart the Dispatcher.
Scripting Samples
Sample scripts for integrating virus scanners with the conversion channel, thottling seasonal abuse, screening certain file extensions, or Stopping the Melissa, Papa & variant viruses are available for download here.