restricing few users from sending/receiving attachments in postfix and in sendmail
John Francis
john.francis at gmail.com
Tue Jan 24 12:51:17 UTC 2006
On Mon, 2006-01-23 at 09:57, Tim wrote:
> On Sun, 2006-01-22 at 17:12 +0000, Paul Howarth wrote:
> > My point was that it's virtually impossible to do this because
> > attachments can be split up into multiple emails (thus getting around
> > size restrictions) and can be included in (say) uuencode format in the
> > message body rather than using a MIME-style attachment.
>
> I don't see why a filter can't strip out attachments done either way.
> If one can parse MIME headers, one can also parse for UUE beginning and
> end markers. Multipart messages can also be checked for, but even if
> not, catching the beginning and end of a multi-part would kill most data
> fairly well.
Ok, so you can stop MIME and UUE attachments. But I think Paul was
correct in stating that it will still be possible to send arbitrary
file types. Given any transport that can send bytes of data between
two computers, you can always use it to transfer arbitrary data. A
sophisticated user may get around the limitations imposed by his
network administrator by designing his own encoding method (or using
mime or uue without well know header values).
It's like they say with security be it physical or electronic: there
is no way to make a break-in impossible it's just a matter of making
it as difficult as possible given your budget (of time, money, loss of
functionality, etc).
--
Kind regards,
John Francis
More information about the fedora-list
mailing list