[Top] [All Lists]

Re: "body" extension

2002-06-14 10:42:33

Jutta Degener <jutta(_at_)sendmail(_dot_)com> writes:

Below is a strawman Internet draft that describes the easiest,
most general form of "body" I could imagine -- a simple match
against the text of an e-mail message that is not the header,
without content-decoding of any sort.

A future extension of this could be to even MIME decode data before
matching it as well -- international users need this to match
non-ASCII in bodies.

5. Security Considerations

   The system must be sized and restricted in such a manner that even
   malicious use of body matching does not deny service to other users.

   Matching strings in the body of an e-mail message may be more general
   than the author of the sieve script intended.  The strings may be
   matched in headers of included messages; strings that are dangerous 
   only when used in enclosed MIME headers may be matched in text that
   is in itself not dangerous, or discusses the very problem that the
   script is attempting to defend against.

A thought:

Matching strings can also be less general than the author intended.
This is because the same data can be expressed in several ways using,
e.g., quoted-printable and base64 encodings.  Thus trying to filter on
a specific strings in order to redirect certain data (viruses, certain
key words) can be worked around by the sender.

<Prev in Thread] Current Thread [Next in Thread>