[Dovecot] mime support for pigeonhole

Tim Dickson dickson.tim at googlemail.com
Wed Feb 5 10:08:36 UTC 2014 

On 05/02/2014 00:21, Stephan Bosch wrote:
> Hi,
>
> On 1/30/2014 7:50 PM, Tim Dickson wrote:
>> is there any chance of rfc5703 (mime support/extension) being added to
>> pigeonhole?
> There are plans for that, but there is no concrete timeline.
hopefully soon :-)
>> I am trying to filter mail with .exe and .zip attachments, to no success.
>>
>> I can't use body because that doesn't include the mime headers, so the
>> only way I can see is to use mime (aka rfc5703)
>> I am using dovecot 2.1.8 with pigeonhole 0.3.3  (and am about to use
>> dovecot 2.2.9 with pigeonhole 0.4.2 on another server)
>> If I'm just missing the point, or there is already support, please
>> point me in the right direction.
> You only need to test for the existence of certain attachments:
>
> require "body";
> require "relational";
> require "fileinto";
>
> if body :count "gt" :content "application/x-zip-compressed" "0" {
>      fileinto "Zip";
> } else {
>      fileinto "NoZip";
> }
>
> This tests whether there are more than zero message parts with
> content-type "application/x-zip-compressed".
>
> Regards,
>
> Stephan.
>
>
many thanks for the reply.

I did previously try
body :raw :contains 
["application/x-zip-compressed","application/x-silverlight"],

which catches zip and scr files, but, does nothing for exe files (or pif 
ones). both of which share types with other file types. The ideal would 
be to scan the "filename" part of the attachment header. The line below 
does that roughly by brute force.

body :raw :regex 
["filename=.*\.exe","filename=.*\.pif","filename=.*\.scr","filename=.*\.zip"]

This would let me test for other sorts of attachment easily as well.

Unless the :content test included filename, which rfc5173 doesn't seem 
to mention, :content does not let me identify exe as distinct from bin, 
class, dll, dmg,dms, lhs,lza .. etc. as they all have the same content type.
It also doesn't help with pif files (which I didn't mention earlier, but 
are also common for malware) and which have a content type of text/plain 
with base64 encoding, which is odd for what amounts to a binary with 
executable capability.

hopefully, the :mime support will come soon :-)
regards, Tim

More information about the dovecot mailing list