Patch: New PGP handling
Patrick Ben Koetter
p at sys4.de
Wed Jul 11 21:38:24 CEST 2018
The attached patch introduces a new, separate way to handle PGP messages
alternatively from CC_UNCHECKED.',1', which puts PGP and password-protected
Archives into the same bucket.
The latter approach is not able to alarm / edit the subject, when a
password-protected ZIP is detected, but remain silent when PGP messages pass
the amavis.
This patch allows to silence alarming when PGP messages pass by and raise an
alarm for all other classes.
p at rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
--- amavisd-new-2.11.0/amavisd 2016-04-26 21:24:33.000000000 +0200
+++ amavis-patched/amavisd 2018-07-11 16:34:00.347437579 +0200
@@ -408,6 +408,10 @@
@dkim_signing_keys_list @dkim_signing_keys_storage
$file $altermime $enable_anomy_sanitizer
)],
+ $privacy_cc_major
+ $privacy_cc_minor
+ $privacy_match_mimetypes
+ $privacy_attribute_pgp_enc
'sa' => # global SpamAssassin settings
[qw(
$spamcontrol_obj $sa_num_instances
@@ -990,6 +994,11 @@
$smtpd_recipient_limit = 1100; # max recipients (RCPT TO) - sanity limit
+ # content class for emails with privacy data
+ $privacy_cc_major = CC_UNCHECKED;
+ $privacy_cc_minor = 1;
+ $privacy_attribute_pgp_enc = 'C'; # set to 'P' to flag pgp.enc content as "privacy" instead of "crypted"
+
# $myhostname is used by SMTP server module in the initial SMTP welcome line,
# in inserted Received: lines, Message-ID in notifications, log entries, ...
$myhostname = (POSIX::uname)[1]; # should be a FQDN !
@@ -10334,7 +10343,7 @@
$VERSION = '2.412';
@ISA = qw(Exporter);
@EXPORT_OK = qw(&mime_decode);
- import Amavis::Conf qw(:platform c cr ca $TEMPBASE $MAXFILES);
+ import Amavis::Conf qw(:platform c cr ca $TEMPBASE $MAXFILES $privacy_match_mimetypes);
import Amavis::Timing qw(section_time);
import Amavis::Util qw(snmp_count untaint ll do_log
safe_decode safe_decode_latin1
@@ -10492,8 +10501,17 @@
if (defined $part) {
$part->mime_placement($placement);
$part->type_declared($mt eq $et ? $mt : [$mt, $et]);
- $part->attributes_add('U','C') if $mt =~ m{/.*encrypted}si ||
- $et =~ m{/.*encrypted}si;
+ if ($mt =~ m{/.*encrypted}si || $et =~ m{/.*encrypted}si) {
+ my $privacy_match_result = ref($privacy_match_mimetypes) eq 'CODE'
+ ? &$privacy_match_mimetypes($mt, $et, $entity, $parent_obj)
+ : $privacy_match_mimetypes eq '' ? undef
+ : $mt eq $et && $et=~/$privacy_match_mimetypes/gm;
+ if($privacy_match_result) {
+ $part->attributes_add('P');
+ } else {
+ $part->attributes_add('U','C');
+ }
+ }
my %rn_seen;
my @rn; # recommended file names, both raw and RFC 2047 / RFC 2231 decoded
for my $attr_name ('content-disposition.filename', 'content-type.name') {
@@ -14547,10 +14565,16 @@
$which_section = "parts_decode_ext";
snmp_count('OpsDec');
- my($any_encrypted,$over_levels);
- ($hold, $any_undecipherable, $any_encrypted, $over_levels) =
+ my($any_encrypted,$over_levels,$any_privacy);
+ ($hold, $any_undecipherable, $any_encrypted, $over_levels, $any_privacy) =
Amavis::Unpackers::decompose_mail($msginfo->mail_tempdir,
$file_generator_object);
+ if ($any_privacy) {
+ $msginfo->add_contents_category($privacy_cc_major, $privacy_cc_minor);
+ for my $r (@{$msginfo->per_recip_data}) {
+ $r->add_contents_category($privacy_cc_major, $privacy_cc_minor);
+ }
+ }
$any_undecipherable ||= ($any_encrypted || $over_levels);
if ($any_undecipherable) {
$msginfo->add_contents_category(CC_UNCHECKED,0);
@@ -31491,7 +31515,7 @@
: '; (' . join(', ',@$type_short) . ')'
) );
$part->type_long($type_long); $part->type_short($type_short);
- $part->attributes_add('C')
+ $part->attributes_add($privacy_attribute_pgp_enc)
if !ref($type_short) ? $type_short eq 'pgp.enc' # encrypted?
: grep($_ eq 'pgp.enc', @$type_short);
}
@@ -31556,7 +31580,7 @@
: '; (' . join(', ',@$type_short) . ')'
) );
$part->type_long($type_long); $part->type_short($type_short);
- $part->attributes_add('C')
+ $part->attributes_add($privacy_attribute_pgp_enc)
if !ref($type_short) ? $type_short eq 'pgp.enc' # encrypted?
: grep($_ eq 'pgp.enc', @$type_short);
$index++;
@@ -31600,7 +31624,7 @@
my($tempdir,$file_generator_object) = @_;
my $hold; my(@parts); my $depth = 1;
- my($any_undecipherable, $any_encrypted, $over_levels) = (0,0,0);
+ my($any_undecipherable, $any_encrypted, $over_levels, $any_privacy) = (0,0,0,0);
my $which_section = "parts_decode";
# fetch all not-yet-visited part names, and start a new cycle
TIER:
@@ -31662,13 +31686,14 @@
if (defined $attr) {
$any_undecipherable++ if index($attr, 'U') >= 0;
$any_encrypted++ if index($attr, 'C') >= 0;
+ $any_privacy++ if index($attr, 'P') >= 0;
}
}
last TIER if defined $hold;
$depth++;
}
section_time($which_section); prolong_timer($which_section);
- ($hold, $any_undecipherable, $any_encrypted, $over_levels);
+ ($hold, $any_undecipherable, $any_encrypted, $over_levels, $any_privacy);
}
# Decompose one part
More information about the amavis-users
mailing list