[OT] Strip attachment and add link for download

Tue Jun 20 17:43:38 IST 2006

Hmmm, thats pretty cool Greg. Now, how about if the URL was http://example.com/pickup.php?$datenumber/$id/$filename and the script validated the To:
address from the message file.  At least then there would be some kind of validation.

Alternatively, if a ruleset could be created to execute a script when say the Max Size has been exceeded, you could inject a validation code into the
email that the recipient would need to use to access the download.

Just some thoughts.

Phil

On Tue, 20 Jun 2006 11:30:20 -0400
Greg Borders <gborders at jlewiscooper.com> wrote:

> Glenn Steen wrote:
> > On 20/06/06, Alex Pimperton <alex at erus.co.uk> wrote:
> >> Hi All,
> >>
> >> This may be a shot in the dark but does anybody use/know of a system
> >> that does the following:
> >>
> >> -message arrives at server from local users
> >> -message is checked for attachments
> >> -if attachments exist and are over a certain size, the server splits off
> >> the attachments to a web-accessible directory and inserts a link in the
> >> email so the recipient can download the attachment
> >>
> >> I know this is not really MailScanners domain but it would be a very
> >> useful feature.
> >>
> >> Is this more of a mailwatch-type feature?
> >>
> >> I'm currently using postfix and MailScanner which I don't really want to
> >> change even though know I can do things like this with MDaemon.
> >>
> >> Regards,
> >>
> >> Alex
> >>
> > I haven't tried this, but ... You should be able to make a probable
> > facsimile with a combination of quarantining/notification and
> > MailWatch with per user (email address) access. Look at the "Maximum
> > Attachment Size" setting in MailScanner.conf, might be what you need.
> >
> I've gotten this working on my system.  I do indeed use the "Maximum
> Attachment Size" setting that Glenn mentions.
> In my case I wanted to prevent users from sending very large files via 
> e-mail, and use means better suited for the task. (I.E. FTP)
> I used that Max Attach Size in a ruleset to trigger the settings for 
> specific users/groups.
> 
> Then once triggered, MS will send the message to the recipient that the 
> file was "too large"  using the text in
> stored.virus.message.txt
> 
> I modified the default message to include some extra info for a direct 
> link to the file, for example:
> -----------------------
> Note to Postmaster:
> Attachment is located on $hostname in $quarantinedir/$datenumber 
> (message $id).
> URL: for direct download:
> "http://example.com/pickup/$datenumber/$id/$filename"
> ------------------------
> 
> Next, I modified my Apache HTTP server config file to host the directory 
> in the quarantine as the "http://example.com/pickup/"
> That way, you won't be showing your file structure to the realworld:
> 
> -------------------------
> Alias /pickup/ "/var/spool/MailScanner/quarantine/"
> <Directory "/var/spool/MailScanner/quarantine/">
>     Options Indexes MultiViews
>     AllowOverride None
>     Order allow,deny
>     Allow from all
> </Directory>
> --------------------------
> 
> The only down side is you have to open up permissions to the quarantine 
> folders, and thus making ALL of the messages available to those that 
> know how to peruse the folders.  Fortunately, the message id is quite 
> long and random, and makes it harder to dig around unless you know 
> exactly what it is.
> 
> Hope this helps with your set up!
> 
> Greg. Borders
> 
> Sys. Admin.
> JLC Co.
> 
> --
> This transmission may contain information that is privileged, confidential
> and/or exempt from disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any disclosure, copying,
> distribution, or use of the information contained herein (including any
> reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
> in error, please immediately contact the sender and destroy the material in
> its entirety, whether in electronic or hard copy format. Thank you.
> 

-- 
This message has been scanned for viruses and dangerous content
by MailScanner, and is believed to be clean.