[OT] Strip attachment and add link for download
Greg Borders
gborders at jlewiscooper.com
Tue Jun 20 16:59:20 IST 2006
> On Tue, 20 Jun 2006 11:30:20 -0400
> Greg Borders <gborders at jlewiscooper.com> wrote:
>
>
>> Glenn Steen wrote:
>>
>>> On 20/06/06, Alex Pimperton <alex at erus.co.uk> wrote:
>>>
>>>> Hi All,
>>>>
>>>> This may be a shot in the dark but does anybody use/know of a system
>>>> that does the following:
>>>>
>>>> -message arrives at server from local users
>>>> -message is checked for attachments
>>>> -if attachments exist and are over a certain size, the server splits off
>>>> the attachments to a web-accessible directory and inserts a link in the
>>>> email so the recipient can download the attachment
>>>>
>>>> I know this is not really MailScanners domain but it would be a very
>>>> useful feature.
>>>>
>>>> Is this more of a mailwatch-type feature?
>>>>
>>>> I'm currently using postfix and MailScanner which I don't really want to
>>>> change even though know I can do things like this with MDaemon.
>>>>
>>>> Regards,
>>>>
>>>> Alex
>>>>
>>>>
>>> I haven't tried this, but ... You should be able to make a probable
>>> facsimile with a combination of quarantining/notification and
>>> MailWatch with per user (email address) access. Look at the "Maximum
>>> Attachment Size" setting in MailScanner.conf, might be what you need.
>>>
>>>
>> I've gotten this working on my system. I do indeed use the "Maximum
>> Attachment Size" setting that Glenn mentions.
>> In my case I wanted to prevent users from sending very large files via
>> e-mail, and use means better suited for the task. (I.E. FTP)
>> I used that Max Attach Size in a ruleset to trigger the settings for
>> specific users/groups.
>>
>> Then once triggered, MS will send the message to the recipient that the
>> file was "too large" using the text in
>> stored.virus.message.txt
>>
>> I modified the default message to include some extra info for a direct
>> link to the file, for example:
>> -----------------------
>> Note to Postmaster:
>> Attachment is located on $hostname in $quarantinedir/$datenumber
>> (message $id).
>> URL: for direct download:
>> "http://example.com/pickup/$datenumber/$id/$filename"
>> ------------------------
>>
>> Next, I modified my Apache HTTP server config file to host the directory
>> in the quarantine as the "http://example.com/pickup/"
>> That way, you won't be showing your file structure to the realworld:
>>
>> -------------------------
>> Alias /pickup/ "/var/spool/MailScanner/quarantine/"
>> <Directory "/var/spool/MailScanner/quarantine/">
>> Options Indexes MultiViews
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>> </Directory>
>> --------------------------
>>
>> The only down side is you have to open up permissions to the quarantine
>> folders, and thus making ALL of the messages available to those that
>> know how to peruse the folders. Fortunately, the message id is quite
>> long and random, and makes it harder to dig around unless you know
>> exactly what it is.
>>
>> Hope this helps with your set up!
>>
>> Greg. Borders
>>
>> Sys. Admin.
>> JLC Co.
>>
> --[UxBoD]-- wrote:
>
>> Hmmm, thats pretty cool Greg. Now, how about if the URL was http://example.com/pickup.php?$datenumber/$id/$filename and the script validated the To:
>> address from the message file. At least then there would be some kind of validation.
>>
>> Alternatively, if a ruleset could be created to execute a script when say the Max Size has been exceeded, you could inject a validation code into the
>> email that the recipient would need to use to access the download.
>>
>> Just some thoughts.
>>
>> Phil
And very good thoughts at that! I'd only spent a little spare time
experimenting with the retrieve capabilities, and had cooked up the
extra text in the message trick back when I first started with MS, and
was still a bit "green".
I like the logic of using PHP to validate a user for pickup. I'll
experiment with that idea, and share any results I cook up.
Greg.
--
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list