[Mimedefang] Truncated long MIME Content-Transfer-Encoding header

Jan Pieter Cornet johnpc at xs4all.nl
Fri Oct 28 10:49:45 EDT 2005


On Fri, Oct 28, 2005 at 09:40:06AM -0400, David F. Skoll wrote:
> > Right, and I'm wondering if I could use this to my advantage.  This
> > "original poster" is a spammer (as he appears to be), how could I reject all
> > messages that have this "truncated long MIME Content-Transfer-Encoding
> > header"?
> 
> Well, I suppose you could look at the Content-Transfer-Encoding header
> (in ./HEADERS), and if it's equal to MaxMimeHeaderLength, you can assume
> it was truncated.  This will only fail if the header happened to be
> exactly MaxMimeHeaderLength before, but I don't think that's a big deal.

Um, a Content-Transfer-Encoding header can also occur in mime attachments.
So it's not enough to look at the ./HEADERS file. I think you also want
to check something like this in sub filter...

  sub filter {
     my($entity, ...) = @_;

     my $cte = $entity->head->mime_encoding;
     if ( length $cte > 42+105 ) {
	barf();

Or... if this "truncated long MIME CTE header" is in the headers of the
mail the moment you receive it, then it is of course a lot easier to
block. Just scan for that particular header in the ./HEADERS file.

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet


More information about the MIMEDefang mailing list