Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
attachment filtering
- From: Christopher Mahmood <ckm@xxxxxxxx>
- Date: Thu, 1 Nov 2001 16:58:04 -0800
- Message-id: <20011101165804.N3045@xxxxxxxxxxxxxxxxxx>
Hi All,
Thanks for all who took the time to respond to my request. As I'm
sure you know, my concern isn't really with the subscribers on this
list (which are generally considerate, sophisticated users) but with
the madness on some of our larger lists like suse-linux and
suse-linux-e. Suddenly implementing filtering without any notice
would probably result in threats on my life and posting an RFC is
pretty much out of the question there. So if everything goes well
with this test case I'm planning on implementing similar policies on
those lists after a suitable warning.
I received about 20 responses and all except two were, to put it
mildly, extremely enthusiastic about the proposal. The two
arguments that were against were, in my opinion, both valid and
the second convinced me that a complete ban on attachments is, sadly
enough, a little too heavy handed.
Here's the policy as it currently stands:
o mail that consists only of a MIME attachment gets bounced
o HTML mail gets bounced
o all attachments that aren't text/plain get stripped
o other than the bounces in the first two cases, no
notification is sent to the sender that their attachments
have been removed
I think that this is reasonable compromise that allows people to
attach log snippets or gpg keys while keeping HTML and "vcards" out,
but you comments are of course welcome.
Thanks again for the input, I really appreciate it.
--
-ckm
Thanks for all who took the time to respond to my request. As I'm
sure you know, my concern isn't really with the subscribers on this
list (which are generally considerate, sophisticated users) but with
the madness on some of our larger lists like suse-linux and
suse-linux-e. Suddenly implementing filtering without any notice
would probably result in threats on my life and posting an RFC is
pretty much out of the question there. So if everything goes well
with this test case I'm planning on implementing similar policies on
those lists after a suitable warning.
I received about 20 responses and all except two were, to put it
mildly, extremely enthusiastic about the proposal. The two
arguments that were against were, in my opinion, both valid and
the second convinced me that a complete ban on attachments is, sadly
enough, a little too heavy handed.
Here's the policy as it currently stands:
o mail that consists only of a MIME attachment gets bounced
o HTML mail gets bounced
o all attachments that aren't text/plain get stripped
o other than the bounces in the first two cases, no
notification is sent to the sender that their attachments
have been removed
I think that this is reasonable compromise that allows people to
attach log snippets or gpg keys while keeping HTML and "vcards" out,
but you comments are of course welcome.
Thanks again for the input, I really appreciate it.
--
-ckm
| < Previous | Next > |