From Newsgroup: news.admin.peering

Good evening,
in the last few days one of my users sent several articles with MIME attachments on group it.hobby.fai-da-te.
I'm very sorry for the inconvenient and I would like to prevent the same in the future.
At the moment I am busy in other activities, and I don't have much time to implement something: can you please give me something already set up to add a filter_nnrpd.pl to solve the problem?
Thank you to all, and Happy New Year.
--
Roberto CORRADO
"More than machinery, we need humanity." cit.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Please forgive the additional reply, I feel on duty to proceed personally to solve this subject.
Given that I use cleanfeed, and those who use it have received nothing I will take this article as example:
"""
Message-ID: <10j82ju$go4$1@gatto.corradoroberto.it>
"""
What should be block hook?
"""
Content-Type: multipart/mixed;
boundary="----=_Part_0_147797237.1767345596210"
"""
if ($hdr{'Content-Type'} =~ /(multipart/mixed/) {
rval = "Article contains Multipurpose Internet Mail Extensions MIME NOT allowed";
}
Do you consider this method correct and implementable?
Thanks for support.
--
Roberto.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Hi Roberto,

Given that I use cleanfeed

Couldn't you just use:

block_mime_html => 1, # block MIME encapsulated HTML
block_html_multipart => 1, # block all multipart with html sections
block_html => 1, # block native HTML (Content-Type
text/html)
block_html_images => 1, # block <img src> in non text/plain
messages

if ($hdr{'Content-Type'} =~ /(multipart/mixed/) {

There's a syntax issue with "/" inside "/". You should escape it, and
remove the extra "(" inside:
/multipart\/mixed/
--
Julien |eLIE

-2-arCo Heureusement, nous aurons bient||t le TGV-a!
rCo C'est quoi le t|-g|-v|--a?
rCo C'est le Transport Gaulois V|-loce.-a-+ (Ast|-rix)

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Il 04/01/2026 23:03, Roberto CORRADO ha scritto:

Thanks for support.

@everyone: sorry for italian language.


Robb|? non te lo volevo dire ma... in 2 messaggi sei riuscito a cannare 6 cose:

- Chi usa adeguatamente i filtri non ha ricevuto quei post perch|? sono
binary misplaced.

- Mai fidarsi dei propri utenti, non sai mai cosa possano combinare,
aspettati sempre il peggio. Metti dei filtri sui tuoi utenti per evitare queste cose in futuro, ma dovresti gi|a averci pensato prima, durante il
setup del tuo server.

- Cleanfeed serve solo tra peer, ed |? gi|a troppo tardi. Una buona base
di partenza |? fare come ho fatto io, prova a guardarti postfilter https://github.com/Aioe/postfilter e personalizzatelo per i tuoi usi e costumi. Comunque Google |? tuo amico, ogni tanto prova ad usarlo (anche
se ricordo che in passato ti ho gi|a dato consigli in merito, la mia mail
|? sempre aperta). Se vuoi la copia patchata da me di postfilter posso mandartela.

- Quella patch per cleanfeed |? anche giusta ma hai cannato gruppo,
questo non |? argomento da n.a.p. ma n.s.n. o meglio n.a.t. qui si
discute solo di peering e affini.

- Comunque cleanfeed non ti risolve il problema, perch|? non |? da nnrpd
ma inn. Filtro su nnrpd molto stretto (c'|? sempre tempo per allargare le maglie) e studiati anche un bel bot per mandare cancel con i cancel-lock
e magari un bel bot nocem, almeno se ricapita mandi un cancel e nessuno
si accorge di niente in caso di abusi. E comunque preparati a ricevere
un bel p|# di schiaffoni.

- E comunque non hai finito di configurare inn. E molto prono ad abusi,
quindi ti consiglio di rileggerti per bene i manpage.

- Idem dicasi per la configurazione di parecchi altri servizi che hai
s||. Ho fatto un paio di prove e non mi sono spinto oltre... verificati i
log e le remote vulnerability conosciute.

- Nota personale: tenere un server su linea dialup |? sempre stata una
Pessima Idea (almeno io lo ritengo cos|4, tant|? che se mi spedisci una
mail dal tuo server |? molto probabile che non la ricevo, io ho i dial-up tutti bloccati da zen e ritengo che molti altri fanno cos|4). Spero per
te che ci ripenserai e sposterai tutto.


Visto che sei di Biella se passi da Torino zona Mirafiori ci si pu|#
trovare. Comunque da un collega sistemista mi aspettavo un p|# pi|| di preparazione e non partire cos|4 allo sbaraglio.


Ah, buon anno nuovo.



Sincerely
--
Ivo Gandolfo
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Thus spake "Roberto CORRADO" <i@secure.corradoroberto.it>

"""
Message-ID: <10j82ju$go4$1@gatto.corradoroberto.it>
"""

What should be block hook?

"""
Content-Type: multipart/mixed;
boundary="----=_Part_0_147797237.1767345596210"
"""

if ($hdr{'Content-Type'} =~ /(multipart/mixed/) {
rval = "Article contains Multipurpose Internet Mail Extensions MIME NOT allowed";
}

Do you consider this method correct and implementable?

Implementable, but not correct ;-)

A MIME message contains both a Content-Type: header and one or more Content-Type: boundary markers in the body of the messages.

If you only look at the header, you will not be able to determine the
number and type of parts, thus bluntly rejecting all multipart/mixed
articles including articles declared as multipart/mixed, but containing
only a single text/plain part, which may be a bit strange, but still permissible. I understand that newsreaders like pine or tin can be
configured to produce such articles.

Please see <c062aef9-ac4c-6f44-d64a-d0fc9f00b013@insomnia247.nl> for an example.

Regarding the example you gave in your previous post, Eternal-September
did receive it and rejected it correctly as a binary attachment:

Jan 2 09:20:01 feeder innd: rejecting[perl] <10j82ju$go4$1@gatto.corradoroberto.it> 439 Binary: binary attachment
--
-f-a|U-e-u-+ rCo -a-a-|-+-+|U
https://www.eternal-september.org
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

In Ray Banana <rayban@raybanana.net> wrote:

number and type of parts, thus bluntly rejecting all multipart/mixed
articles including articles declared as multipart/mixed, but containing
only a single text/plain part, which may be a bit strange, but still permissible. I understand that newsreaders like pine or tin can be
configured to produce such articles.

JFTR:
tin does not create any mulipart articles (only exception: forwarding
articles via mail with mime_forward set). sure you can "manually" add
any (bogus) additional headers.

Please see <c062aef9-ac4c-6f44-d64a-d0fc9f00b013@insomnia247.nl> for an example.

Eternal-September gives me
| >HDR Xref <c062aef9-ac4c-6f44-d64a-d0fc9f00b013@insomnia247.nl>
| <430 No such article
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

"Ray Banana" wrote:

Implementable, but not correct ;-)

A MIME message contains both a Content-Type: header and one or more Content-Type: boundary markers in the body of the messages.

I would have written this, do you think it's correct?
my $data = "";
if ($hdr{'Content-Type'} =~ /multipart\/mixed/i) {
# $data="1";
if ($body =~ /Content-Type:\stext\/plain/i && $body =~ /Content-Transfer-Encoding:\sbase64/i && $body =~ /Content-Disposition:\sattachment/i) {
$data="Article contains Multipurpose Internet Mail Extensions MIME NOT allowed";
} else {
if ($body =~ /Content-Type:\stext\/plain/i && $body =~ /Content-Transfer-Encoding:\sbase64/i && $body =~ /Content-Base/i) {
$data="Article contains Multipurpose Internet Mail Extensions MIME NOT allowed";
}
}
$rval = $data;
}
Thank you all for your support.
--
Roberto.
a simple web NR (without DB). https://secure.corradoroberto.it/m9/usenet2/newsgroups.php?art_group=news.admin.peering&article_id=36856
--- Synchronet 3.21b-Linux NewsLink 1.2