1. Forum
  2. USENET
  3. news.admin.peering

  • Intercept articles with MIME attachments

    From Roberto CORRADO@i@secure.corradoroberto.it to news.admin.peering on Sun Jan 4 21:34:49 2026
    From Newsgroup: news.admin.peering

    Good evening,
    in the last few days one of my users sent several articles with MIME attachments on group it.hobby.fai-da-te.
    I'm very sorry for the inconvenient and I would like to prevent the same in the future.
    At the moment I am busy in other activities, and I don't have much time to implement something: can you please give me something already set up to add a filter_nnrpd.pl to solve the problem?
    Thank you to all, and Happy New Year.
    --
    Roberto CORRADO
    "More than machinery, we need humanity." cit.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Roberto CORRADO@i@secure.corradoroberto.it to news.admin.peering on Sun Jan 4 23:03:38 2026
    From Newsgroup: news.admin.peering

    Please forgive the additional reply, I feel on duty to proceed personally to solve this subject.
    Given that I use cleanfeed, and those who use it have received nothing I will take this article as example:
    """
    Message-ID: <10j82ju$go4$1@gatto.corradoroberto.it>
    """
    What should be block hook?
    """
    Content-Type: multipart/mixed;
    boundary="----=_Part_0_147797237.1767345596210"
    """
    if ($hdr{'Content-Type'} =~ /(multipart/mixed/) {
    rval = "Article contains Multipurpose Internet Mail Extensions MIME NOT allowed";
    }
    Do you consider this method correct and implementable?
    Thanks for support.
    --
    Roberto.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From =?UTF-8?Q?Julien_=C3=89LIE?=@iulius@nom-de-mon-site.com.invalid to news.admin.peering on Sun Jan 4 23:40:35 2026
    From Newsgroup: news.admin.peering

    Hi Roberto,

    Given that I use cleanfeed

    Couldn't you just use:

    block_mime_html => 1, # block MIME encapsulated HTML
    block_html_multipart => 1, # block all multipart with html sections
    block_html => 1, # block native HTML (Content-Type
    text/html)
    block_html_images => 1, # block <img src> in non text/plain
    messages



    if ($hdr{'Content-Type'} =~ /(multipart/mixed/) {

    There's a syntax issue with "/" inside "/". You should escape it, and
    remove the extra "(" inside:
    /multipart\/mixed/
    --
    Julien |eLIE

    -2-arCo Heureusement, nous aurons bient||t le TGV-a!
    rCo C'est quoi le t|-g|-v|--a?
    rCo C'est le Transport Gaulois V|-loce.-a-+ (Ast|-rix)

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Ivo Gandolfo@usenet@bofh.team to news.admin.peering on Sun Jan 4 23:44:47 2026
    From Newsgroup: news.admin.peering

    Il 04/01/2026 23:03, Roberto CORRADO ha scritto:

    Thanks for support.

    @everyone: sorry for italian language.


    Robb|? non te lo volevo dire ma... in 2 messaggi sei riuscito a cannare 6 cose:

    - Chi usa adeguatamente i filtri non ha ricevuto quei post perch|? sono
    binary misplaced.

    - Mai fidarsi dei propri utenti, non sai mai cosa possano combinare,
    aspettati sempre il peggio. Metti dei filtri sui tuoi utenti per evitare queste cose in futuro, ma dovresti gi|a averci pensato prima, durante il
    setup del tuo server.

    - Cleanfeed serve solo tra peer, ed |? gi|a troppo tardi. Una buona base
    di partenza |? fare come ho fatto io, prova a guardarti postfilter https://github.com/Aioe/postfilter e personalizzatelo per i tuoi usi e costumi. Comunque Google |? tuo amico, ogni tanto prova ad usarlo (anche
    se ricordo che in passato ti ho gi|a dato consigli in merito, la mia mail
    |? sempre aperta). Se vuoi la copia patchata da me di postfilter posso mandartela.

    - Quella patch per cleanfeed |? anche giusta ma hai cannato gruppo,
    questo non |? argomento da n.a.p. ma n.s.n. o meglio n.a.t. qui si
    discute solo di peering e affini.

    - Comunque cleanfeed non ti risolve il problema, perch|? non |? da nnrpd
    ma inn. Filtro su nnrpd molto stretto (c'|? sempre tempo per allargare le maglie) e studiati anche un bel bot per mandare cancel con i cancel-lock
    e magari un bel bot nocem, almeno se ricapita mandi un cancel e nessuno
    si accorge di niente in caso di abusi. E comunque preparati a ricevere
    un bel p|# di schiaffoni.

    - E comunque non hai finito di configurare inn. E molto prono ad abusi,
    quindi ti consiglio di rileggerti per bene i manpage.

    - Idem dicasi per la configurazione di parecchi altri servizi che hai
    s||. Ho fatto un paio di prove e non mi sono spinto oltre... verificati i
    log e le remote vulnerability conosciute.

    - Nota personale: tenere un server su linea dialup |? sempre stata una
    Pessima Idea (almeno io lo ritengo cos|4, tant|? che se mi spedisci una
    mail dal tuo server |? molto probabile che non la ricevo, io ho i dial-up tutti bloccati da zen e ritengo che molti altri fanno cos|4). Spero per
    te che ci ripenserai e sposterai tutto.


    Visto che sei di Biella se passi da Torino zona Mirafiori ci si pu|#
    trovare. Comunque da un collega sistemista mi aspettavo un p|# pi|| di preparazione e non partire cos|4 allo sbaraglio.


    Ah, buon anno nuovo.



    Sincerely
    --
    Ivo Gandolfo
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Ray Banana@rayban@raybanana.net to news.admin.peering on Mon Jan 5 07:12:33 2026
    From Newsgroup: news.admin.peering

    Thus spake "Roberto CORRADO" <i@secure.corradoroberto.it>

    """
    Message-ID: <10j82ju$go4$1@gatto.corradoroberto.it>
    """

    What should be block hook?

    """
    Content-Type: multipart/mixed;
    boundary="----=_Part_0_147797237.1767345596210"
    """

    if ($hdr{'Content-Type'} =~ /(multipart/mixed/) {
    rval = "Article contains Multipurpose Internet Mail Extensions MIME NOT allowed";
    }

    Do you consider this method correct and implementable?

    Implementable, but not correct ;-)

    A MIME message contains both a Content-Type: header and one or more Content-Type: boundary markers in the body of the messages.

    If you only look at the header, you will not be able to determine the
    number and type of parts, thus bluntly rejecting all multipart/mixed
    articles including articles declared as multipart/mixed, but containing
    only a single text/plain part, which may be a bit strange, but still permissible. I understand that newsreaders like pine or tin can be
    configured to produce such articles.

    Please see <c062aef9-ac4c-6f44-d64a-d0fc9f00b013@insomnia247.nl> for an example.

    Regarding the example you gave in your previous post, Eternal-September
    did receive it and rejected it correctly as a binary attachment:

    Jan 2 09:20:01 feeder innd: rejecting[perl] <10j82ju$go4$1@gatto.corradoroberto.it> 439 Binary: binary attachment
    --
    -f-a|U-e-u-+ rCo -a-a-|-+-+|U
    https://www.eternal-september.org
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Urs =?UTF-8?Q?Jan=C3=9Fen?=@urs@akk.org to news.admin.peering on Mon Jan 5 07:15:29 2026
    From Newsgroup: news.admin.peering

    In Ray Banana <rayban@raybanana.net> wrote:
    number and type of parts, thus bluntly rejecting all multipart/mixed
    articles including articles declared as multipart/mixed, but containing
    only a single text/plain part, which may be a bit strange, but still permissible. I understand that newsreaders like pine or tin can be
    configured to produce such articles.

    JFTR:
    tin does not create any mulipart articles (only exception: forwarding
    articles via mail with mime_forward set). sure you can "manually" add
    any (bogus) additional headers.

    Please see <c062aef9-ac4c-6f44-d64a-d0fc9f00b013@insomnia247.nl> for an example.

    Eternal-September gives me
    | >HDR Xref <c062aef9-ac4c-6f44-d64a-d0fc9f00b013@insomnia247.nl>
    | <430 No such article
    --- Synchronet 3.21a-Linux NewsLink 1.2