This section discusses imposing limits on the size or sensitivity of messages allowed through, and the related issue of setting message priority based on size, and general checking or filtering of message content.
29.4.7.1 Imposing message size limits
The PMDF options BLOCK_LIMIT and LINE_LIMIT can be used to impose
global size limits on all PMDF channels. The channel keywords
blocklimit and linelimit can be used to
impose size limits on specific destination channels; the channel
keyword sourceblocklimit can be used to impose size limits
on specific source channels.
The PMDF option CONTENT_RETURN_BLOCK_LIMIT may be used to force the NOTARY non-return of content flag for messages over the specified size; if such a message is subsequently bounced by a system that supports NOTARY, then the original message contents will not be included in the bounce message. The PMDF option BOUNCE_BLOCK_LIMIT may be used to cause PMDF, when generating a bounce message itself, to return only message headers for messages over the specified size.
29.4.7.2 Message priority and size limits
PMDF jobs pay attention to message priority, i.e., to the
presence of a Priority: header in the message. The priority of message
that PMDF immediate jobs (those jobs created when a message is first
submitted) will handle may be controlled with the
immnonurgent, immnormal, and
immurgent channel keywords. The priority of message that
PMDF periodic jobs (those jobs run periodically by PMDF to retry
delivery of previously undelivered messages) will handle may be
controlled with the minperiodicpriority and
maxperiodicpriority keywords. Or the
urgentqueue, normalqueue, and
nonurgentqueue keywords may be used to cause messages of
different priorities to be processed in different queues.
Some sites may wish to control the time of day, for instance, at which
low priority messages are sent. And note that the
nonurgentblocklimit, normalblocklimit, and
urgentblocklimit keywords may be used to forcibly
downgrade the priority of "large" messages.
29.4.7.3 Imposing message sensitivity limits
The channel keywords sensitivitynormal,
sensitivitypersonal, sensitivityprivate, and
sensitivitycompanyconfidential may be used to impose an
upper limit on the sensitivity of messages that may be enqueued to a
channel. For instance, a site wishing not to emit messages of
Company-confidential sensitivity might choose to set
sensitivityprivate on their channel that sends out to the
Internet, generally a tcp_local channel. See Section 2.3.4.88 for more
details.
29.4.7.4 Filtering based on message headers
PMDF's channel level mailbox filter facility may be used to check the
headers of incoming messages and make decisions to reject messages
based on, for instance, the Subject: header. See Section 16.2 for
details.
29.4.7.5 Checking or filtering message content
The best protection against problematic message content coming into
your site is educated users who are committed to implementing your site
security policies. The best protection against problematic message
content leaving your site is educated users who are committed to
conforming to your site security policies. If the users wish to evade
your policies, they can generally work around any imposed restrictions,
for instance, by encrypting their messages.
If you do wish to check the actual content of message parts, the PMDF conversion channel can be useful. You may use a CONVERSION mapping table to direct that certain message traffic, that is messages coming in certain channels and going out certain channels, pass through the PMDF conversion channel. The PMDF conversion channel can then run whatever content checking or filtering procedure or utility you wish.
For instance, some sites like to have binary message attachments checked by virus sniffing software. A CONVERSION mapping table along the lines of
CONVERSION IN-CHAN=*;OUT-CHAN=tcp_internal;CONVERT Yesand PMDF conversions file entries along the lines of
out-chan=tcp_internal; in-type=application; in-subtype=*; parameter-copy-0=*; command="yourviruscheckcommand 'INPUT_FILE' 'OUTPUT_FILE'" out-chan=tcp_internal; in-type=audio; in-subtype=*; parameter-copy-0=*; command="yourviruscheckcommand 'INPUT_FILE' 'OUTPUT_FILE'" out-chan=tcp_internal; in-type=image; in-subtype=*; parameter-copy-0=*; command="yourviruscheckcommand 'INPUT_FILE' 'OUTPUT_FILE'" out-chan=tcp_internal; in-type=video; in-subtype=*; parameter-copy-0=*; command="yourviruscheckcommand 'INPUT_FILE' 'OUTPUT_FILE'"where
yourviruscheckcommand is a site-supplied
command to do virus checking, will run any MIME message parts of type
APPLICATION, AUDIO, IMAGE, or VIDEO MIME through your procedure.
Note that when you are using the conversion channel to check message
parts on the PMDF firewall system, you are likely to want the
defragment channel keyword on outgoing channels,
particularly channels that send to internal systems. The MIME format
allows for messages to be split into multiple pieces, which are
normally not reassembled until arrival at the final destination system.
However, if you want the intermediate PMDF firewall system to check the
message content, you will want to reassemble the message parts on the
PMDF firewall system, so that the message content (rather than message
content fragments) can be checked. See Section 2.3.4.75 for details.
29.4.7.6 Verifying message integrity
The conversion channel or service conversions may be used to perform
site supplied message authentication (integrity) check procedures. See
Chapter 6 for an overview of service conversions and the
conversion channel. See also Chapter 24 , discussing using BSMTP
channels to "tunnel" messages between cooperating PMDF
systems.