<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
On 09/29/2011 09:26 PM, Kyle Oetken wrote:
<blockquote cite="mid:SNT115-W92A36F482E918C2F5BF73C3F70@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
<div dir="ltr">
<br>
When you have a moment can you provide some more detail about
the issues that can occur when using the email mime module?
Also, what fixes are provided with the pymilter mime module?<br>
<br>
</div>
</blockquote>
mime.Message extends email.message.Message. A quick review of
comments in mime.py reveals (forgive the childish name calling of a
popular but amazingly insecure email client - it has caused me much
grief and wasted time):<br>
<br>
1) Handle multipart attachments that are not labelled as such in
ContentType. (This emulates Outhouse behaviour so we can remove
Outhouse viruses that hide in unlabelled multipart attachments.)<br>
<br>
2) Remove (ignore) trailing garbage after quoted header parameters.
(Another Outhouse exploit.)<br>
<br>
3) add ismodified() method and track modifications by attachment.
(So you know whether replacebody() is required.)<br>
<br>
4) add a headerchange method hook so you can conveniently trigger
addheader/chgheader calls in your milter. (Doxygen drops the var
comment - have to figure out why.)<br>
<br>
<br>
Misc features:<br>
<br>
mime.checkattach() walks attachments. (Current python has
Message.walk() - but mine is still included for compatibility.)<br>
<br>
mime.defang replaces files with a warning message, both attached and
within zip files (and zip within zip etc), that appear to be
something Outhouse might try to execute. It also removes
<script> elements from HTML attachments. (Which really do not
belong in HTML mail.)<br>
</body>
</html>