dnl
dnl проверка boundary в multipart собщениях
dnl
dnl доступно с exiscan-acl-4.30-16
dnl NO		- не проводить проверку
dnl WARN	- вывода в лог файл предупреждения
dnl REJECT	- возврата клиенту кода 5xx
dnl EMPTY	- проверка на существование boundary
dnl LONG	- проверка длины boundary
dnl допустимые комбинации:
dnl `NO'
dnl `WARN EMPTY'
dnl `WARN LONG'
dnl `WARN EMPTY LONG'
dnl `REJECT EMPTY'
dnl `REJECT LONG'
dnl `REJECT EMPTY LONG'
dnl define(`confCHECK_BOUNDARY', `WARN EMPTY LONG')dnl
dnl максимальная длина boundary
dnl define(`confCHECK_BOUNDARY_MAX_LENGTH', `70')dnl
dnl
ifelse_strstr(confCHECK_BOUNDARY, `EMPTY', `dnl
	# Empty MIME Boundary Vulnerability
ifelse_strstr(confCHECK_BOUNDARY, `REJECT', `dnl
	warn	hosts		= +relay_from_hosts
		condition	= $mime_is_multipart
		condition	= ${if eq{$mime_boundary}{}{yes}{no}}
		log_message	= Broken MIME container (Empty MIME Boundary)
		add_header	= X-Warn-Boundary: Broken MIME container (Empty MIME Boundary)
	warn	authenticated	= *
		condition	= $mime_is_multipart
		condition	= ${if eq{$mime_boundary}{}{yes}{no}}
		log_message	= Broken MIME container (Empty MIME Boundary)
		add_header	= X-Warn-Boundary: Broken MIME container (Empty MIME Boundary)
	deny	! hosts		= +relay_from_hosts
		! authenticated	= *
		condition	= $mime_is_multipart
		condition	= ${if eq{$mime_boundary}{}{yes}{no}}
		message		= Broken MIME container (Empty MIME Boundary) (${message_id})
		logwrite	= original recipients: $recipients
')
ifelse_strstr(confCHECK_BOUNDARY, `WARN', `dnl
	warn	condition	= ${if eq{$mime_boundary}{}{yes}{no}}
		condition	= $mime_is_multipart
		message		= X-Warn-Boundary: Broken MIME container (Empty MIME Boundary)
		log_message	= Broken MIME container (Empty MIME Boundary)
')
')
dnl
ifelse_strstr(confCHECK_BOUNDARY, `LONG', `dnl
	# Long MIME Boundary Vulnerability
ifelse_strstr(confCHECK_BOUNDARY, `REJECT', `dnl
	warn	hosts		= +relay_from_hosts
		condition	= $mime_is_multipart
		condition	= ${if >{${strlen:$mime_boundary}}{confCHECK_BOUNDARY_MAX_LENGTH}{yes}{no}}
		log_message	= Broken MIME container (Long MIME Boundary)
		add_header	= X-Warn-Boundary: Broken MIME container (Long MIME Boundary)
	warn	authenticated	= *
		condition	= $mime_is_multipart
		condition	= ${if >{${strlen:$mime_boundary}}{confCHECK_BOUNDARY_MAX_LENGTH}{yes}{no}}
		log_message	= Broken MIME container (Long MIME Boundary)
		add_header	= X-Warn-Boundary: Broken MIME container (Long MIME Boundary)
	deny	! hosts		= +relay_from_hosts
		! authenticated	= *
		condition	= $mime_is_multipart
		condition	= ${if >{${strlen:$mime_boundary}}{confCHECK_BOUNDARY_MAX_LENGTH}{yes}{no}}
		message		= Broken MIME container (Long MIME Boundary) (${message_id})
		logwrite	= original recipients: $recipients
')
ifelse_strstr(confCHECK_BOUNDARY, `WARN', `dnl
	warn	condition	= ${if >{${strlen:$mime_boundary}}{confCHECK_BOUNDARY_MAX_LENGTH}{yes}{no}}
		condition	= $mime_is_multipart
		log_message	= Broken MIME container (Long MIME Boundary)
		add_header	= X-Warn-Boundary: Broken MIME container (Long MIME Boundary)
')
')