Лечим почтовые вложения winmail.dat

Материал из support.qbpro.ru
Версия от 10:41, 23 июня 2023; Vix (обсуждение | вклад) (Новая страница: «Проблема древняя и как водится связана с попыткой Microsoft навязывать свои стандарты. Откуда берется почтовое вложение winmail.dat вы можете почитать тут: https://support.mozilla.org/ru/kb/chto-oznachaet-vlozhenie-winmaildat сегодня мы решим эту проблему глобально, прокачаем наш postfix сервер...»)
(разн.) ← Предыдущая версия | Текущая версия (разн.) | Следующая версия → (разн.)

Проблема древняя и как водится связана с попыткой Microsoft навязывать свои стандарты. Откуда берется почтовое вложение winmail.dat вы можете почитать тут: https://support.mozilla.org/ru/kb/chto-oznachaet-vlozhenie-winmaildat

сегодня мы решим эту проблему глобально, прокачаем наш postfix сервер

Установим MIMEDefang. для CentOS

yum install mimedefang

для Ubuntu

apt-get install mimedefang

Настроим MIMEDefang на определенный порт TCP, наша служба будет слушать этот порт. Для этого исправим конфигурацию

для CentOS: /etc/sysconfig/mimedefang
для Ubuntu: /etc/default/mimedefang

дописываем в конце

SOCKET=inet:10185

Отредактируем файл /etc/mail/mimedefang-filter, можете просто вставить текст ниже

# -*- Perl -*-
#***********************************************************************
#
# mimedefang-filter
#
# Suggested minimum-protection filter for Microsoft Windows clients, plus
# SpamAssassin checks if SpamAssassin is installed.
#
# Copyright (C) 2002 Roaring Penguin Software Inc.
#
# This program may be distributed under the terms of the GNU General
# Public License, Version 2, or (at your option) any later version.
#
# $Id$
#***********************************************************************

#***********************************************************************
# Set administrator's e-mail address here.  The administrator receives
# quarantine messages and is listed as the contact for site-wide
# MIMEDefang policy.  A good example would be 'defang-admin@mydomain.com'
#***********************************************************************
$AdminAddress = 'postmaster@localhost';
$AdminName = "MIMEDefang Administrator's Full Name";

#***********************************************************************
# Set the e-mail address from which MIMEDefang quarantine warnings and
# user notifications appear to come.  A good example would be
# 'mimedefang@mydomain.com'.  Make sure to have an alias for this
# address if you want replies to it to work.
#***********************************************************************
$DaemonAddress = 'mimedefang@localhost'; 

#***********************************************************************
# If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard
# to add warnings directly in the message body (text or html) rather
# than adding a separate "WARNING.TXT" MIME part.  If the message
# has no text or html part, then a separate MIME part is still used.
#***********************************************************************
$AddWarningsInline = 0; 

#***********************************************************************
# To enable syslogging of virus and spam activity, add the following
# to the filter:
# md_graphdefang_log_enable();
# You may optionally provide a syslogging facility by passing an
# argument such as:  md_graphdefang_log_enable('local4');  If you do this, be
# sure to setup the new syslog facility (probably in /etc/syslog.conf).
# An optional second argument causes a line of output to be produced
# for each recipient (if it is 1), or only a single summary line
# for all recipients (if it is 0.)  The default is 1.
# Comment this line out to disable logging.
#***********************************************************************
md_graphdefang_log_enable('mail', 1); 

#***********************************************************************
# Uncomment this to block messages with more than 50 parts.  This will
# *NOT* work unless you're using Roaring Penguin's patched version
# of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later.
#
# WARNING: DO NOT SET THIS VARIABLE unless you're using at least
# MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail.
#***********************************************************************
# $MaxMIMEParts = 50;

#***********************************************************************
# Set various stupid things your mail client does below.
#***********************************************************************

# Set the next one if your mail client cannot handle multiple "inline"
# parts .
$Stupidity{"NoMultipleInlines"} = 0; 
# Detect and load Perl modules
detect_and_load_perl_modules();

sub filter {
    my($entity, $fname, $ext, $type) = @_;
 
    ### Convert TNEF winmail.dat format
    ### Note: You must install Convert::TNEF and File::Type from CPAN before using this script
    if (lc($type) eq "application/ms-tnef" or lc($fname) eq "winmail.dat" ) {
        use Convert::TNEF;
        use File::Type;
        use File::Temp qw(tempfile tempdir);
 
        # Create a unique temporary directory under "/tmp"
        my $tnefdir = tempdir(CLEANUP => 1, DIR => "/tmp");
        if (not $tnefdir) {
                md_graphdefang_log('tnef_fail',"Unable to create temporary directory");
                return action_accept();
        }
 
        # If we can't Convert the TNEF file for some reason, just accept the attachment and log the 
error
        my $tnef = Convert::TNEF->read_ent($entity,{output_dir=>"$tnefdir"});
        if (not $tnef) {
                md_graphdefang_log('tnef_fail',$Convert::TNEF::errstr);
                return action_accept();
        }
 
        my $ft = File::Type->new();
 
        # Append attachments contained in the winmail.dat file to the message.
        for ($tnef->attachments) {
             # Determine the mime-type of the file
             my $mimetype = $ft->mime_type($_->data);
 
                # File::Type doesn't detect text files well, this is a workaround
             if ($mimetype eq "application/octet-stream") {
                  #Set the mime-type to text/plain if the first 1024 characters are printable
                  $text_check = substr($_->data,0,1024);
                  $mimetype = "text/plain" unless $text_check =~ /[^[:print:]s]/;
             }
 
            my $tnef_entity = action_add_part($entity, "$mimetype", "base64", $_->data, $_- >longname, "attachment");
             md_graphdefang_log('tnef_ext', "File: " . $_->longname . " Type: $mimetype");
 
             # Run each new TNEF-sourced MIME part back through the filter again, this ensures that 
bad filenames etc.
             # cannot sneak through by being contained in winmail.dat files
 
             filter ($tnef_entity, $_->longname, "", "$mimetype");
        }
 
        # Deletes working files
        $tnef->purge;

 
        # Remark this if you want still want to keep the original winmail.dat file
         return action_drop();
    }
 
    # Keep the attachment
    return action_accept();
}

# DO NOT delete the next line, or Perl will complain.
1;

Раскрыть Установим модели Perl Convert::TNEF и File::Type для CentOS

yum install perl-Convert-TNEF.noarch

второй пакет надо скачать и установить

wget https://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/perl-File-Type-0.22-1.el6.rf.noarch.rpm
yum install perl-File-Type-0.22-1.el6.rf.noarch.rpm

для Ubuntu

apt-get install libconvert-tnef-perl
apt-get install libfile-type-perl

Проверим синтаксис Perl

# perl -c /etc/mail/mimedefang-filter

Настроим автозапуск службы MIMEDefang и запустим ее

systemctl enable mimedefang.service
service mimedefang restart

Проверим, слушает ли сервис указанный выше порт

# netstat -tlpn | grep 10185
tcp        0      0 0.0.0.0:10185           0.0.0.0:*               LISTEN      7401/mimedefang

Теперь добавим проверку в Postfix, для этого откроем конфиг /etc/postfic/main.cf и допишем в конце

smtpd_milters = inet:localhost:10185
milter_default_action = accept

готово! Любое письмо, которое будет иметь во вложении winmail.dat, будет обработано нашей службой и вложение будет расшифровано!