PMDF System Manager's Guide
Previous Next Contents Index

30.4.7 Controlling e-mail Content and Message Priority

This section discusses imposing limits on the size or sensitivity of messages allowed through, and the related issue of setting message priority based on size, and general checking or filtering of message content.

30.4.7.1 Imposing Message Size Limits

The PMDF options BLOCK_LIMIT and LINE_LIMIT can be used to impose global size limits on all PMDF channels. The channel keywords blocklimit and linelimit can be used to impose size limits on specific destination channels; the channel keyword sourceblocklimit can be used to impose size limits on specific source channels.

The PMDF option CONTENT_RETURN_BLOCK_LIMIT can be used to force the NOTARY non-return of content flag for messages over the specified size; if such a message is subsequently bounced by a system that supports NOTARY, then the original message contents will not be included in the bounce message. The PMDF option BOUNCE_BLOCK_LIMIT can be used to cause PMDF, when generating a bounce message itself, to return only message headers for messages over the specified size.

30.4.7.2 Message Priority and Size Limits

On OpenVMS, PMDF jobs pay attention to message priority, i.e., to the presence of a Priority: header in the message. The priority of message that PMDF immediate jobs (those jobs created when a message is first submitted) will handle can be controlled with the immnonurgent, immnormal, and immurgent channel keywords. The priority of message that PMDF periodic jobs (those jobs run periodically by PMDF to retry delivery of previously undelivered messages) will handle can be controlled with the minperiodicpriority and maxperiodicpriority keywords. Or the urgentqueue, normalqueue, and nonurgentqueue keywords can be used to cause messages of different priorities to be processed in different queues.

Some sites can want to control the time of day, for instance, at which low priority messages are sent. And note that the nonurgentblocklimit, normalblocklimit, and urgentblocklimit keywords can be used to forcibly downgrade the priority of "large" messages.

30.4.7.3 Imposing Message Sensitivity Limits

The channel keywords sensitivitynormal, sensitivitypersonal, sensitivityprivate, and sensitivitycompanyconfidential can be used to impose an upper limit on the sensitivity of messages that can be enqueued to a channel. For instance, a site wanting not to emit messages of Company-confidential sensitivity might choose to set sensitivityprivate on their channel that sends out to the Internet, generally a tcp_local channel. See Section 2.3.4.89 for more details.

30.4.7.4 Filtering Based on Message Headers

PMDF's channel level mailbox filter facility can be used to check the headers of incoming messages and make decisions to reject messages based on, for instance, the Subject: header. See Section 16.2 for details.

30.4.7.5 Checking or Filtering Message Content

The best protection against problematic message content coming into your site is educated users who are committed to implementing your site security policies. The best protection against problematic message content leaving your site is educated users who are committed to conforming to your site security policies. If the users want to evade your policies, they can generally work around any imposed restrictions, for instance, by encrypting their messages.

If you do want to check the actual content of message parts, the PMDF conversion channel can be useful. You can use a CONVERSION mapping table to direct that certain message traffic, that is messages coming in certain channels and going out certain channels, pass through the PMDF conversion channel. The PMDF conversion channel can then run whatever content checking or filtering procedure or utility you want.

For instance, some sites like to have binary message attachments checked by virus sniffing software. A CONVERSION mapping table along the lines of 


CONVERSION 
 
  IN-CHAN=*;OUT-CHAN=tcp_internal;CONVERT      Yes
and PMDF conversions file entries along the lines of 


out-chan=tcp_internal; in-type=application; in-subtype=*; 
  parameter-copy-0=*; 
  command="yourviruscheckcommand 'INPUT_FILE' 'OUTPUT_FILE'" 
 
out-chan=tcp_internal; in-type=audio; in-subtype=*; 
  parameter-copy-0=*; 
  command="yourviruscheckcommand 'INPUT_FILE' 'OUTPUT_FILE'" 
 
out-chan=tcp_internal; in-type=image; in-subtype=*; 
  parameter-copy-0=*; 
  command="yourviruscheckcommand 'INPUT_FILE' 'OUTPUT_FILE'" 
 
out-chan=tcp_internal; in-type=video; in-subtype=*; 
  parameter-copy-0=*; 
  command="yourviruscheckcommand 'INPUT_FILE' 'OUTPUT_FILE'"
where yourviruscheckcommand is a site-supplied command to do virus checking, will run any MIME message parts of type APPLICATION, AUDIO, IMAGE, or VIDEO MIME through your procedure.

Note that when you are using the conversion channel to check message parts on the PMDF firewall system, you are likely to want the defragment channel keyword on outgoing channels, particularly channels that send to internal systems. The MIME format allows for messages to be split into multiple pieces, which are normally not reassembled until arrival at the final destination system. However, if you want the intermediate PMDF firewall system to check the message content, you will want to reassemble the message parts on the PMDF firewall system, so that the message content (rather than message content fragments) can be checked. See Section 2.3.4.76 for details.

30.4.7.6 Verifying Message Integrity

The conversion channel or service conversions can be used to perform site supplied message authentication (integrity) check procedures. See Chapter 6 for an overview of service conversions and the conversion channel. See also Chapter 25, discussing using BSMTP channels to "tunnel" messages between cooperating PMDF systems.

Previous Next Contents Index