Navigation:  Regularien > EDIFACT > Erforderliche Maßnahmen auf dem SEPPmail Secure E-Mail Gateway > Erstellen von Custom Commands >

LinkCustom macros and commands for all e-mails BEFORE processing

 Previous pageReturn to chapter overviewNext page

Die rot markierten Teile des Codes sind individuell zu ersetzen.

 

Zeile

Code

001

# Begin: Custom macros and commands for all e-mails BEFORE processing

002

log(1,'Begin: Custom macros and commands for all e-mails BEFORE processing');

 

 

003

# Begin: Setting EDIFACT informations

004

setvar('edifact_mailbox_regex','email\.address@domain\.tld');

005

setvar('clearing_mailbox','clearing@domain.tld');

006

setvar('keywords','ALOCAT|APERAK|CONTRL|CREMUL|DELFOR|DELJIT|DESADV|IFCSUM|IFTDGN|IFTMBC|IFTMBF|IFTMBP|IFTMIN|IFTSTA|IMBNOT|INSDES|INSRPT|INVOIC|INVRPT|MSCONS|NOMINT|NOMRES|ORDCHG|ORDERS|ORDRSP|QUOTES|PAYMUL|PAYORD|PRICAT|PRODAT|RECADV|REMADV|REQOTE|SLSRPT|UTILMD');

007

setvar('allowed_filetypes','!txt,!gzip,application,audio,image,text,video,message/news,message/rfc822,model/vrmlx-epoc/x-sisx-app');

008

## set variables to empty. Otherwise e.g. $reason would be handled as string "$reason" and not as variable

009

setvar('result','undefined');

010

setvar('reason','');

011

setvar('encryption_check','');

012

setvar('encryption_result','');

013

setvar('signature_check','');

014

setvar('signature_result','');

015

# End: Setting EDIFACT informations

 

 

016

EDIFACT_address_check = {

017

# Begin: EDIFACT address check

018

if (compareattr('to','match','.*@.*@.*')) {

019

log(1,'Found more than one recipient');

020

setvar('EDIFACTrecipient','more than one recipient: $header_to $header_cc');

021

setvar('reason','more than one recipient');

022

 flag('drop',1);

023

}

024

if (compare('cc','match','.*@.*')) {

025

log(1,'Found more than one recipient, dropping e-mail');

026

setvar('EDIFACTrecipient','more than one recipient: $header_to $header_cc');

027

setvar('reason','more than one recipient');

028

flag('drop',1);

029

}

030

log(1,'Delete all information from from- and to-header except SMTP-address');

031

replace_rcpt('(.*)(\<.*\>$)','$2');

032

setvar('EDIFACTrecipient','$to');

033

replace_sender('(.*)(\<.*\>$)','$2');

034

setvar('EDIFACTsender','$from');

035

# End: EDIFACT address check

036

};

 

 

037

EDIFACT_file_type_check = {

038

# Begin: EDIFACT file type check

039

log(1,'Checking if e-mail contains forbidden file types');

040

if (partoftype('$allowed_filetypes','info','false')) {

041

setvar('filetype_check','forbidden');

042

log(1,'Forbidden file types found');

043

if (empty('$reason')) {

044

setvar('reason','forbidden file type');

045

} else {

046

setvar('reason','$reason / forbidden file type');

047

}

048

flag('drop',1);

049

} else {

050

log(1,'No forbidden file types found');

051

setvar('filetype_check','OK');

052

}

053

# End: EDIFACT file type check

054

};

 

 

055

EDIFACT_subject_check = {

056

# Begin: EDIFACT subject check

057

log(1,'Checking if subject contains EDIFACT keyword');

058

if (compare('subject','match','$keywords')) {

059

log(1,'Found EDIFACT keyword');

060

setvar('subject_check','OK');

061

} else {

062

log(1,'No EDIFACT keyword found');

063

setvar('subject_check','No keyword found');

064

if (empty('$reason')) {

065

setvar('reason','wrong subject content');

066

} else {

067

setvar('reason','$reason / wrong subject content');

068

}

069

flag('drop',1);

070

}

071

# End: EDIFACT subject check

072

};

 

 

073

EDIFACT_encryption_subcheck = {

074

# Begin: EDIFACT encryption subcheck

075

if (compareattr('key_encryption_algorithm','match','RSAES-OAEP')) {

076

log(1,'...with RSAES-OAEP');

077

setvar('encryption_check','$encryption_check with RSAES-OAEP');

078

} else {

079

log(1,'...but not using RSAES-OAEP');

080

setvar('encryption_result','not OK');

081

setvar('encryption_check','$encryption_check, incorrect padding');

082

if (empty('$reason')) {

083

setvar('reason','incorrect S/MIME encryption padding');

084

} else {

085

setvar('reason','$reason / incorrect S/MIME encryption padding');

086

}

087

flag('drop',1);

088

}

089

if (compareattr('content_encryption_algorithm','match','AES-128|AES128')) {

090

log(1,'...with cipher AES128');

091

setvar('encryption_check','$encryption_check, cipher AES128');

092

} else if (compareattr('content_encryption_algorithm','match','AES-192|AES192')) {

093

log(1,'...with cipher AES192');

094

setvar('encryption_check','$encryption_check, cipher AES192');

095

 } else if (compareattr('content_encryption_algorithm','match','AES-256|AES256')) {

096

log(1,'...with cipher AES256');

097

setvar('encryption_check','$encryption_check, cipher AES256');

098

} else {

099

log(1,'...but with incorrect cipher');

100

setvar('encryption_result','not OK');

101

setvar('encryption_check','$encryption_check, incorrect cipher');

102

if (empty('$reason')) {

103

setvar('reason','incorrect S/MIME cipher');

104

} else {

105

setvar('reason','$reason / incorrect S/MIME cipher');

106

}

107

flag('drop',1);

108

}

109

# End: EDIFACT encryption subcheck

110

};

 

 

111

EDIFACT_encryption_check = {

112

# Begin: EDIFACT encryption check / decryption

113

if (smime_encrypted()) {

114

log(1,'E-mail is S/MIME encrypted...');

115

setvar('encryption_check','S/MIME encrypted');

116

$EDIFACT_encryption_subcheck;

117

if (!flag('drop')) {

118

if (decrypt_smime()) {

119

log(1,'E-mail successfully S/MIME decrypted');

120

setvar('encryption_result','OK');

121

} else {

123

log(1,'E-mail could not be S/MIME decrypted');

124

setvar('encryption_result','not OK');

125

setvar('encryption_check','$encryption_check, could not be S/MIME decrypted');

126

if (empty('$reason')) {

127

setvar('reason','could not be S/MIME decrypted');

128

} else {

129

setvar('reason','$reason / could not be S/MIME decrypted');

130

}

131

flag('drop',1);

132

}

133

}

134

} else {

135

log(1,'E-mail is not S/MIME encrypted, dropping e-mail');

136

setvar('encryption_result','not OK');

137

setvar('encryption_check','not S/MIME encrypted');

138

if (empty('$reason')) {

139

setvar('reason','not S/MIME encrypted');

140

} else {

141

setvar('reason','$reason / not S/MIME encrypted');

142

}

143

flag('drop',1);

144

}

145

 # End: EDIFACT encryption check

146

};

 

 

147

EDIFACT_signature_subcheck = {

148

# Begin: EDIFACT signature subcheck

149

if (compareattr('signature_algorithm','match','RSASSA-PSS')) {

150

log(1,'...with RSASSA-PSS');

151

setvar('signature_check','$signature_check with RSASSA-PSS');

152

} else {

153

log(1,'...but not using RSASSA-PSS');

154

setvar('signature_result','not OK');

155

setvar('signature_check','$signature_check, incorrect padding');

156

if (empty('$reason')) {

157

setvar('reason','incorrect S/MIME signing padding');

158

} else {

159

setvar('reason','$reason / incorrect S/MIME signing padding');

160

}

161

flag('drop',1);

162

}

163

if (compareattr('digest_algorithm','match','SHA-256|SHA256')) {

164

log(1,'...with digest SHA-256');

165

setvar('signature_check','$signature_check, digest SHA-256');

166

} else {

167

log(1,'...but with incorrect digest');

168

setvar('signature_result','not OK');

169

setvar('signature_check','$signature_check, incorrect digest');

170

if (empty('$reason')) {

171

setvar('reason','incorrect digest');

172

} else {

173

setvar('reason','$reason / incorrect digest');

174

}

175

flag('drop',1);

176

}

177

# End: EDIFACT signature subcheck

178

};

 

 

179

EDIFACT_signature_check = {

180

# Begin: EDIFACT signature check /validation

181

if (smime_signed()) {

182

log(1,'E-mail is S/MIME signed...');

183

setvar('signature_check','S/MIME signed');

184

$EDIFACT_signature_subcheck;

185

if (!flag('drop')) {

186

if (validate_smime_sig('1')) {

187

log(1,'Signature is valid');

188

setvar('signature_result','OK');

189

setvar('signature_check','$signature_check, signature is valid');

190

} else {

191

log(1,'Signature is invalid');

192

setvar('signature_result','not OK');

193

setvar('signature_check','$signature_check, signature is invalid');

194

if (empty('$reason')) {

195

setvar('reason','S/MIME signature validation failed');

196

} else {

197

setvar('reason','$reason / S/MIME signature validation failed');

198

}

199

flag('drop',1);

200

}

201

}

202

}else {

203

log(1,'E-mail is not S/MIME signed');

204

setvar('signature_result','not OK');

205

setvar('signature_check','not S/MIME signed');

206

if (empty('$reason')) {

207

setvar('reason','not S/MIME signed');

208

} else {

209

setvar('reason','$reason / not S/MIME signed');

210

}

211

flag('drop',1);

212

}

213

# End: EDIFACT signature check / validation

214

};

 

 

215

EDIFACT_sign = {

216

# Begin: EDIFACT sign

217

log(1,'S/MIME signing e-mail');

218

if (has_smime_key()){

219

log(1,'S/MIME key available');

220

if (sign_smime('sha256;pss')) {

221

log(1,'Signing successful');

222

setvar('signature_result','OK');

223

setvar('signature_check','S/MIME signed');

224

} else {

225

log(1,'Signing failed');

226

setvar('signature_check','signing failed');

227

setvar('signature_result','not OK');

228

if (empty('$reason')) {

229

setvar('reason','S/MIME signing failed');

230

} else {

231

setvar('reason','$reason / S/MIME signing failed');

232

}

233

flag('drop',1);

234

}

235

} else {

236

log(1,'No S/MIME key available for signing');

237

setvar('signature_result','not OK');

238

setvar('signature_check','no signing key available');

239

if (empty('$reason')) {

240

setvar('reason','no S/MIME signing key available');

241

} else {

242

setvar('reason','$reason / no S/MIME signing key available');

243

}

244

flag('drop',1);

245

}

246

# End: EDIFACT sign

247

};

 

 

248

EDIFACT_encrypt = {

249

# Begin: EDIFACT encrypt

250

if (smime_keys_avail()) {

250

log(1,'S/MIME certificate available for recipient $to');

251

if (encrypt_smime('','','aes192;oaep')) {

252

log(1,'Encryption successful');

253

setvar('encryption_check','S/MIME encrypted');

254

setvar('encryption_result','OK');

255

} else {

256

log(1,'Encryption failed');

257

setvar('encryption_result','not OK');

258

setvar('encryption_check','S/MIME encryption failed');

269

if (empty('$reason')) {

260

setvar('reason','S/MIME encryption failed');

261

} else {

262

setvar('reason','$reason / S/MIME encryption failed');

263

}

264

flag('drop',1);

265

}

266

} else {

267

log(1,'No S/MIME certificate available for encryption');

268

setvar('encryption_result','not OK');

269

setvar('encryption_check','no S/MIME certificate available');

271

if (empty('$reason')) {

272

setvar('reason','no S/MIME certificate available');

273

} else {

274

setvar('reason','$reason / no S/MIME certificate available');

275

}

276

flag('drop',1);

277

}

278

# End: EDIFACT encrypt

279

};

 

 

280

log(1,'End: Custom macros and commands for all e-mails BEFORE processing');

281

# End: Custom macros and commands for all e-mails BEFORE processing

Code