Content filtering software: Testing for Partial/MIME messages



Welcome to this new post. Today we will see how to test your content filtering software (on your network gateway, hopefully) for partial/mime email messages.
In order to follow this post, you need basic understanding of networking, Linux/Unix and your content filtering software. This post is aimed at software test engineers however it can also benefit network administrators or system administrators as well.
Before continuing lets see what partial mime message means. It is rather a feature available in MIME which can be exploited to deliver unwanted contents. So basic idea is if you were to send a large file using email then you can break email message into multiple (partial) messages of equal size and deliver it to its destination. On other end, mail client will receive all parts of that single message and regenerate original one. MS outlook express will regenerate complete email message out of different partial email messages. However, this can be exploited or misused for unwanted purposes.
So open question is how do we protect these partial messages? and in my opinion it is best to prevent partial messages altogether. So this can be implemented on user end using mail client that do not support partial messages or blocking such messages on your gateway itself. Best way is to block partial messages at gateway level.
So next thing is how do we verify if content filtering gateway is blocking incoming partial mime messages. Answer is to test it.  How do we test it is what we will see below.
First enable partial/mime message filter and apply some action such as BLOCK, email alert or simple alert based on your content filtering software.
Next, you need to download and install tool called ‘mpack’  on your Linux/Unix box. A quick goggle search led me to mpack man page.
# mpack –s “Test Subject” –m 1024 –o partial_mime <File_Name>
The above CLI will generate files of 1024 size with file named partial_mime.01, partial_mime.02 etc…
Now we can use standard ‘mail’ CLI available on all unices to send all these generated files… You can also pipe output of mpack to mail CLI to automate this process. This (Automation) is the prime objective of using mpack tool (easy automation :) ).
Now verify if all files are blocked or alerts are received on your gateway software.
References: Refer to RFC2046, RFC2646,RFC3798, RFC5147 and RFC5321 @ http://www.ietf.org/iesg/1rfc_index.txt

Note: We at TechSutram take our ethics very seriously. More information about it can be found here.
Mandar Pise Opinions expressed by techsutram contributors are their own. More details

Mandar is a seasoned software professional for more than a decade. He is Cloud, AI, IoT, Blockchain and Fintech enthusiast. He writes to benefit others from his experiences. His overall goal is to help people learn about the Cloud, AI, IoT, Blockchain and Fintech and the effects they will have economically and socially in the future.

1 comment:

  1. Hello,
    The Article on Content filtering Software Testing .Thanks for Sharing the information about it.It give detail information about Software Testing. Software Testing Services

    ReplyDelete

    Your valuable comments are welcome. (Moderated)