Loading ...
Sorry, an error occurred while loading the content.

Re: FILTER_README suggestions

Expand Messages
  • o2 - Marcin Wasilewski
    ... From: Wietse Venema To: Postfix users Sent: Friday, September 01, 2006 4:53 PM Subject:
    Message 1 of 16 , Sep 4, 2006
    • 0 Attachment
      ----- Original Message -----
      From: "Wietse Venema" <wietse@...>
      To: "Postfix users" <postfix-users@...>
      Sent: Friday, September 01, 2006 4:53 PM
      Subject: FILTER_README suggestions


      > Postfix's FILTER_README was written long before backscatter became
      > a problem. The first example (see below signature) has a warning
      > not to reject mail:
      >
      > Note: in this time of mail worms and spam, it is a BAD IDEA to
      > send known viruses or spam back to the sender, because that
      > address is likely to be forged. It is safer to discard known
      > to be bad content and to quarantine suspicious content so that
      > it can be inspected by a human being.
      >
      > Unfortunately, the text gives no example of how one would implement
      > this advice. Personally, I use no external filter so I have a hard
      > time coming up with field-tested examples.
      >
      > What do people use:
      >
      > - Have the filter return a distinct exit status that says "discard"?
      >
      > - Have the filter insert a "badness" indicator in a message header,
      > and dispose of bad mail with Postfix HOLD/DISCARD actions, maildrop
      > rules, cyrus sieves, or procmail filters?
      >
      > - Something completely different? Maybe no-one uses the pipe+sendmail
      > example and we can drop it from the documentation.
      >
      > Wietse
      >
      > 1 #!/bin/sh
      > 2
      > 3 # Simple shell-based filter. It is meant to be invoked as follows:
      > 4 # /path/to/script -f sender recipients...
      > 5
      > 6 # Localize these. The -G option does nothing before Postfix 2.3.
      > 7 INSPECT_DIR=/var/spool/filter
      > 8 SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.
      > 9
      > 10 # Exit codes from <sysexits.h>
      > 11 EX_TEMPFAIL=75
      > 12 EX_UNAVAILABLE=69
      > 13
      > 14 # Clean up when done or when aborting.
      > 15 trap "rm -f in.$$" 0 1 2 3 15
      > 16
      > 17 # Start processing.
      > 18 cd $INSPECT_DIR || {
      > 19 echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
      > 20
      > 21 cat >in.$$ || {
      > 22 echo Cannot save mail to file; exit $EX_TEMPFAIL; }
      > 23
      > 24 # Specify your content filter here.
      > 25 # filter <in.$$ || {
      > 26 # echo Message content rejected; exit $EX_UNAVAILABLE; }
      > 27
      > 28 $SENDMAIL "$@" <in.$$
      > 29
      > 30 exit $?
      >

      Hello,

      what do You think about this example: sa_quarantine.sh
      #!/bin/bash
      #Marcin Wasilewski, 20060904
      QUARANTINE_ABOVE=6
      REJECT_ABOVE=15
      SCORE=0

      INSPECT_DIR=/proxsmtp
      QUARANTINE_DIR=/proxsmtp/QUARANTINE
      EX_TEMPFAIL=75

      # Start processing.
      cat | spamc | tee $INSPECT_DIR/in.$$ || {
      echo -e "Cannot save mail to file"; exit $EX_TEMPFAIL; }

      SCORE=`grep '^X-Spam-Status' $INSPECT_DIR/in.$$ | sed 's/.* score=//' | sed
      's/ .*//' |sed 's/\..*//'`

      if [ "$SCORE" -ge $REJECT_ABOVE ]; then
      echo "550 Sorry, your message was flagged as spam and rejected!" >&2
      rm -f $INSPECT_DIR/in.$$
      exit 1
      fi

      if [ "$SCORE" -ge $QUARANTINE_ABOVE ]; then
      echo "550 Sorry, your message was flagged as spam and quarantined!" >&2
      mv $INSPECT_DIR/in.$$ $QUARANTINE_DIR/`date +%Y%m%d-%H:%M:%S`_$RANDOM.eml
      exit 1
      fi

      exit 0
      #######################
      it is a beta verison that I just create and it works.
      It requires: http://memberwebs.com/nielsen/software/proxsmtp/ to run
      proxsmtpd -f proxsmtpd.conf -d 4
      where proxsmtpd.conf is:
      OutAddress: 10025
      FilterCommand: /proxsmtp/sa_quarantine.sh
      FilterType: pipe
      Listen: 127.0.0.1:10024

      and Postfix's master.cf should be:
      smtp inet n - - - - smtpd
      -o smtpd_proxy_filter=127.0.0.1:10024

      # Re-injection after content filter
      127.0.0.1:10025 inet n - n - - smtpd
      -o smtpd_authorized_xforward_hosts=127.0.0.0/8
      -o smtpd_client_restrictions=
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o smtpd_data_restrictions=
      -o receive_override_options=no_unknown_recipient_checks

      I didn't test it strong enough to move it to production environment but I
      think it may be a good example.
      If someone could look at sa_quarantine.sh and correct my sed exp. and other
      errors - because I'm sure it can be done in better way :)

      Best regards
      Marcin
    Your message has been successfully submitted and would be delivered to recipients shortly.