|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: An easy way of content filtering
From: Stephan Mueller (Stephan.Mueller
suse.de)Date: Sat May 20 2000 - 06:44:55 CDT
- Next message: Wietse Venema: "Re: message size"
- Previous message: Andreas Jellinghaus: "redirecting error messages ?"
- Next in thread: Wietse Venema: "Re: An easy way of content filtering"
- Reply: Wietse Venema: "Re: An easy way of content filtering"
- Reply: Tan Swee Heng: "Re: An easy way of content filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I though a little bit about Wietses idea about content filtering and I think
I found another (IMO easier way) of implementing this.
It has the same structure as Wietses idea. Wietse wrote:
> The idea is that all mail that enters Postfix (via smtpd or via
> the local pickup service) undergoes a trivial transformation that
> adds a pseudo top-level domain to each recipient.
> For example,
> postfix-userspostfix.org -> postfix-userspostfix.org.SANITIZE
[...]
> The .SANITIZE suffix could be added with a new table lookup:
>
> /etc/postfix/main.cf:
> recipient_mapping = regexp:/etc/postfix/recipient_mapping
>
> /etc/postfix/recipient_mapping:
> /(.*)/ $1.SANITIZE
IMO, we do not need a new table here. I think putting this stuff into
virtual_maps as the last table would be fine.
> The transport map would have an entry that routes the SANITIZE
> pseudo top-level domain to a pipe transport that runs the mail
> through a content filtering program of your choice.
>
> /etc/postfix/transport.cf:
> .SANITIZE sanitizer
>
> /etc/postfix/master.cf:
> sanitizer unix - n n - - pipe
> user=sanitize argv=/some/where/sanitize $sender $recipient
[...]
> If the sanitize program is happy, then it submits the message back
> via a second Postfix SMTP server that listens on localhost only.
>
> For example,
>
> localhost:26 inet n - - - - smtpd
> -o recipient_mapping=
With this you have another port in use in your system (and two redundant
SMTP-Daemon causing insecurity). I would say, implementing this -o option
into the sendmail-wrapper is all that you need. With this you do not open
this port 26 with an external program, but you only have to invoke "sendmail"
the following (after the satanizer has stripped the .SATANIZE-Domain):
sendmail -o virtual_maps= -f sender recipient
Of course here you can add your virtual_maps as needed, but you have to avoid
using the Regex-Table with the "satanize"-stuff.
IMO, this is much easier to implement and you do not use a second port or a
new table, isn't it?
PS: The suggested Regex-Table does not work, you have to use the following
(PCRE):
/^(?>(.*))(?<!satanize)/ ${1}.satanize
Otherwise you have a loop with adding the .satanize!
Ciao
Stephan
-- Stephan Müller Stephan.Mueller
- Next message: Wietse Venema: "Re: message size"
- Previous message: Andreas Jellinghaus: "redirecting error messages ?"
- Next in thread: Wietse Venema: "Re: An easy way of content filtering"
- Reply: Wietse Venema: "Re: An easy way of content filtering"
- Reply: Tan Swee Heng: "Re: An easy way of content filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]