OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: company's profile attachment file for every outgoing mail...
From: Bennett Todd (betrahul.net)
Date: Wed Dec 27 2000 - 10:28:16 CST

2000-12-27-09:34:29 vasudeva:
> How can I implement attachment (company's profile attachment file)
> feature for all outgoing mails?

Postfix doesn't have a simple option to use for this. It's not a
simple job.

If email messages are somehow constrained in your environment to
some specific format --- e.g. never any MIME at all; or all messages
are either plain text or one specific MIME structure, or at most
just a couple of possible different MIME structures --- then there
may be relatively simple mechanisms that could work, one for each
possible message structure. But if you have a general goal of adding
such a banner to every message as it's sent by the Mail Transport
Agent, _and_ you include additional design goals that many of us
would consider mandatory for a general-purpose facility:

1) Allow, and refrain from breaking, _all_ MIME types, including
   various specializations of RFC 1847 for multipart/signed and/or
   encrypted;

2) Have the company banner be reasonably viewable when received for
   all message types, without having it obliterate the actual
   message

then the job will require a full MIME parser, which is distinctly
non-trivial; no part of Postfix currently analyzes the internal
structure of the bodies of email messages in any such sophisticated
fashion.

The most reasonable place to add such banners is not in the Mail
Transport Agent, but rather in the Mail User Agent --- the program
that's being used to compose the email messages. The Mail User Agent
is the program that's composing the MIME structure, adding something
like this there would make far better sense. If you cannot control
the Mail User Agent sufficiently to ensure that it always adds your
banner, then you also have little control over the format of
messages coming through, so your choices will break down to

1) Only add banners to one or two types of messages, and either
   refuse all other sorts, or pass them through without the banners;

2) Add banners to every message in a simple fashion, but end up
   corrupting some message types, and perhaps end up with the banner
   hidden from viewers with some message types;

3) Create a banner-adding-program that performs a full MIME
   structure analysis and recreates the message with a new MIME
   structure that includes the banner.

Note that support for multipart/signed messages is already
significantly fragile; some broken transport components corrupt the
signatures already, and some mail user agents have trouble reading
some forms of signed messages. Any transformations you add here will
just make this problem worse.

I _strongly_ recommend trying to modify your users' mail user agents
to add your company-mandated marketing material, and limit MTA
processing to possibly blocking, or producing reports of, messages
that do not contain the mandated banner.

As Postfix's internal representations of messages don't reflect
the interface they arrived on, it won't be easy to use something
like body_checks to apply even that limited sort of checking ---
you don't want to refuse to accept _incoming_ messages that don't
contain your advertising material. So regardless, if you want any
involvement from the MTA at all, I believe you'll need to use,
as others have suggested, the content filtering hooks. Structure
your program, whether it's a scanner or a MIME-smart rewriter or
whatever, as an SMTP proxy, and configure postfix to reroute all
traffic through it. Let it examine the envelope recipient to deduce
whether the message is incoming or outbound, and if it's outbound to
perform its checks or modifications, then re-inject the message for
subsequent handling and delivery by Postfix.

As far as I know, the current work-in-progress for
creating a convenient reusable perl framework for
such content-filtering proxies is Macofida, at
<URL:http://www.magix.com.sg/users/sweeheng/macofida/>. Seems like
it's lain idle for about 6 months without a substantive update, and
about 3 months since the front-page was last modified.

-Bennett

  • application/pgp-signature attachment: stored