Solution for: #110: Simple content-based filtering for Postfix
Regex-based Postfix filtering
- yliu on March 10, 2011, 12:57 AM UTC
Postfix has content-based filtering capability. In fact, it has multiple ways to attach filters. However, its documentation is rather baroque, and the top Google hits tend to be how to integrate a separate filtering server into the mail process.
The simplest solution that I found involves the use of capabilities called mime_header_checks and body_checks, which are filtering behaviors that can be configured through Postfix's main.cf file.
There are also several ways to configure body_checks. I used pcre-based regex matching. On Ubuntu, this involved apt-get'ing the postfix-pcre package first.
Once the capability is installed, add a line to main.cf like so:
where pcre: specifies a regex based filter and /etc/postfix/header_checks is a file containing regex filtering expressions, one filter per line.
The /etc/postfix/header_checks file looks something like:
Remember that mime_header_checks is used for attachment filtering, and body_checks is for message text filtering. The reference to this problem used the wrong filter, and it simply won't work.
Reload Postfix's configs and the next message that matches the regex will be rejected for content issues.
The simplest solution that I found involves the use of capabilities called mime_header_checks and body_checks, which are filtering behaviors that can be configured through Postfix's main.cf file.
There are also several ways to configure body_checks. I used pcre-based regex matching. On Ubuntu, this involved apt-get'ing the postfix-pcre package first.
Once the capability is installed, add a line to main.cf like so:
mime_header_checks=pcre:/etc/postfix/header_checks
where pcre: specifies a regex based filter and /etc/postfix/header_checks is a file containing regex filtering expressions, one filter per line.
The /etc/postfix/header_checks file looks something like:
/^(.*)name=\"(DHL_document).(zip|cmd)\"$/ REJECT
/^(.*)name=\"(DHL_notification).(zip|cmd)\"$/ REJECT
Remember that mime_header_checks is used for attachment filtering, and body_checks is for message text filtering. The reference to this problem used the wrong filter, and it simply won't work.
Reload Postfix's configs and the next message that matches the regex will be rejected for content issues.
References used:
Filter attachments (.bat, .exe, etc..) in postfix | Linux Poison
( http://linuxpoison.blogspot.com/2007/12/filter-attachments-bat-exe-etc-in.html# ) - found by yliu on March 10, 2011, 12:58 AM UTC
Postfix manual - header_checks(5)
( http://www.postfix.org/header_checks.5.html ) - found by yliu on March 10, 2011, 07:48 AM UTC
Comments
I find this kind of filter basically useless. All you have to do is rename your file and the attachment will go through. change .exe to .ex1 and now you can send executable programs. Granted, you probably can't just double click them on the other side, but still.
— Nathan on April 19, 2011, 11:11 PM UTC@Nathan sure, but general spam is not the problem I want to solve. if you read the problem statement up there, I described that my problem -- blocking one specific set of emails exhibiting a specific set of known properties. I solve information retrieval problems for a living, but pulling out a support vector machine classifier is more than overkill for this issue.
— yliu on April 19, 2011, 11:58 PM UTC