Perl e-mail mime attachment remover

From Mike A. Leonetti

Jump to: navigation, search

The purpose of this script is to detect certain attachment types in an e-mail and then remove them. Then attach a text file to the same e-mail informing the recipient that the files were in fact removed.

The actual script was designed to work with postfix but I'm sure it can be incorporated to work with other MTAs. But this guide will cover postfix (for now).

Contents

Requirements

The script

Can be found here: http://www.mikealeonetti.com/files/remove_attachments

Installation

First create a new system user to be used for content filtering.

useradd -r -c "Postfix filter user" -m -d /var/spool/filter -s /bin/bash filter

Note: The above line should also autocreate the /var/spool/filter directory.

Next, install the script somewhere for example /usr/local/bin and make sure it's executable for the filter user (you can chmod 755 on the script too).

Create the files:

  • /etc/postfix/filter_domains
  • /etc/postfix/filter_attachments

And make sure they are readable by the filter user.

Open /etc/postfix/filter_domains and add on each line the domains that the script should check for. More on this later. Now open /etc/postfix/filter_attachments and add the attachments that should be filtered out, one per line.

Now open up /etc/postfix/master.cf and add the following under the smtp line:

smtp      inet  n       -       n       -       -       smtpd
  -o content_filter=remove_attachments:
remove_attachments unix  -      n        n       -      -        pipe
  flags=Rq user=filter argv=/usr/local/bin/remove_attachments ${sender} ${recipient}

Now all e-mails that come through the server will be 'filtered' using the script.

Configuring the script

As we mentioned before the files /etc/postfix/filter_domains and /etc/postfix/filter_attachments control the script. Put the file extensions to filter in /etc/postfix/filter_attachments on one per line.

Now, the other file /etc/postfix/filter_domains should contain a list of domains that you want the script to check for. You configure the script so that only e-mails from these domains will be checked. Or only e-mails going to these domains should be checked. Or e-mails going from and coming to these domains (internal e-mamils) should be checked. Or to disregard the domains completely.

To modify this open open the script and find the following lines:

        # Comment out the next five lines to ignore the the from domain
        unless( grep $_ eq $from_domain, @filter_domains )
        {
                send_email();
                next;
        }
        # Comment out the next five lines to ignore the the to domain
        unless( grep $_ eq $to_domain, @filter_domains )
        {
                send_email();
                next;
        }

As the comments suggest, the commenting out

        # Comment out the next five lines to ignore the the from domain
        unless( grep $_ eq $from_domain, @filter_domains )
        {
                send_email();
                next;
        }

will ignore the from domain and only match the to domain.

Commenting out

        # Comment out the next five lines to ignore the the to domain
        unless( grep $_ eq $to_domain, @filter_domains )
        {
                send_email();
                next;
        }

will ignore the to domain and only match the from domain.

Commenting out all of them will ignore the domains completely. Although the script will still complain without a /etc/postfix/filter_domains file.

Warnings

Be careful when using this script with spam filters that use the postfix header_check option like MailScanner. The spam filter will end up requeueing the message continually until the e-mail gets bounced back for hopping too much.

I was able to work around this in one particular scenario by listening on another port with postfix, albeit a little bit dirty. I just disabled header_checks for that port.

2525      inet  n       -       n       -       -       smtpd
  -o content_filter=remove_attachments:
  -o header_checks=

Bugs

Any to report bugs please contact me or leave a comment on the discussion page.

Other versions of this script

Personal tools
Google AdSense