Rewrite URLs for inbound mail

Questions and answers about how to do stuff
Post Reply
xprofetax
Posts: 5
Joined: 16 Nov 2019 22:04

Rewrite URLs for inbound mail

Post by xprofetax » 16 Nov 2019 22:10

Hi everybody,
i maintain several email filter appliances, and planning a move to EFA, but i would like to understand if there is some kind of support in doing this since this feature is critical to me.

With some commercial products, it is possibile to rewrite URLs in mail, in order to send them to a sandbox to increase phishing/malware detection.
Eg "https://www.google.com" becomes "https://gotomysandbox?=www.google.com"

Does EFA, in some of its components (mailscanner, spamassasin...) support this kind of rewrite?

Thanks a lot.

User avatar
shawniverson
Posts: 2900
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Rewrite URLs for inbound mail

Post by shawniverson » 17 Nov 2019 10:53

This can probably be done at the postfix MTA level with a script that hunts for URLs and rewrites them on incoming email as an after-queue content filter.

http://www.postfix.org/FILTER_README.html
Version eFa 4.0.0 now available!

xprofetax
Posts: 5
Joined: 16 Nov 2019 22:04

Re: Rewrite URLs for inbound mail

Post by xprofetax » 17 Nov 2019 16:02

Thanks Shawn,
i thought about it, but if i could i would avoid MTA based solutions, for several reasons that i will not list here.
Since mailscanner already does something similar (more or less) with "phishing fraud detection", where URLs got analyzed and plain text eventually added to mail, i thought that an higher level solution than postfix based rewrite would be feasible.

User avatar
shawniverson
Posts: 2900
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Rewrite URLs for inbound mail

Post by shawniverson » 17 Nov 2019 20:45

Well, I just so happen to be the primary dev for mailscanner. Feature request? :D

I have a few bugs to squash first, but such a feature would be possible to implement. :dance:
Version eFa 4.0.0 now available!

xprofetax
Posts: 5
Joined: 16 Nov 2019 22:04

Re: Rewrite URLs for inbound mail

Post by xprofetax » 17 Nov 2019 21:13

Would be great! :)

xprofetax
Posts: 5
Joined: 16 Nov 2019 22:04

Re: Rewrite URLs for inbound mail

Post by xprofetax » 18 Nov 2019 09:19

I'm also looking at this.
Given your experience, what would be the right place for that function? (Mailscanner, Spamassassin...)
I was thinking about mailscanner GenericSpamScanner.pm, that could be able to process mail and call external program.

xprofetax
Posts: 5
Joined: 16 Nov 2019 22:04

Re: Rewrite URLs for inbound mail

Post by xprofetax » 20 Nov 2019 08:35

Hi Shawn,
in the end i followed Postfix postqueue filter, just to be inconsistent with what i said before :)

Starting from https://github.com/MiroslavHoudek/postfix-filter-loop simple code it's easy to bring up a Python smtp proxy for inbound email.
Pretty raw but doing its work, stress tested with hundred of mails and still figthing ;)

Post Reply