efa-project.org

Hi everybody,
i maintain several email filter appliances, and planning a move to EFA, but i would like to understand if there is some kind of support in doing this since this feature is critical to me.

With some commercial products, it is possibile to rewrite URLs in mail, in order to send them to a sandbox to increase phishing/malware detection.
Eg "https://www.google.com" becomes "https://gotomysandbox?=www.google.com"

Does EFA, in some of its components (mailscanner, spamassasin...) support this kind of rewrite?

Thanks a lot.

This can probably be done at the postfix MTA level with a script that hunts for URLs and rewrites them on incoming email as an after-queue content filter.

http://www.postfix.org/FILTER_README.html

Thanks Shawn,
i thought about it, but if i could i would avoid MTA based solutions, for several reasons that i will not list here.
Since mailscanner already does something similar (more or less) with "phishing fraud detection", where URLs got analyzed and plain text eventually added to mail, i thought that an higher level solution than postfix based rewrite would be feasible.

Well, I just so happen to be the primary dev for mailscanner. Feature request?

I have a few bugs to squash first, but such a feature would be possible to implement.

Would be great!

I'm also looking at this.
Given your experience, what would be the right place for that function? (Mailscanner, Spamassassin...)
I was thinking about mailscanner GenericSpamScanner.pm, that could be able to process mail and call external program.

Hi Shawn,
in the end i followed Postfix postqueue filter, just to be inconsistent with what i said before

Starting from https://github.com/MiroslavHoudek/postfix-filter-loop simple code it's easy to bring up a Python smtp proxy for inbound email.
Pretty raw but doing its work, stress tested with hundred of mails and still figthing