Hi everybody,
i maintain several email filter appliances, and planning a move to EFA, but i would like to understand if there is some kind of support in doing this since this feature is critical to me.
With some commercial products, it is possibile to rewrite URLs in mail, in order to send them to a sandbox to increase phishing/malware detection.
Eg "https://www.google.com" becomes "https://gotomysandbox?=www.google.com"
Does EFA, in some of its components (mailscanner, spamassasin...) support this kind of rewrite?
Thanks a lot.
Rewrite URLs for inbound mail
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Rewrite URLs for inbound mail
This can probably be done at the postfix MTA level with a script that hunts for URLs and rewrites them on incoming email as an after-queue content filter.
http://www.postfix.org/FILTER_README.html
http://www.postfix.org/FILTER_README.html
Re: Rewrite URLs for inbound mail
Thanks Shawn,
i thought about it, but if i could i would avoid MTA based solutions, for several reasons that i will not list here.
Since mailscanner already does something similar (more or less) with "phishing fraud detection", where URLs got analyzed and plain text eventually added to mail, i thought that an higher level solution than postfix based rewrite would be feasible.
i thought about it, but if i could i would avoid MTA based solutions, for several reasons that i will not list here.
Since mailscanner already does something similar (more or less) with "phishing fraud detection", where URLs got analyzed and plain text eventually added to mail, i thought that an higher level solution than postfix based rewrite would be feasible.
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Rewrite URLs for inbound mail
Well, I just so happen to be the primary dev for mailscanner. Feature request?
I have a few bugs to squash first, but such a feature would be possible to implement.
I have a few bugs to squash first, but such a feature would be possible to implement.
Re: Rewrite URLs for inbound mail
I'm also looking at this.
Given your experience, what would be the right place for that function? (Mailscanner, Spamassassin...)
I was thinking about mailscanner GenericSpamScanner.pm, that could be able to process mail and call external program.
Given your experience, what would be the right place for that function? (Mailscanner, Spamassassin...)
I was thinking about mailscanner GenericSpamScanner.pm, that could be able to process mail and call external program.
Re: Rewrite URLs for inbound mail
Hi Shawn,
in the end i followed Postfix postqueue filter, just to be inconsistent with what i said before
Starting from https://github.com/MiroslavHoudek/postfix-filter-loop simple code it's easy to bring up a Python smtp proxy for inbound email.
Pretty raw but doing its work, stress tested with hundred of mails and still figthing
in the end i followed Postfix postqueue filter, just to be inconsistent with what i said before
Starting from https://github.com/MiroslavHoudek/postfix-filter-loop simple code it's easy to bring up a Python smtp proxy for inbound email.
Pretty raw but doing its work, stress tested with hundred of mails and still figthing