FEHCom
Consulting Qmail IP-Netze Publikationen

Content Filtering with Qmail

The two attached scripts enable you to do content filtering for incoming E-Mail with Qmail:

Installation

I recommend to install the scripts in /var/Qmail/bin (together with the Qmail binaries) or /usr/local/bin.

chmod 755 checksubj; chown root:Qmail checksubj
chmod 755 checkattach; chown root:Qmail checkattach
chmod 755 checkfile; chown root:Qmail checkfile

Usage:

Include a call to the scripts into

  • (1) your user's .Qmail files and - if applicable - into
  • (2) /var/Qmail/alias/.Qmail-default (first lines:)
|/var/Qmail/bin/checksubj
|/var/Qmail/bin/checkattach
|/var/Qmail/bin/checkfile
./Maildir/ (or ./mbox)

Filtering:

  • CHECKATTACH: Attachement Filter (MIME-Type, *.vbs, *.doc etc.)
    • Add/Remove the File Extension of a MIME-Part to be filtered into the "checktype".
  • CHECKFILE: Attachement Filter for any included Files (NAKEDWIFE.EXE etc.) - case is irrelevant.
    • Add/Remove the Filenames of the attached files to be filtered into the "checkfile".
  • CHECKSUBJ: E-Mail Header "Subject:" Filter ("ILOVEYOU" etc.)
    • Modify the subject text fields in "checksubj" to your needs, eg. add "|*insurance*".
    • The script evaluates the string case sensitive!
    • Avoid white spaces (blanks) between the filtering string and the "|"!
    • Attention! The content filter does not distinguish whether the parsed string is in the E-Mail Header or in the Body!
    • It allows wildcards, be careful!

Results

  1. The sender becomes the E-Mail bounced (with reason).
  2. You can watch the results (and test the scripts) viewing your Maillog.

Bounces

  • As a matter of fact, the E-Mail is bounced back to the sender (Return-Path:).
  • If the Recipient/receiving MTA applies the same rejection/filtering logic, the E-Mail will be double-bounced.
  • Within the Qmail scheme, double-bounces are handled by the postmaster account.
  • Therefore, it is import that the postmaster
    • is defined by means of /var/qmail/alias/.qmail-postmaster
    • and does not filter any incoming messages.

Dependencies:

These shell scripts depend on the availability of some UNIX commands, in particular the "gawk" routine.
If necessary change it to "nawk" or "awk" and/or install or symlink them.

[Impressum]

[FEHCom]

[top]