Heiko Wundram
2006-03-29 23:31:35 UTC
Hi all!
I've written a small patch against Postfix 2.2.9 (which is what I use at the
moment on the mailservers I administer) which adds URL grepping to data_cmd
in smtpd.c, and offers the corresponding information to a policy service
which is registered with an smtpd_end_of_data_restriction.
I've used the patch that's available for download from the URL below for the
last 12 hours on a pretty high-traffic site, a slightly more buggy (in terms
of not freeing its resources) version of the patch longer than that without
problems in email traffic, and it allowed me to filter out quite a lot of
spam mails directly during the smtp-session (which is pretty cheap in terms
of system resources), without passing the mail through a more thorough
examination by amavisd-new, for example, with a simple policy daemon which
checks the urls that are given to it against surbl.org (and does some caching
to enhance response time).
The patch itself is pretty dumb; it uses a regular expression to filter
hostnames, and the RE is of the form:
(https?://|@)([A-Za-z0-9%._-]+)
where the second group contains the hostname that's given to the policy
service. As the patch doesn't understand MIME or any other encoding, save the
structure of an email, it can be fooled by base64-encoded HTML-attachments to
a mail, but for the spam I receive, this is the exception, and not the norm.
An added benefit to this dumb approach is that the patch correctly gets all
hostnames for email addresses and message ids that are present in the header.
As this patch is pretty specific, I don't think it's something that's sensible
to be included in the Postfix core, but anyway, maybe somebody else out there
is interested in this. I'll post the policy daemon I use (a simple Python
script) some time tomorrow to the same subversion repository that contains
the patch. I'd be grateful if you drop me a note if this proves to be useful
for you.
URL: http://svn.modelnine.org/svn/postpatches/postfix-hw1.patch
PS: The patch applies cleanly against 2.2.10-rc1 (AFAICT), and applies pretty
cleanly against the current 2.3 snapshot. There's one rejection (IIRC), but
that's not hard to fix.
--- Heiko Wundram.
I've written a small patch against Postfix 2.2.9 (which is what I use at the
moment on the mailservers I administer) which adds URL grepping to data_cmd
in smtpd.c, and offers the corresponding information to a policy service
which is registered with an smtpd_end_of_data_restriction.
I've used the patch that's available for download from the URL below for the
last 12 hours on a pretty high-traffic site, a slightly more buggy (in terms
of not freeing its resources) version of the patch longer than that without
problems in email traffic, and it allowed me to filter out quite a lot of
spam mails directly during the smtp-session (which is pretty cheap in terms
of system resources), without passing the mail through a more thorough
examination by amavisd-new, for example, with a simple policy daemon which
checks the urls that are given to it against surbl.org (and does some caching
to enhance response time).
The patch itself is pretty dumb; it uses a regular expression to filter
hostnames, and the RE is of the form:
(https?://|@)([A-Za-z0-9%._-]+)
where the second group contains the hostname that's given to the policy
service. As the patch doesn't understand MIME or any other encoding, save the
structure of an email, it can be fooled by base64-encoded HTML-attachments to
a mail, but for the spam I receive, this is the exception, and not the norm.
An added benefit to this dumb approach is that the patch correctly gets all
hostnames for email addresses and message ids that are present in the header.
As this patch is pretty specific, I don't think it's something that's sensible
to be included in the Postfix core, but anyway, maybe somebody else out there
is interested in this. I'll post the policy daemon I use (a simple Python
script) some time tomorrow to the same subversion repository that contains
the patch. I'd be grateful if you drop me a note if this proves to be useful
for you.
URL: http://svn.modelnine.org/svn/postpatches/postfix-hw1.patch
PS: The patch applies cleanly against 2.2.10-rc1 (AFAICT), and applies pretty
cleanly against the current 2.3 snapshot. There's one rejection (IIRC), but
that's not hard to fix.
--- Heiko Wundram.