![\"text](\"https:\/\/partofthething.com\/thoughts\/wp-content\/uploads\/laura-holewa-server-reject-idea-swearfilter.png\")
<\/a><\/p>\n
How to do multiple content filters on postfix<\/h3>\n
Learning materials include:<\/p>\n
- \n
- Postfix After-Queue Content Filtering<\/a><\/li>\n
- Dude who triggered a script via email but didn’t forward it to the mailbox<\/a><\/li>\n
- Dude on maillist who asked the right question but got mediocre answers<\/a><\/li>\n
- Another person who tried to figure it out<\/a><\/li>\n<\/ul>\n
A lot of answers were along the lines of “Just get amavisd to do the other filter.” Maybe that’s the right answer but I’m not running amavisd and didn’t feel like setting it up just for this.<\/p>\n
Then I stared at the postfix config for a while, in particular at this line:<\/p>\n
spamassassin unix - n n - - pipe user=spamd argv=\/usr\/bin\/spamc -f -e \/usr\/sbin\/sendmail -oi -f ${sender} ${recipient}<\/pre>\nThat tells postfix to pipe everything off to spamc for content filtering. Then, once the filtering is done, the -e sendmail thing (according to the man pages for spamc)\u00a0 sends the filtered mail to sendmail, which delivers it to dovecot for filing. Aha! I bet you can just send the processed mail to an intermediate script that does its thing and then sends it on to sendmail! Turns out this works perfectly. Here’s my script (WARNING<\/span>: it has swear words in it!)<\/p>\n
#!\/usr\/bin\/python3\r\n\"\"\"\r\nCheck some stuff and modify header of emails coming in from the output of SpamAssassin.\r\n\r\nThis is for Laura H's swearword detecting email system. \r\n\r\n\"\"\"\r\nimport email\r\nimport sys\r\nimport subprocess\r\n\r\nsender, recipient = sys.argv[1], sys.argv[2]\r\n\r\nsys.stdin = sys.stdin.detach()\r\nmsg = email.message_from_binary_file(sys.stdin)\r\nmsg_st = msg.as_string()\r\n\r\ncount = 0\r\nfor swearword in ['shit','fuck','cunt','bitch','bastard']:\r\n count += msg_st.count(swearword)\r\nif count>10:\r\n msg.add_header('X-Too-Many-Swearwords', 'YES')\r\n\r\n# relay the modified message back to postfix for delivery to dovecot\r\np = subprocess.Popen(['\/usr\/sbin\/sendmail', '-oi', '-f', sender, recipient], stdin=subprocess.PIPE, stderr=subprocess.PIPE)\r\nstdout = p.communicate(input=msg.as_bytes())\r\n<\/pre>\nAs you can see, this just expects an email to come in on stdin, checks it out, and sends it to the stdin of sendmail.<\/p>\n
This is not particularly efficient, because it will take some time for python to process some huge attachment looking for swearwords in binary. I wouldn’t put this on a large-scale system. But the pathway works so adjust to suit your needs!<\/p>\n
Your postfix config line changes to:<\/p>\n
spamassassin unix - n n - - pipe user=spamd argv=\/usr\/bin\/spamc -f -e \/usr\/local\/bin\/swearfilter.py ${sender} ${recipient}<\/pre>\nProcessing in Dovecot<\/h3>\n
Now that we have a header that indicates swearwords (‘X-Too-Many-Swearwords’), we can take actions with it. The Dovecot PigeonHole<\/a> extension interprets the Sieve language<\/a> which is used to do stuff based on email content. I use it to filter emails server-side into folders and stuff, and to reject emails flagged as spam into my spam folder. You can actually adjust the filters directly from Thunderbird with an extension<\/a>, so that’s cool (uses ManageSieve Dovecot extension too).<\/p>\n
Here’s the user-level Pigeonhole\/Sieve filter that deals with swearwords and does some other stuff. The spam filtering is in the global one, which I configured to run before this.<\/p>\n
require [\"fileinto\", \"envelope\", \"mailbox\",\"reject\"];\r\nif header :contains \"From\" [\"notifications@github.com\"] {\r\n\u00a0 fileinto \"INBOX.Lists\";\r\n}\r\nelsif header :contains \"From\" [\"paypal.com\",\"facebookmail.com\"] {\r\n\u00a0 fileinto \"INBOX.Lists\";\r\n}\r\nelsif header :contains \"X-Too-Many-Swearwords\" \"YES\" {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 reject text:\r\nWhoops! Your message was a bit too vulgar for the email server to process.\r\nPlease adjust and resend. Thanks!\r\n.\r\n\u00a0\u00a0\u00a0\u00a0\u00a0 ;\r\n}<\/pre>\nThat last clause simply rejects the email so I never even see it and tells the author to send a new email. Nice! Totally works. Gmail marks the response as spam though… typical!<\/p>\n
Anyway, so that was fun, if not totally useless. I had enough trouble configuring that I hope this info helps someone do something actually useful! Good luck.<\/p>\n","protected":false},"excerpt":{"rendered":"
A year ago, my friend Laura was wishing that email providers could do some tone filtering and reject messages that are too mean. Since I run my own email server, I thought it might be simple to set something like that up easily. Turns out, it’s not that hard, but it wasn’t exactly trivial to … Continue reading Adding multiple content filters to an email server with postfix and dovecot Pigeonhole\/Sieve<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[3],"tags":[],"class_list":["post-1318","post","type-post","status-publish","format-standard","hentry","category-computers"],"_links":{"self":[{"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/posts\/1318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/comments?post=1318"}],"version-history":[{"count":2,"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/posts\/1318\/revisions"}],"predecessor-version":[{"id":1387,"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/posts\/1318\/revisions\/1387"}],"wp:attachment":[{"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/media?parent=1318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/categories?post=1318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partofthething.com\/thoughts\/wp-json\/wp\/v2\/tags?post=1318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Dude who triggered a script via email but didn’t forward it to the mailbox<\/a><\/li>\n