read article : http://www.postfix.org/FILTER_README.html ("Simple content filter example")
* for the sample we use /etc/postfix to save the script files.
Step 1: create script file "/etc/postfix/content-filter.sh"
#!/bin/sh
# Localize these. The -G option does nothing before Postfix 2.3.
INSPECT_DIR=/var/spool/filter SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here. # Exit codes from <sysexits.h> EX_TEMPFAIL=75 EX_UNAVAILABLE=69 # Clean up when done or when aborting. trap "rm -f in.$$" 0 1 2 3 15 # Start processing. cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } /./etc/postfix/mail-cleaner.php in.$$ $SENDMAIL "$@" <in.$$ exit $?
Step 2: create php content filter file "/etc/postfix/mail-cleaner.php"
#!/usr/bin/php <?php //read mail file. $file=$argv[1]; $data=file_get_contents($file); $mail_parts=explode("\n\n",$data); //Get header $header=$mail_parts[0]; //Get all mail parts. $mail_parts[0]=""; $content=implode($mail_parts,"\n\n"); //Remove all email address from mail content $content=preg_replace("/[^\s]*@[^@\s]*\.[^@\s]*/", "***@***.***", $content); //Remove all websites from mail contant $content=preg_replace("/[a-zA-Z]*[:\/\/]*[A-Za-z0-9\-_]+\.+[A-Za-z0-9\.\/%&=\?\-_]+\.+/i", "www.***.***", $content); //Save the new email. file_put_contents($file,$header."\n\n".$content); ?>
Step 3: add configuration to "/etc/postfix/master.cf"
add the following lines to "master.cf"
filter unix - n n - 10 pipe
flags=Rq user=filter null_sender=
argv=/etc/postfix/content-filter.sh -f ${sender} -- ${recipient}
add option "-o content_filter=filter:dummy" to smtp service
smtp inet n - - - - smtpd -o content_filter=filter:dummy
Step 4: Create user "filter" and add premissions
simple run commands :
# (for centOS 6) create new user without home directory useradd -M filter #add execute permissions to script files chmod +rx /etc/postfix/content-filter.sh chmod +rx /etc/postfix/mail-cleaner.php #create directory filter mkdir /var/spool/filter #change owner and group to filter chown filter /var/spool/filter chgrp filter /var/spool/filter
Step 5: (*) Disable SELinux security
to running the scripts we must to trun off the selinux security
http://www.crypt.gen.nz/selinux/disable_selinux.html
change the in file "/etc/selinux/config"
from :
SELINUX=enforcing
to:
SELINUX=disabled
Step 6: Reboot.
enjoy!
Attention :
(*) if you don't disable the SELinux you will see in the maillog file ("/var/log/maillog")
the errors:
Sep 9 18:50:22 localhost postfix/pipe[2960]: 9F2349ABB01: to=<em...@domain.com>, relay=postfixfilter, delay=7441, delays=7441/0.08/0/0.65, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /etc/postfix/content-filter.sh: Permission denied )
You mentioned "-t" option should not be used - while in my case without "-t" option it does not work - after reinserting mails goes to queue with message that either address should be specified in command-line or "-t" option should be used.
ReplyDeleteCan you describe why the "-t" should not be used here ?