0

an attack is ongoing and we want to block at the relay mail level, some Hashes (of attached files or even the email content) to be sent or received. I want to instruct postfix to reject mail with those hashes, how can i do this ? i tried and searched but didn't succed.

Thank you so much in advance.

Boxdoss
  • 1
  • Could you explain what is a hash ? if it is something like sha256, I don't understand the objective as each modify file (even one char) will change the hash. You may look at "body_checks" option of postfix (with pcre by example) : it will reject mail if matching a regex – Dom Apr 02 '21 at 06:13

1 Answers1

0

To write your own filter see http://www.postfix.org/FILTER_README.html

And to extract attachment from mail, you can use metamail if using shell.

But wouldn't be better to check something like rspamd?

Quick & dirty example of metamail:

ls -l /tmp/metamail/       
total 0

while read mail ; do
    METAMAIL_TMPDIR=/tmp/metamail/ metamail -x -q -w -y ${mail}
done < <(find . -maxdepth 1 -type f )

ls -l /tmp/metamail/ | wc -l
66
Jiri B
  • 497
  • 2
  • 11