Discussion:
Using altermime to change Subject header in BANNED email
(too old to reply)
Josh Hamell
2016-03-02 05:23:50 UTC
Permalink
Hi All,

I'm exploring the options available within the different detection
results (spam, banned, virus, bad header, unchecked), and would like to
mangle-but-pass the 'banned contents' emails along to users. Nearly all
the traffic picked up by the banned routines (98%+) is from spammers
with what I can only presume to be some sort of malware payload.

On detection, I'd like:
* Quarantine pristine/original email
* All attachments removed
* Information inserted into the email body stating all attachments were
removed, contact postmaster for release
* Subject line to prepend "(ATTACHMENTS QUARANTINED)".
* Altered email passed along to the user

In short, just in case the email and attachments are legitimate, I'd
like the stripping to be fully obvious. And since most aren't
legitimate, minimize annoyance ($warnbannedrecip = 0;).
$final_banned_destiny = D_PASS;
$defang_banned='altermime';
As for the altermime args, the following works from the command line:

altermime --verbose --input=test-email --htmltoo
--disclaimer-html=/etc/amavis/banned-disclaimer.html
--disclaimer=/etc/amavis/banned-disclaimer.txt --alter-header="Subject"
--alter-with="(ATTACHMENTS QUARANTINED)" --alter-mode=prefix

However, it does not work (no Subject rewrite) when used in
@altermime_args_defang. The only option that appears to work is the
--disclaimer.

Am I trying to abuse the amavis/altermime interaction in a way it
doesn't support?

Thank you,
Josh
Josh Hamell
2016-03-02 05:55:03 UTC
Permalink
Apologies - it is now obvious that my difficulty lies with Perl, and not
amavis/altermime. 'qw' will split my new header text, causing
who-knows-what grief to altermime.

I changed from qw to an explicit list, and it now works.

Thanks,
Josh

Loading...