I currently run an email system with Postfix/Dovecot and I am looking for a way to scan the contents of attachments (mainly doc(x) and pdf) for certain words and bounce the email back to the user with a message in case something has been found. Amavis doesn't seem to work (no option to scan the body), rspamd doesn't scan inside of attachments. I guess I can always try and write my own milter but I'd like to know if there is something more ready-made and open source I could try and plug into my existing environment.
Asked
Active
Viewed 85 times
1
-
1Good old SpamAssassin might cover this. – glts Mar 15 '23 at 18:42
-
If you reduce your "must bounce" requirement for a softer "must be measurable", you can schedule a regular search on relevant mailboxes, e.g. Dovecot FTS has a `fts_decoder` setting to (execute *very dangerous* parsers on possibly malicious arbitrary input and to) make [attachment content available as text](https://github.com/dovecot/core/blob/release-2.2.21/src/plugins/fts/decode2text.sh) to the usual IMAP text search & utilities. For some goals, this will still outperform senders working around your filter by sending not-automatically-processable URLs whenever their attachments bounce. – anx Mar 16 '23 at 04:33
-
@glts Thanks for the pointer. I had another look at the documentation and found references to a plugin called "ExtractText". Documentation for SpamAssassin could use some improvement but I'll give it a shot over the course of next week! – Mark Mar 16 '23 at 11:17
-
1@anx Unfortunately, the bounce is a must have requirement. I am aware that I won't be able to scan all types of attachments under the sun but that is ok because it only needs to prevent the most common user accidents from happening. – Mark Mar 16 '23 at 11:20