Claus,
> I have the following task / problem / challenge. I need to sign attachments
> of emails from a specific sender. Signing the attachments when I have the
> email as a file is already solved. Now I need the part where the outgoing
> email is quarantined as a file and returned to the mail server after
> signing. I thought of using the quarantine option of amavis to store the
> email to a file (maybe with the $clean_quarantine_method ?? ) and later use
> amavisd-release to continue. My Postfix already sends outgoing e-mails
> through amavis to scan for viruses and spam.
>
> Do you think my idea will work ?
> Do you have an example amavis configuration for a similar solution ?
> Do you know a better way to solve this task ?
I'd suggest a different approach: amavisd has support for adding disclaimers
(or defanging) through calling an external program, typically altermime.
Apart from containing a string 'altermime' in the naming of amavis config
options, there isn't anything preventing one to use this mechanism
but supply his own script or program instead of altermime. Such program
could do the attachment signing or any other modification to mail messages.
The program will get a name of a temporary file with a complete mail message
through its command-line option '--input=...', and is expected to modify this
file as desired and leave it in its place (same name, same or different file).
Requirements for its invocation are:
- sender address (his domain) must match @local_domains_maps;
- $allow_disclaimers must be true (typically through a policy bank).
Search release notes for:
"provided interface code to allow mangling/defanging/sanitation"
and:
"a special case of mangling is adding a disclaimer"
for more details.
E.g.:
$policy_bank{'MYNETS'} = { # ... or use ORIGINATING
originating => 1,
allow_disclaimers => 1,
}
$altermime = '/path/to/your/program';
@altermime_args_defang = qw();
@altermime_args_disclaimer = qw();
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];
Now, the above applies to any sender address. If you only need to do it
for some senders, there is currently only one mechanism available to
achieve that: @disclaimer_options_bysender_maps. It is not possible
to skip invoking the external program altogether for certain senders,
but it is possible to pass it a different command line option, based
on a sender address. Your script/program can then check this option
and just leave the given temporary file untouched if it does not
need to sign it. It's a bit inefficient, but it's not too bad.
Something like the following could be used:
@altermime_args_disclaimer = qw( --need_signing=_OPTION_ );
@disclaimer_options_bysender_maps = (
{ 'us...@example.com' => 'YES',
'us...@example.com' => 'YES-PGP',
'u...@sub.example.org' => 'NO',
'.sub.example.org' => 'MAYBE',
},
'NO',
);
The string _OPTION_ in a @altermime_args_disclaimer template will be
replaced by whatever comes out of a @disclaimer_options_bysender_maps
lookup. The @disclaimer_options_bysender_maps can also do a lookup in
SQL (disclaimer_options field) or LDAP (amavisDisclaimerOptions attribute).
Mark
------------------------------------------------------------------------------
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
