A postfix smtp proxy which has the ability to interject smtp traffic and replace large files inside the mail with links
Go to file
Tyrolyean e1d637de6a
Added c standard and building instructions
Signed-off-by: Tyrolyean <tyrolyean@tyrolyean.net>
2020-05-01 16:11:21 +02:00
include Actually use html function 2020-05-01 11:28:35 +02:00
src Actually use html function 2020-05-01 11:28:35 +02:00
.gitignore Added gitignore 2020-04-24 23:08:47 +02:00
LICENSE INITIAL COMMIT 2020-04-24 23:01:02 +02:00
Makefile Added c standard and building instructions 2020-05-01 16:11:21 +02:00
README Added c standard and building instructions 2020-05-01 16:11:21 +02:00
clean.sh Added Documentation and cleanup shell skript 2020-05-01 15:48:04 +02:00

README

MAILATTACH

This program starts a process which listens on the LOOPBACKv4 address for
incoming connections from postfix. The postfix master should view this as an
advanced filter as explained in their documentation for post queue filtering:

http://www.postfix.org/FILTER_README.html

The original attempt was to implement this as a pre queue filter, but this
required the milter protocol and postfix currently does not implement the
replace body function from libmilter.

You can specify the following command line options:

--abort-pgp --noabort-pgp
	To either abort the attachment process if PGP encryption or signatures 
	have been detected or not. If true, the mail will not be modified.

--abort-dkim --noabort-dkim
	To either abort the attachment process if DKIM signatures have been
	detected or not. If true, the mail will not be modified.

--in-port -i
	The incoming smtp port/the port from which mail is received. Defaults to
	4269.

--out-port -o
	The outgoing smtp port/the port to which mail ist passed through.
	Defaults 4270

--directory -d
	The directory inside of which the attachments will be stored in. Please
	DON'T specify a / at the end!

--url -u
	The base which should point to the same location as the directory does,
	for exaple if the directory is /var/www/html and the URL base is 
	https://example.com then a file in /var/www/html/attachment01.pdf should
	be linkable via https://example.com/attachment01.pdf
	Ah and please, please, pretty please disable directory indexing on your
	webserver! 
	That WILL BE a security riks!
	Please don't specify a / at the end, and have the URL encoded!

--other-base64 --only-base64
	Decides wether ONLY base64 encoded files should be removed from the
	actual mail, or ALL files.

--minfilesize -s
	The minimum file size which a file has to have before beeing attached.
	Thissize is before base64 decoding if nescessary. Size is in bytes,
	ONLY bytes. Do NOT prefix a M or K, it will not be parsed! Defaults to
	500Kb. If 0 is specified, all files will be attached. A negative value
	effectively disables us.

##### HOWTO

We essentially are MITM sniffing your email traffic and playing proxy from your
postfix to your postfix. That's how this is intended to work according to the
postfix website.

This program needs to be started via it's own systemd service on system boot.
You need to add the in and oputput ports to your postfix queue as described in
the link above. For example, a setup with the default values looks like this:

|-------|    SMTP    |-----------|  SMTP    |-------|
|POSTFIX|     -->    | MAILATTACH|   -->    |POSTFIX|
|-------|  n    4269 |-----------| n   4270 |-------|
                         |
                         |
                         v
		     |-----------|
                     |Attachments|
		     |-----------|

#### POSTFIX CONFIGURATION

The following is an example postfix configuration which I deploy with opendkim
and spamassassin as well as mailattach itself:

master.cf:

smtp      inet  n       -       n       -       -       smtpd
	-o content_filter=scan:localhost:4269
	-o receive_override_options=no_address_mappings,no_milters
smtps     inet  n       -       n       -       -       smtpd
	-o content_filter=scan:localhost:4269
	-o receive_override_options=no_address_mappings,no_milters
... Rest of config file
scan      unix  -       -       n       -       10      smtp
        -o smtp_send_xforward_command=yes
        -o disable_mime_output_conversion=yes
	-o smtp_tls_security_level=none
localhost:4270 inet  n       -       n       -       10      smtpd
            -o content_filter=spamassassin
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
            -o smtpd_helo_restrictions=
            -o smtpd_client_restrictions=
            -o smtpd_sender_restrictions=
            # Postfix 2.10 and later: specify empty smtpd_relay_restrictions.
            -o smtpd_relay_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o smtpd_authorized_xforward_hosts=127.0.0.0/8
	    -o smtp_tls_security_level=none
spamassassin unix -     n       n       -       -       pipe
  flags=R user=spamd argv=/usr/bin/vendor_perl/spamc -e /usr/bin/sendmail -oi -f ${sender} ${recipient}


Of course your configuration may vary, but I will try to explain some parts
which are important:

- In the first two smtp/smtps commands the no_milters option has been specified.
  This was done to avoid dkim signing of the incoming email before it's
  attachments have been removed. The same goes for the localhost:4270 service.

- The no_address_mappings options have been specified because "This is 
  typically specified BEFORE an external content filter. ". It disables address
  macro expansion.

- The smtp_tls_security_level=none options in the scan and localhost:4720
  services prevent postfix from starting a TLS connection via the STARTTLS
  command. Note that this is ONLY INTERNALLY. It will receive external
  STARTTLS connections.

The remaining configuration options have been more or less taken from the
postfix manual and are explained in more depth there:

http://www.postfix.org/FILTER_README.html

#### DIRECTORY CLEANING

If you want to regularly purge old files from the directory, you can start the
shell script clean.sh in this repository via a chron job. It will by default
remove all files older than 10 days. If you want to write your own shell script
or let something else do the job for you, the directories where files are stored
are structured like this:
2020-01-01T1430-3893482323323
^DATE     ^TIME^RANDOM NUMBER

The random number at the end consists of several signed integers, therefore it
sometimes has one or more - in it.

#### Building

To build the plugin simply run make. The resulting binary will spawn in 
bin/mailattach. Copy it to the desired location. It doesn't link against any
external librarys. Well  maybe that isn't true, it requires the glibc.