Re: [EXIM] Logging & Scanning email

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Philip Hazel
Dátum:  
Címzett: vandeveb
CC: exim-users
Tárgy: Re: [EXIM] Logging & Scanning email
On Tue, 2 Mar 1999 vandeveb@??? wrote:

> Thanks for the reply.


(Apologies for the delay, incidentally. I was away for the last 2 days.)

> What I mean by rerouting is that if the mail is clean ( no questionable key-
> words ) it should pass unaltered to my current mail system. But if it does
> contain one of those keywords, I want it passed to another system for
> human review. I know this is a very Big Brother kind of thing to do, but
> our regulators ( the NASD ) require this.


OK. You could handle that with a special director or router (as
required) that is triggered by a "condition" option that tests your
condition. The director/router would send it to Big Brother; if it was
not triggered, the address would fall through and be handled as normal.

The "condition" condition is a generalized expanded string that should
return either "yes" or "no". It can test the contents of headers and the
first n bytes of a messages body; n defaults to 500, but you can change
that, though I wouldn't fancy using this mechanism to read through all
of a megabyte-sized message. As an example, if you want to check for the
word "spam" occuring in the first 500 bytes, you could write

condition = ${if match {$message_body}{\\bspam\\b}{yes}{no}}

(The double \\ in the regular expression is because \ is an escape
character in expanded strings.)

If the algorithm you want to apply is not expressible in terms of the
primitives available to Exim, you can get a Perl subroutine called to do
the work. You would write something like

condition = ${perl{testsub}{arg1}{arg1}...}

and the subroutine should return "yes" or "no". It can access all of the
message if you pass over the message id as an argument so it can then
just read the spool file directly. There's also a call-back that allows
access to Exim variables such as local_part, domain, etc. Of course,
this is expensive, because you have to fire up a Perl interpreter each
time.

One problem with this might be that it would get called for each
recipient of each message.

An entirely different approach might be as follows:

Set up a system filter. In the filter, check for the message having been
received by some non-standard protocol name such as "OK" in the variable
$received_protocol. No newly-received message via normal channels can
ever have this. If you find it, do nothing. If you do not find it, use
the filter to pass a copy of the message to some script, overriding the
normal recipients (a list of whom you pass to the script). The script
then decides where to send the message; for normal deliveries it passes
it back to Exim, running as a trusted user, and using the various
privileged options -oMa -oMs etc. to make it look like it came from a
remote host, with -Mr OK to specify the unusual protocol name, that
cannot be forged in any way.

Just two ideas. I hope these help.

Regards,
Philip

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.



--
*** Exim information can be found at http://www.exim.org/ ***