Outgoing Mail Moderation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Outgoing Mail Moderation

Manish Kathuria-2
Is there any content filtering mechanism available using which the outgoing mails from all the users or selective users are held in a queue, and are released only after they are examined and approved by the administrator or a designated person ?

--
Manish

Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Sahil Tandon
On Sat, 10 Oct 2009, Manish Kathuria wrote:

> Is there any content filtering mechanism available using which the
> outgoing mails from all the users or selective users are held in a
> queue, and are released only after they are examined and approved by
> the administrator or a designated person ?

Use an access(5) map to HOLD mails from a given set of users; use
postcat(1) to examine messages; and use postsuper(1) to release or
delete from the queue.

 http://www.postfix.org/access.5.html
 http://www.postfix.org/postcat.1.html
 http://www.postfix.org/postsuper.1.html

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Manish Kathuria-2


On Sat, Oct 10, 2009 at 10:29 AM, Sahil Tandon <[hidden email]> wrote:
On Sat, 10 Oct 2009, Manish Kathuria wrote:

> Is there any content filtering mechanism available using which the
> outgoing mails from all the users or selective users are held in a
> queue, and are released only after they are examined and approved by
> the administrator or a designated person ?

Use an access(5) map to HOLD mails from a given set of users; use
postcat(1) to examine messages; and use postsuper(1) to release or
delete from the queue.

 http://www.postfix.org/access.5.html
 http://www.postfix.org/postcat.1.html
 http://www.postfix.org/postsuper.1.html

--
Sahil Tandon <[hidden email]>

That's a great tip. This would serve the purpose as far as the text messages go. However the mail administrator is more interested in having a look at the attachments being sent with the mail which would appear encoded in the queues. Is there any web interface to have a look at the messages in the queue and also issue the postsuper command ?

Thank you,
--
Manish Kathuria

Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Stan Hoeppner
Manish Kathuria put forth on 10/10/2009 1:19 AM:

> That's a great tip. This would serve the purpose as far as the text
> messages go. However the mail administrator is more interested in having
> a look at the attachments being sent with the mail which would appear
> encoded in the queues. Is there any web interface to have a look at the
> messages in the queue and also issue the postsuper command ?

I must say, if there is such a low level of trust already of the user
base (employees?), then I'd say it's time to install hidden IP based
security cameras pointed at their screens, with high magnification.
Stream the feeds to a video server and review them nightly.  That, or
install legal business spyware on their PCs.

Your goals are very likely beyond the scope of Postfix.  I'd suggest
using bcc_maps to send copies of everyones' emails to an administrative
mailbox.  Then POP/IMAP that account, read the emails, and fire anyone
sending attachments they aren't supposed to.  Or, better, reprimand them
first with a warning.  Fire them on the 2nd offense.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Manish Kathuria-2


On Sat, Oct 10, 2009 at 3:05 PM, Stan Hoeppner <[hidden email]> wrote:
Manish Kathuria put forth on 10/10/2009 1:19 AM:

> That's a great tip. This would serve the purpose as far as the text
> messages go. However the mail administrator is more interested in having
> a look at the attachments being sent with the mail which would appear
> encoded in the queues. Is there any web interface to have a look at the
> messages in the queue and also issue the postsuper command ?

I must say, if there is such a low level of trust already of the user
base (employees?), then I'd say it's time to install hidden IP based
security cameras pointed at their screens, with high magnification.
Stream the feeds to a video server and review them nightly.  That, or
install legal business spyware on their PCs.

Your goals are very likely beyond the scope of Postfix.  I'd suggest
using bcc_maps to send copies of everyones' emails to an administrative
mailbox.  Then POP/IMAP that account, read the emails, and fire anyone
sending attachments they aren't supposed to.  Or, better, reprimand them
first with a warning.  Fire them on the 2nd offense.

--
Stan

This particular organization has lot of sensitive information and data which they don't want to be leaked. The bcc-maps are no doubt the best alternative (and were my suggestion too) but they want to have a proactive approach and prevent any kind of data leakage in the first place.

--
Manish

Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Noel Jones-2
On 10/10/2009 7:48 AM, Manish Kathuria wrote:
>
> This particular organization has lot of sensitive information and data
> which they don't want to be leaked. The bcc-maps are no doubt the best
> alternative (and were my suggestion too) but they want to have a
> proactive approach and prevent any kind of data leakage in the first place.
>
> --
> Manish
>

For examining mail before it's delivered, HOLD looks like your
best option.  I don't know of any web-based tool that can
examine/administer the hold queue, but it probably wouldn't be
too terribly hard to code something useful.

There is a "pfqueue" command line tool listed in the add-on
software catalog that does most of this, but it's not web
based.  You can use "ripmime" or mime perl modules to unpack
encoded attachments.

   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Sahil Tandon
In reply to this post by Manish Kathuria-2
On Sat, 10 Oct 2009, Manish Kathuria wrote:

> On Sat, Oct 10, 2009 at 10:29 AM, Sahil Tandon <[hidden email]> wrote:
>
> > On Sat, 10 Oct 2009, Manish Kathuria wrote:
> >
> > > Is there any content filtering mechanism available using which the
> > > outgoing mails from all the users or selective users are held in a
> > > queue, and are released only after they are examined and approved by
> > > the administrator or a designated person ?
> >
> > Use an access(5) map to HOLD mails from a given set of users; use
> > postcat(1) to examine messages; and use postsuper(1) to release or
> > delete from the queue.
> >
> >  http://www.postfix.org/access.5.html
> >  http://www.postfix.org/postcat.1.html
> >  http://www.postfix.org/postsuper.1.html
> >
> > --
> > Sahil Tandon <[hidden email]>
> >
>
> That's a great tip. This would serve the purpose as far as the text messages
> go. However the mail administrator is more interested in having a look at
> the attachments being sent with the mail which would appear encoded in the
> queues. Is there any web interface to have a look at the messages in the
> queue and also issue the postsuper command ?

There is no web interface as distributed with Postfix.  Just pipe
postcat(1) output to a mime decoder to view the attachments.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Ralf Hildebrandt
In reply to this post by Manish Kathuria-2
* Manish Kathuria <[hidden email]>:
> Is there any content filtering mechanism available using which the outgoing
> mails from all the users or selective users are held in a queue, and are
> released only after they are examined and approved by the administrator or a
> designated person ?

Use a combination of HOLD in header_checks or access maps and the
pfqueue program

--
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  [hidden email] | http://www.charite.de
           
Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Patrick Ben Koetter
In reply to this post by Manish Kathuria-2
* Manish Kathuria <[hidden email]>:
> Is there any content filtering mechanism available using which the outgoing
> mails from all the users or selective users are held in a queue, and are
> released only after they are examined and approved by the administrator or a
> designated person ?

Another idea:

Use amavisd-new. Dedicate a policy bank to all outgoing traffic. Send all
outgoing traffic to (SQL) quarantine. Notify somebody of outgoing messages
that have been sent to quarantine. Write a webbased frontend to examine the
quarantined messages and to release them (using the AM.PDP protocol) when
appropriate.

p@rick

--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Pat-70
In reply to this post by Manish Kathuria-2
Manish Kathuria wrote:
> the mail administrator is more interested in having a look at
> the attachments being sent with the mail which would appear
> encoded in the queues. Is there any web interface to have a
> look at the messages in the queue and also issue the postsuper
> command ?

We use postconf (.com) for exactly this (web queue management), over a half dozen
postfix servers. It has buttons for sa-learn, hold, unhold, delete, ...  Only thing
missing is a tool to work across the queue i.e., delete all messages on hold where
subject == xyz.

Pat

Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Egoitz Aurrekoetxea Aurre-2
Hi,

I have started working on a new outgoing mail moderator daemon. It  
controls the outgoing mail for seeing if it seems to be legal or not  
just looking you're normal behave, and some other items and will  
determine if mail is spammy or not (without looking at the content of  
the mail... so it will be quite fast). It's like you said an outgoing  
mail moderator and it's automatic. it will be available in some  
months... and I think it's quite nice solution for ISP's or for people  
who wants to control... what is being sent from you're outgoing smtp  
daemons... withouth noticing it when you enter in blocklists :). It  
will has BSD license.

As said in some months will be available.... anyway for controlling  
spam bouncing too.... you could use Postfix Quota Reject (http://postfixquotareject.ramattack.net 
) too for rejecting mail at smtp dialogue time and avoiding bouncing  
legal OR SPAM mail... and avoiding too for this reason having bad  
reputation. Other thing you should be careful with too is with  
autoreply daemons... if you autoreply to spam.... you will have a  
problem too... you should do a header check and just use autoreply  
with mail non tagged as spam by you're spam checker.

Hope to help you a little :).

2.0.0 Bye.


El 11/10/2009, a las 06:34, Pat escribió:

> Manish Kathuria wrote:
>> the mail administrator is more interested in having a look at
>> the attachments being sent with the mail which would appear
>> encoded in the queues. Is there any web interface to have a
>> look at the messages in the queue and also issue the postsuper
>> command ?
>
> We use postconf (.com) for exactly this (web queue management), over  
> a half dozen
> postfix servers. It has buttons for sa-learn, hold, unhold,  
> delete, ...  Only thing
> missing is a tool to work across the queue i.e., delete all messages  
> on hold where
> subject == xyz.
>
> Pat
>

Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

Manish Kathuria-2
In reply to this post by Pat-70
On Sun, Oct 11, 2009 at 10:04 AM, Pat <[hidden email]> wrote:

> Manish Kathuria wrote:
>> the mail administrator is more interested in having a look at
>> the attachments being sent with the mail which would appear
>> encoded in the queues. Is there any web interface to have a
>> look at the messages in the queue and also issue the postsuper
>> command ?
>
> We use postconf (.com) for exactly this (web queue management), over a half dozen
> postfix servers. It has buttons for sa-learn, hold, unhold, delete, ...  Only thing
> missing is a tool to work across the queue i.e., delete all messages on hold where
> subject == xyz.
>
> Pat
>
>

Thank you everyone for your help. I think it would be a good idea to
develop a web interface to pfqueue / postcat / postsuper commands to
achieve the desired functionality.

--
Manish
Reply | Threaded
Open this post in threaded view
|

Re: Outgoing Mail Moderation

mouss-4
Manish Kathuria a écrit :

> On Sun, Oct 11, 2009 at 10:04 AM, Pat <[hidden email]> wrote:
>> Manish Kathuria wrote:
>>> the mail administrator is more interested in having a look at
>>> the attachments being sent with the mail which would appear
>>> encoded in the queues. Is there any web interface to have a
>>> look at the messages in the queue and also issue the postsuper
>>> command ?
>> We use postconf (.com) for exactly this (web queue management), over a half dozen
>> postfix servers. It has buttons for sa-learn, hold, unhold, delete, ...  Only thing
>> missing is a tool to work across the queue i.e., delete all messages on hold where
>> subject == xyz.
>>
>> Pat
>>
>>
>
> Thank you everyone for your help. I think it would be a good idea to
> develop a web interface to pfqueue / postcat / postsuper commands to
> achieve the desired functionality.
>

note that great care is needed to avoid exposing a privileged command to
web attackers.