Simple content filter doesn't work

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Simple content filter doesn't work

Benoit Giannangeli-2
Hi,

I'm writing an application which will have to remove attachment from mails, send them to a server and replace them by a link in the mail.
For that I have written a java service which is listening on a port for mails, modify them, and then run sendmail to reinject them.

The point is, the simple content filtering as explained in <a href="http://www.postfix.org/FILTER_README.html#simple_filter" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.postfix.org/FILTER_README.html#simple_filter doesn't works.
Here is my <a href="http://master.cf" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">master.cf:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
  -o content_filter=filtre
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in <a href="http://main.cf" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

filtre  unix    -       n       n       -       -       pipe
   flags=Rq user=filter argv=/etc/postfix/socket_connect.pl <a href="http://127.0.0.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">127.0.0.1 10027

And here is my <a href="http://main.cf" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_host_lookup=dns,native

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = <a href="http://vmsource.e-logiq.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">vmsource.e-logiq.net
mydomain = <a href="http://vmsource.e-logiq.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">vmsource.e-logiq.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = $mydomain
mydestination = <a href="http://vmsource.e-logiq.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">vmsource.e-logiq.net, <a href="http://localhost.e-logiq.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">localhost.e-logiq.net, localhost
relayhost =
mynetworks = <a href="http://127.0.0.0/8" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">127.0.0.0/8, <a href="http://192.168.253.0/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.253.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all


As you can see, i try to launch the '/etc/postfix/socket_connect.pl' script which open a socket to the java service and write the mail on it:

#! /usr/bin/perl -w

use strict;
use warnings;
use IO::Socket;

my ($host,$port) = @ARGV;

my $socket = IO::Socket::INET->new(Proto    => "tcp",
                                   PeerAddr => $host,
                                   PeerPort => $port)
  or die "Failed : $@\n";

for my $line (<STDIN>) {
  print $socket $line;
}

print $socket "<--MAIL-->";

close($socket);

That script is never executed.
As my *.cf files are exactly what is said in FILTER_README, I can't see what's the problem...

Can someone help me ?

--
Benoit Giannangeli

<a href="http://www.giann.fr/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.giann.fr/


--
Benoit Giannangeli

http://www.giann.fr/
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Victor Duchovni
On Wed, Jul 02, 2008 at 04:57:44PM +0200, Benoit Giannangeli wrote:

> filtre  unix    -       n       n       -       -       pipe
>    flags=Rq user=filter argv=/etc/postfix/socket_connect.pl 127.0.0.1 10027

This approach is severely broken as makes no use of the envelope
recipient address. It is a sadly common, but dramatic mistake to
assume that the headers contain sufficient information to determine
where mail needs to be sent. If you were processing *this* message,
how would you know to send it to your mailbox and not loop it back
to the list!!!

> As you can see, i try to launch the '/etc/postfix/socket_connect.pl' script
> which open a socket to the java service and write the mail on it:
>
> #! /usr/bin/perl -w
>
> use strict;
> use warnings;
> use IO::Socket;
>
> my ($host,$port) = @ARGV;
>
> my $socket = IO::Socket::INET->new(Proto    => "tcp",
>                                    PeerAddr => $host,
>                                    PeerPort => $port)
>   or die "Failed : $@\n";
>
> for my $line (<STDIN>) {
>   print $socket $line;
> }
>
> print $socket "<--MAIL-->";
>
> close($socket);

This script is broken it speaks no useful protocol, cannot collect failure
results, ...

You are lucky it "does not work", because the design is completely broken,
and if it "worked" it would misdeliver and lose email.

I am afraid my best recommendation is that you should not attempt this
on your own.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Benoit Giannangeli-2
The point is you do not have understood what i am doing.
There is a Java service which is running and DOES failure collecting
etc. The MimeMessage class of javax.mail DOES recipient adresses
recognition that's why I don't need to pass them to my script.
My script is just a way to interact with the real program and is
simply copying the input into the socket, leaving the real process to
the java program.

Anyway I wasn't asking for design advices. Can someone tell me why
postfix doesn't execute the perl script and act as if there where no
"-o content_filter" ?


2008/7/2 Victor Duchovni <[hidden email]>:

>
> On Wed, Jul 02, 2008 at 04:57:44PM +0200, Benoit Giannangeli wrote:
>
> > filtre  unix    -       n       n       -       -       pipe
> >    flags=Rq user=filter argv=/etc/postfix/socket_connect.pl 127.0.0.1 10027
>
> This approach is severely broken as makes no use of the envelope
> recipient address. It is a sadly common, but dramatic mistake to
> assume that the headers contain sufficient information to determine
> where mail needs to be sent. If you were processing *this* message,
> how would you know to send it to your mailbox and not loop it back
> to the list!!!
>
> > As you can see, i try to launch the '/etc/postfix/socket_connect.pl' script
> > which open a socket to the java service and write the mail on it:
> >
> > #! /usr/bin/perl -w
> >
> > use strict;
> > use warnings;
> > use IO::Socket;
> >
> > my ($host,$port) = @ARGV;
> >
> > my $socket = IO::Socket::INET->new(Proto    => "tcp",
> >                                    PeerAddr => $host,
> >                                    PeerPort => $port)
> >   or die "Failed : $@\n";
> >
> > for my $line (<STDIN>) {
> >   print $socket $line;
> > }
> >
> > print $socket "<--MAIL-->";
> >
> > close($socket);
>
> This script is broken it speaks no useful protocol, cannot collect failure
> results, ...
>
> You are lucky it "does not work", because the design is completely broken,
> and if it "worked" it would misdeliver and lose email.
>
> I am afraid my best recommendation is that you should not attempt this
> on your own.
>
> --
>        Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:[hidden email]?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.



--
Benoit Giannangeli

http://www.giann.fr/
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Bill Anderson-2

On Jul 2, 2008, at 10:27 AM, Benoit Giannangeli wrote:

> The point is you do not have understood what i am doing.
> There is a Java service which is running and DOES failure collecting
> etc. The MimeMessage class of javax.mail DOES recipient adresses
> recognition that's why I don't need to pass them to my script.
> My script is just a way to interact with the real program and is
> simply copying the input into the socket, leaving the real process to
> the java program.
>
> Anyway I wasn't asking for design advices. Can someone tell me why
> postfix doesn't execute the perl script and act as if there where no
> "-o content_filter" ?
>

Perhaps you could spell filter the way Postfix expects: ie. filter not  
filtre?

That said, what Victor said still stands. It is you who are not  
understanding the protocol and process. It doesn't matter what Java  
class you use, what matters is what happens in the communication and  
processes used to get info to the filter program. Your JAVA will NOT  
see the envelope.

Cheers,
Bill

Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Victor Duchovni
In reply to this post by Benoit Giannangeli-2
On Wed, Jul 02, 2008 at 06:27:00PM +0200, Benoit Giannangeli wrote:

> The point is you do not have understood what i am doing.

But you do have to understand. And you really don't understand:

        - The role of the message envelope

        - How SMTP differs from netcat and why

> There is a Java service which is running and DOES failure collecting
> etc. The MimeMessage class of javax.mail DOES recipient adresses
> recognition that's why I don't need to pass them to my script.

That's where you're wrong. The headers don't contain "recipient"
addresses. Recipient addersses are carried in the message envelope.

> My script is just a way to interact with the real program and is
> simply copying the input into the socket, leaving the real process to
> the java program.

The message is not correctly encapsulated, there is no error reporting,
the message envelope is lost...

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Benoit Giannangeli-2
> Perhaps you could spell filter the way Postfix expects: ie. filter not
> filtre?

I don't think "filter" is a keyword and "filtre" refers to:

filtre  unix    -       n       n       -       -       pipe
   flags=Rq user=filter argv=/etc/postfix/socket_connect.pl 127.0.0.1 10027

I wrote "filtre" instead of "filter" to make a difference between the
script user (user=filter) and the filter name (filtre).

> But you do have to understand. And you really don't understand:
>
>        - The role of the message envelope
>
>        - How SMTP differs from netcat and why

I get it concerning the message envelope and thanks for the
enlightenment. I'll just have to add the "${sender} ${recipient}"
arguments to my script and pass them with the input to my program.

> I am afraid my best recommendation is that you should not attempt this
> on your own.

I have to unfortunately: it's my internship mission.

Anyway I'm still wondering why my script is not called.

--
Benoit Giannangeli

http://www.giann.fr/
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Victor Duchovni
On Wed, Jul 02, 2008 at 07:10:49PM +0200, Benoit Giannangeli wrote:

> > Perhaps you could spell filter the way Postfix expects: ie. filter not
> > filtre?
>
> I don't think "filter" is a keyword and "filtre" refers to:
>
> filtre  unix    -       n       n       -       -       pipe
>    flags=Rq user=filter argv=/etc/postfix/socket_connect.pl 127.0.0.1 10027
>
> I wrote "filtre" instead of "filter" to make a difference between the
> script user (user=filter) and the filter name (filtre).
>
> > But you do have to understand. And you really don't understand:
> >
> >        - The role of the message envelope
> >
> >        - How SMTP differs from netcat and why
>
> I get it concerning the message envelope and thanks for the
> enlightenment. I'll just have to add the "${sender} ${recipient}"
> arguments to my script and pass them with the input to my program.
>
> > I am afraid my best recommendation is that you should not attempt this
> > on your own.
>
> I have to unfortunately: it's my internship mission.
>
> Anyway I'm still wondering why my script is not called.

One thing at a time, first get the design right. The protocol between
the script and the Java server is still broken by design.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Benoit Giannangeli-2
Well I'm just trying to get it worked once even with a "hello world"
script ! I'm in a research phase of my work and I need to see it
working before starting anything.

I was planning to try advance filtering after in order to use SMTP
protocol. For the moment I just send my mails and separate them by a
tag (<--MAIL-->). It's only for testing purposes and sure won't be the
final solution of course.

2008/7/2 Victor Duchovni <[hidden email]>:

> On Wed, Jul 02, 2008 at 07:10:49PM +0200, Benoit Giannangeli wrote:
>
>> > Perhaps you could spell filter the way Postfix expects: ie. filter not
>> > filtre?
>>
>> I don't think "filter" is a keyword and "filtre" refers to:
>>
>> filtre  unix    -       n       n       -       -       pipe
>>    flags=Rq user=filter argv=/etc/postfix/socket_connect.pl 127.0.0.1 10027
>>
>> I wrote "filtre" instead of "filter" to make a difference between the
>> script user (user=filter) and the filter name (filtre).
>>
>> > But you do have to understand. And you really don't understand:
>> >
>> >        - The role of the message envelope
>> >
>> >        - How SMTP differs from netcat and why
>>
>> I get it concerning the message envelope and thanks for the
>> enlightenment. I'll just have to add the "${sender} ${recipient}"
>> arguments to my script and pass them with the input to my program.
>>
>> > I am afraid my best recommendation is that you should not attempt this
>> > on your own.
>>
>> I have to unfortunately: it's my internship mission.
>>
>> Anyway I'm still wondering why my script is not called.
>
> One thing at a time, first get the design right. The protocol between
> the script and the Java server is still broken by design.
>
> --
>        Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:[hidden email]?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>



--
Benoit Giannangeli

http://www.giann.fr/
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Victor Duchovni
On Wed, Jul 02, 2008 at 07:20:53PM +0200, Benoit Giannangeli wrote:

> Well I'm just trying to get it worked once even with a "hello world"
> script ! I'm in a research phase of my work and I need to see it
> working before starting anything.
>
> I was planning to try advance filtering after in order to use SMTP
> protocol. For the moment I just send my mails and separate them by a
> tag (<--MAIL-->). It's only for testing purposes and sure won't be the
> final solution of course.
>
> 2008/7/2 Victor Duchovni <[hidden email]>:
> > On Wed, Jul 02, 2008 at 07:10:49PM +0200, Benoit Giannangeli wrote:
> >
> >> > Perhaps you could spell filter the way Postfix expects: ie. filter not
> >> > filtre?
> >>
> >> I don't think "filter" is a keyword and "filtre" refers to:
> >>
> >> filtre  unix    -       n       n       -       -       pipe
> >>    flags=Rq user=filter argv=/etc/postfix/socket_connect.pl 127.0.0.1 10027

THis program will run, provided the file permissions are right, the path
in '#! /path' is correct and your transport table routes appropriate
addresses to this transport.

If this is a toy design, go ahead, provided you understand that it is
a toy design. You should probably take the nexthop IP and port out of the
transport definition and set them in the transport table instead:

        example.com filtre:127.0.0.1:10027

    filtre  unix    -       n       n       -       -       pipe
        flags=Rq user=filter argv=/etc/postfix/socket_connect.pl
        ${nexthop} ${sender} ${recipient}

Failure to serialize the sender and recipients properly when handing
off to sendmail(1) in the Java code will lead to serious security issue
(shell command injection), you will undoubtedly fall into that trap :-)

Postfix uses execvp() to pass separate arguments directly to sendmail
without invoking a shell. Naive ways of doing that in Java will likely
involve the equivalent of system(3) and will be insecure. You also
need to the sendmail command-line just right:

        sendmail -i -f sender -- rcpt1 ... rcptN

Good luck, and you have been warned, the pitfalls are many...

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Wietse Venema
In reply to this post by Benoit Giannangeli-2
Benoit Giannangeli:
> filtre  unix    -       n       n       -       -       pipe
>    flags=Rq user=filter argv=/etc/postfix/socket_connect.pl 127.0.0.1 10027

This is broken by design. It should use the ${sender} and ${recipient}
macros on the pipe command line.

Benoit Giannangeli:
> The point is you do not have understood what i am doing.

The point is that you don't understand how email works. The sender
and recipients MUST NOT be extracted from the message header. They
must be taken from the message envelope.

This message is originally sent as:
    From: [hidden email]
    To: [hidden email]

By the time you receive this message, the envelope sender will be
[hidden email], and the envelope recipient will
be your email address.

Your design would deliver the mail back to the mailing list.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Ralf Hildebrandt
In reply to this post by Benoit Giannangeli-2
* Benoit Giannangeli <[hidden email]>:

> The point is you do not have understood what i am doing.

Arguing with good advice will result in lack of good advice.

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
Linux is like an indian's tent:
No gates, no windows, and apache inside.
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Benoit Giannangeli-2
In reply to this post by Victor Duchovni
I finally get it worked.

Now I need to test the advance filtering method. I made a simple
server which is listening and echoing anything coming from a specific
port in order to see how it works:

main.cf:

...
content_filter = scan:127.0.0.1:10027
receive_override_options = no_address_mappings

master.cf:

...
scan      unix  -       -       n       -       1      smtp
        -o smtp_send_xforward_command=yes
        -o disable_mime_output_conversion=yes
        -o smtp_generic_maps=

My simple server:

                try {
                        ServerSocket serverSocket = new ServerSocket(10027);
                        System.out.println("Waiting for connection");
                        Socket socket = serverSocket.accept();
                        System.out.println(socket.getRemoteSocketAddress().toString()+" connected");
                       
                        BufferedReader reader = new BufferedReader(new
InputStreamReader(socket.getInputStream()));
                       
                        System.out.println("Reading socket...");
                        String line = null;
                        while ((line = reader.readLine()) != null) {
                                System.out.println(line);
                        }
                       
                        reader.close();
                        socket.close();
                        System.out.println("Everything closed");
                       
                } catch (IOException e) {
                        e.printStackTrace();
                }

When i send a mail, I get a connection to my server but nothing else.
Is the smtp client waiting for something before sending its commands ?

2008/7/2, Victor Duchovni <[hidden email]>:

> On Wed, Jul 02, 2008 at 07:20:53PM +0200, Benoit Giannangeli wrote:
>
>  > Well I'm just trying to get it worked once even with a "hello world"
>  > script ! I'm in a research phase of my work and I need to see it
>  > working before starting anything.
>  >
>  > I was planning to try advance filtering after in order to use SMTP
>  > protocol. For the moment I just send my mails and separate them by a
>  > tag (<--MAIL-->). It's only for testing purposes and sure won't be the
>  > final solution of course.
>  >
>  > 2008/7/2 Victor Duchovni <[hidden email]>:
>  > > On Wed, Jul 02, 2008 at 07:10:49PM +0200, Benoit Giannangeli wrote:
>  > >
>  > >> > Perhaps you could spell filter the way Postfix expects: ie. filter not
>  > >> > filtre?
>  > >>
>  > >> I don't think "filter" is a keyword and "filtre" refers to:
>  > >>
>  > >> filtre  unix    -       n       n       -       -       pipe
>  > >>    flags=Rq user=filter argv=/etc/postfix/socket_connect.pl 127.0.0.1 10027
>
>
> THis program will run, provided the file permissions are right, the path
>  in '#! /path' is correct and your transport table routes appropriate
>  addresses to this transport.
>
>  If this is a toy design, go ahead, provided you understand that it is
>  a toy design. You should probably take the nexthop IP and port out of the
>  transport definition and set them in the transport table instead:
>
>         example.com     filtre:127.0.0.1:10027
>
>
>     filtre  unix    -       n       n       -       -       pipe
>         flags=Rq user=filter argv=/etc/postfix/socket_connect.pl
>
>         ${nexthop} ${sender} ${recipient}
>
>  Failure to serialize the sender and recipients properly when handing
>  off to sendmail(1) in the Java code will lead to serious security issue
>  (shell command injection), you will undoubtedly fall into that trap :-)
>
>  Postfix uses execvp() to pass separate arguments directly to sendmail
>  without invoking a shell. Naive ways of doing that in Java will likely
>  involve the equivalent of system(3) and will be insecure. You also
>  need to the sendmail command-line just right:
>
>         sendmail -i -f sender -- rcpt1 ... rcptN
>
>  Good luck, and you have been warned, the pitfalls are many...
>
>
>  --
>
>         Viktor.
>
>  Disclaimer: off-list followups get on-list replies or get ignored.
>  Please do not ignore the "Reply-To" header.
>
>  To unsubscribe from the postfix-users list, visit
>  http://www.postfix.org/lists.html or click the link below:
>  <mailto:[hidden email]?body=unsubscribe%20postfix-users>
>
>  If my response solves your problem, the best way to thank me is to not
>  send an "it worked, thanks" follow-up. If you must respond, please put
>  "It worked, thanks" in the "Subject" so I can delete these quickly.
>


--
Benoit Giannangeli

http://www.giann.fr/
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Wietse Venema
Benoit Giannangeli:
> When i send a mail, I get a connection to my server but nothing else.
> Is the smtp client waiting for something before sending its commands ?

This is an elementary output buffering problem.  Use a search
engine. And PLEASE go to a more appropriate mailing list.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Victor Duchovni
On Thu, Jul 03, 2008 at 06:55:04AM -0400, Wietse Venema wrote:

> Benoit Giannangeli:
> > When i send a mail, I get a connection to my server but nothing else.
> > Is the smtp client waiting for something before sending its commands ?
>
> This is an elementary output buffering problem.  Use a search
> engine. And PLEASE go to a more appropriate mailing list.

And of course the SMTP client is waiting for a 220 banner. The SMTP
protocol is described in RFC 2821.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Simple content filter doesn't work

Benoit Giannangeli-2
I was sending the 220 banner but without "\r\n".

2008/7/3 Victor Duchovni <[hidden email]>:

> On Thu, Jul 03, 2008 at 06:55:04AM -0400, Wietse Venema wrote:
>
>> Benoit Giannangeli:
>> > When i send a mail, I get a connection to my server but nothing else.
>> > Is the smtp client waiting for something before sending its commands ?
>>
>> This is an elementary output buffering problem.  Use a search
>> engine. And PLEASE go to a more appropriate mailing list.
>
> And of course the SMTP client is waiting for a 220 banner. The SMTP
> protocol is described in RFC 2821.
>
> --
>        Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:[hidden email]?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>



--
Benoit Giannangeli

http://www.giann.fr/