Simple filter via pipe

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Simple filter via pipe

rank1seeker
I've created this simple_filter:
http://www.postfix.org/FILTER_README.html#simple_filter

This is email, being sent via sendmail command, after it has been filtered:
----------------------------------------------------------------------------
Received: from [192.168.0.3] (unknown [192.168.0.3])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by khole.example1.com (Postfix) with ESMTPSA id 5EDEC11425
        for <[hidden email]>; Sun, 23 Aug 2009 18:15:02 +0200 (CEST)
Message-ID: <[hidden email]>
Date: Sun, 23 Aug 2009 18:14:57 +0200
From: Root <[hidden email]>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: [hidden email]
Subject: Is it in?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I think it should not be.
----------------------------------------------------------------------------


Filter is using this command:
/usr/local/sbin/sendmail -G -i -f [hidden email] [hidden email]
<msg-headers+body-from-above>

I have 2 problems

Above command, if used as a root user results in MODIFIED headers+body
msg-headers+body MUST be exactly same, after it pass through filter
and STAY that way, until it leaves my server.
As first 2 lines below shows, another Received: header, has been
added, as soon as it passes through sendmail
----------------------------------------------------------------------------
Received: by khole.example1.com (Postfix, from userid 1003)
        id 1CCB111428; Mon, 23 Aug 2009 19:32:15 +0200 (CEST)
Received: from [192.168.0.3] (unknown [192.168.0.3])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by khole.example1.com (Postfix) with ESMTPSA id 5EDEC11425
        for <[hidden email]>; Sun, 23 Aug 2009 18:15:02 +0200 (CEST)
Message-ID: <[hidden email]>
Date: Sun, 23 Aug 2009 18:14:57 +0200
From: Root <[hidden email]>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: [hidden email]
Subject: Is it in?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I think it should not be.
----------------------------------------------------------------------------

Second problem:
If msg-headers+body from begening of this post, is being sent as:
/usr/local/sbin/sendmail -G -i -f [hidden email] [hidden email]
<msg-headers+body>
AS user that is NOT root, which is filter user:
/etc/postfix/master.cf:
  # =============================================================
  # service type  private unpriv  chroot  wakeup  maxproc command
  #               (yes)   (yes)   (yes)   (never) (100)
  # =============================================================
  filter    unix  -       n       n       -       10      pipe
    #flags=Rq
        user=filter
        null_sender=
    argv=.....
       
Message is THIS:
from (unknown sender)
to (no subject)
----------------
Received: by khole.example1.com (Postfix, from userid 1003)
        id 27A1711429; Mon, 23 Aug 2009 19:29:36 +0200 (CEST)
----------------
Everything is being stripped!!!


Thank in advance! ;)
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

Noel Jones-2
On 8/31/2009 12:58 PM, none none wrote:

> I've created this simple_filter:
> http://www.postfix.org/FILTER_README.html#simple_filter
>
> This is email, being sent via sendmail command, after it has been filtered:
> ----------------------------------------------------------------------------
> Received: from [192.168.0.3] (unknown [192.168.0.3])
>          (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
>          (No client certificate requested)
>          by khole.example1.com (Postfix) with ESMTPSA id 5EDEC11425
>          for<[hidden email]>; Sun, 23 Aug 2009 18:15:02 +0200 (CEST)
> Message-ID:<[hidden email]>
> Date: Sun, 23 Aug 2009 18:14:57 +0200
> From: Root<[hidden email]>
> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
> MIME-Version: 1.0
> To: [hidden email]
> Subject: Is it in?
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
>
> I think it should not be.

Should not be what?   It's unclear what you refer to here.


> Filter is using this command:
> /usr/local/sbin/sendmail -G -i -f [hidden email] [hidden email]
> <msg-headers+body-from-above>

The sendmail commend is a pipe.  Don't put headers+body on the
command line.

>
> I have 2 problems
>
> Above command, if used as a root user results in MODIFIED headers+body
> msg-headers+body MUST be exactly same, after it pass through filter
> and STAY that way, until it leaves my server.
> As first 2 lines below shows, another Received: header, has been
> added, as soon as it passes through sendmail
> ----------------------------------------------------------------------------
> Received: by khole.example1.com (Postfix, from userid 1003)
> id 1CCB111428; Mon, 23 Aug 2009 19:32:15 +0200 (CEST)

Yes, postfix adds a Received: header when a mail is received.
  There is no option to turn this off.
You may be able to later remove the header with an appropriate
header_checks entry, but be careful when removing headers.


> Second problem:
> If msg-headers+body from begening of this post, is being sent as:
> /usr/local/sbin/sendmail -G -i -f [hidden email] [hidden email]
> <msg-headers+body>

The sendmail command is a pipe.


If you describe what original problem you're trying to solve
maybe you can get some better pointers.


   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

rank1seeker
On Mon, Aug 31, 2009 at 8:34 PM, Noel Jones<[hidden email]> wrote:

> On 8/31/2009 12:58 PM, none none wrote:
>>
>> I've created this simple_filter:
>> http://www.postfix.org/FILTER_README.html#simple_filter
>>
>> This is email, being sent via sendmail command, after it has been
>> filtered:
>>
>> ----------------------------------------------------------------------------
>> Received: from [192.168.0.3] (unknown [192.168.0.3])
>>         (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
>>         (No client certificate requested)
>>         by khole.example1.com (Postfix) with ESMTPSA id 5EDEC11425
>>         for<[hidden email]>; Sun, 23 Aug 2009 18:15:02 +0200 (CEST)
>> Message-ID:<[hidden email]>
>> Date: Sun, 23 Aug 2009 18:14:57 +0200
>> From: Root<[hidden email]>
>> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
>> MIME-Version: 1.0
>> To: [hidden email]
>> Subject: Is it in?
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>> Content-Transfer-Encoding: 7bit
>>
>> I think it should not be.
>
> Should not be what?   It's unclear what you refer to here.

LOL!
You've deleted bottom line (...-----------------...) which divides
mail(header + body) from this chatter.
String "I think it should not be.", is just a part of mail, that is, it's body.
Completely irrelevant here.


>> Filter is using this command:
>> /usr/local/sbin/sendmail -G -i -f [hidden email] [hidden email]
>> <msg-headers+body-from-above>
>
> The sendmail commend is a pipe.  Don't put headers+body on the command line.

Yes I know that.Simply haven't knew how to formulate this mail comand line.
I send mail by firstly typing: /usr/local/sbin/sendmail -G -i -f
[hidden email] [hidden email]
Then I hit enter. Then I paste mail(header + body).
Then I hit:
^D

>
>>
>> I have 2 problems
>>
>> Above command, if used as a root user results in MODIFIED headers+body
>> msg-headers+body MUST be exactly same, after it pass through filter
>> and STAY that way, until it leaves my server.
>> As first 2 lines below shows, another Received: header, has been
>> added, as soon as it passes through sendmail
>>
>> ----------------------------------------------------------------------------
>> Received: by khole.example1.com (Postfix, from userid 1003)
>>        id 1CCB111428; Mon, 23 Aug 2009 19:32:15 +0200 (CEST)
>
> Yes, postfix adds a Received: header when a mail is received.  There is no
> option to turn this off.

Postfix has already received relayed mail and added first Received: header
Then it came into my filter.
After filter has done it's job, it send it back to potfix by using
/usr/local/sbin/sendmail, which adds ANOTHER Received: header
Nothing should touch or add anything to mail header or it's body,
after filter has done it's job!


> You may be able to later remove the header with an appropriate header_checks
> entry, but be careful when removing headers.

That is not an option

>
>> Second problem:
>> If msg-headers+body from begening of this post, is being sent as:
>> /usr/local/sbin/sendmail -G -i -f [hidden email] [hidden email]
>> <msg-headers+body>
>
> The sendmail command is a pipe.

I've gave you exact example of how I use sendmail command
You've also deleted key part here.
If that sendmail command is being executed as a ROOT, then mail ends
up in target mailbox as I showed.

BUT, after I've created user "filter" and set it as owner and
executioner of filter proces in master.cf
In target mailbox I get mail like this:


from (unknown sender)
to (no subject)
----------------
Received: by khole.example1.com (Postfix, from userid 1003)
        id 27A1711429; Mon, 23 Aug 2009 19:29:36 +0200 (CEST)
----------------

Everything is being stripped!!!
Only that has been left is a SECOND header added by sendmail command.

In mail log I see:
postfix/cleanup[17465]: C473511429: message-id=<>

It does it? But NOT for root user


> If you describe what original problem you're trying to solve maybe you can
> get some better pointers.
>
>
>  -- Noel Jones
>

Done Noel!
;)
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

Noel Jones-2
On 8/31/2009 6:09 PM, none none wrote:
>> If you describe what original problem you're trying to solve maybe you can
>> get some better pointers.
>>
>>
>>   -- Noel Jones
>>
>
> Done Noel!
> ;)


Your problem report is a mess.
I don't believe I can help you any further.

Since you don't seem to have understood my answers, probably a
book on using Unix or Linux would help you most at this point.

If you have further questions, please see:
http://www.postfix.org/DEBUG_README.html#mail


   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

rank1seeker
In reply to this post by rank1seeker
----- Original Message -----
From: Noel Jones <[hidden email]>
To: [hidden email]
Date: Mon, 31 Aug 2009 19:42:02 -0500
Subject: Re: Simple filter via pipe

> On 8/31/2009 6:09 PM, none none wrote:
> >> If you describe what original problem you're trying to solve maybe you
can

> >> get some better pointers.
> >>
> >>
> >>   -- Noel Jones
> >>
> >
> > Done Noel!
> > ;)
>
>
> Your problem report is a mess.

ROFLMAO!
:)))

That is very funny Noel! ;)


> I don't believe I can help you any further.

I think it is about me comprehending pipe term.
I know how data is piped from one command to another or from file, or to
file descriptor, etc. Ie: output only mp3 files from current dir list
# ls -al | grep *.mp3

So what does "sendmail is a pipe" means, in this context?

 
> Since you don't seem to have understood my answers, probably a
> book on using Unix or Linux would help you most at this point.

Actually I "am on" Freebsd 7.2
So UNIX book type..., I have already.
But not went through it all...

> If you have further questions, please see:
> http://www.postfix.org/DEBUG_README.html#mail
>
>
>    -- Noel Jones
>


I asked too much... So instead of 2 issues, I should ask 0.5 question
instead ;)
Maybe tactic of isolation of problem and focusing only on it and ignoring
rest in context, at least while that one ain't solved.
Then going in logical upward, to next....

It is 3 am here, so I'll hit a bed now.

Tomorow..., I'll be smarter...


Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

Sahil Tandon
On Tue, 01 Sep 2009, [hidden email] wrote:

> > I don't believe I can help you any further.
>
> I think it is about me comprehending pipe term.
> I know how data is piped from one command to another or from file, or to
> file descriptor, etc. Ie: output only mp3 files from current dir list
> # ls -al | grep *.mp3
>
> So what does "sendmail is a pipe" means, in this context?

At your shell, type 'man 8 pipe' and read carefully.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

rank1seeker
In reply to this post by rank1seeker
----- Original Message -----
From: Sahil Tandon <[hidden email]>
To: [hidden email]
Date: Mon, 31 Aug 2009 23:37:56 -0400
Subject: Re: Simple filter via pipe

> On Tue, 01 Sep 2009, [hidden email] wrote:
>
> > > I don't believe I can help you any further.
> >
> > I think it is about me comprehending pipe term.
> > I know how data is piped from one command to another or from file, or
to

> > file descriptor, etc. Ie: output only mp3 files from current dir list
> > # ls -al | grep *.mp3
> >
> > So what does "sendmail is a pipe" means, in this context?
>
> At your shell, type 'man 8 pipe' and read carefully.
>
> --
> Sahil Tandon <[hidden email]>
>

Thanks. On FreeBSD that is section 2
http://www.freebsd.org/cgi/man.cgi?query=pipe&sektion=2&apropos=0&manpath=FreeBSD+7.2-RELEASE

I've read it and still have no logical clue.
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

Mikael Bak
[hidden email] wrote:
>
> Thanks. On FreeBSD that is section 2
> http://www.freebsd.org/cgi/man.cgi?query=pipe&sektion=2&apropos=0&manpath=FreeBSD+7.2-RELEASE
>
> I've read it and still have no logical clue.

# uname -r
7.2-RELEASE-p2

# man 8 pipe

Formatting page, please wait...Done.
PIPE(8)

NAME
       pipe - Postfix delivery to external command

SYNOPSIS
[snip]

HTH,
Mikael
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

d.hill
In reply to this post by rank1seeker
On Tue, 1 Sep 2009, [hidden email] wrote:

> ----- Original Message -----
> From: Sahil Tandon <[hidden email]>
> To: [hidden email]
> Date: Mon, 31 Aug 2009 23:37:56 -0400
> Subject: Re: Simple filter via pipe
>
>> On Tue, 01 Sep 2009, [hidden email] wrote:
>>
>>>> I don't believe I can help you any further.
>>>
>>> I think it is about me comprehending pipe term.
>>> I know how data is piped from one command to another or from file, or
> to
>>> file descriptor, etc. Ie: output only mp3 files from current dir list
>>> # ls -al | grep *.mp3
>>>
>>> So what does "sendmail is a pipe" means, in this context?
>>
>> At your shell, type 'man 8 pipe' and read carefully.
>>
>
> Thanks. On FreeBSD that is section 2
> http://www.freebsd.org/cgi/man.cgi?query=pipe&sektion=2&apropos=0&manpath=FreeBSD+7.2-RELEASE
>
> I've read it and still have no logical clue.

You read the FreeBSD pipe system call man page 'man 2 pipe'?

Sahil does in fact mean 'man 8 pipe'. That is where the man page for the
Postfix pipe delivery is located.
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

Sahil Tandon
In reply to this post by rank1seeker
On Tue, 01 Sep 2009, [hidden email] wrote:

> ----- Original Message -----
> From: Sahil Tandon <[hidden email]>
> To: [hidden email]
> Date: Mon, 31 Aug 2009 23:37:56 -0400
> Subject: Re: Simple filter via pipe
>
> > On Tue, 01 Sep 2009, [hidden email] wrote:
> >
> > > > I don't believe I can help you any further.
> > >
> > > I think it is about me comprehending pipe term.
> > > I know how data is piped from one command to another or from file, or
> to
> > > file descriptor, etc. Ie: output only mp3 files from current dir list
> > > # ls -al | grep *.mp3
> > >
> > > So what does "sendmail is a pipe" means, in this context?
> >
> > At your shell, type 'man 8 pipe' and read carefully.
>
> Thanks. On FreeBSD that is section 2
> http://www.freebsd.org/cgi/man.cgi?query=pipe&sektion=2&apropos=0&manpath=FreeBSD+7.2-RELEASE
>
> I've read it and still have no logical clue.

It seems Noel was right: you need to learn your basics before moving forward
with Postfix.  See 'Explanations of Man Sections' here:

 http://www.freebsd.org/cgi/man.cgi

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Simple filter via pipe

rank1seeker
In reply to this post by rank1seeker
> It seems Noel was right: you need to learn your basics before moving
forward
> with Postfix.  See 'Explanations of Man Sections' here:
>
>  http://www.freebsd.org/cgi/man.cgi
>
> --
> Sahil Tandon <[hidden email]>
>

There was some error when user, other than root, has been filtering mail.
Error was visible only when I manually executed:

# cat mail_in_file | ./mail_filter.php [hidden email] [hidden email]
Syntax error: "(" unexpected

I simply changed php code related to execution of shell functions.(to work
for user other than root)
Finally, I've completely solved a problem.

Error:
Syntax error: "(" unexpected,
wasn't in postfix error log: /var/log/maillog


And by passing macro ${sasl_method} in addition to ${sender} ${recipient}
in /usr/local/etc/postfix/master.cf
I am able to selectivly apply filtering ONLY to SASL authed users and avoid
all others

Guys! You are constantly totally confusing me, literally not saying
anything useful to me!
Just giving me too ambiguous(many possible interpretations) DIRECTIONS.

Thankx anyway ;)