MailFront

SMTP Front Ends

Plugin: patterns

This module provides an ability for rejecting messages based on simple patterns in their content.

Configuration

$PATTERNS

If set, the named file is loaded and parsed (see below), and pattern matching is enabled.

$PATTERNS_LINEMAX

Line buffer size (defaults to 256)

$PATTERNS_RESP

Response message to give when a pattern is matched (defaults to "This message contains prohibited content")

Sender Action

None

Recipient Action

None

Data Action

Each line of the data sent from the client is loaded into a line buffer (with a maximum size as above) and then scanned against the patterns listed in the configuration file. If any pattern matches, the message is rejected.

Message Action

None

Patterns File Format

The patterns file contains a list of standard glob-style patterns. Each line of the file starts with a control character, which is not part of the pattern itself:

#

Comment line, ignored.

=

Sets the response text given when a message is rejected. All following patterns use this response until the next response line. Including this in the patterns file overrides the value of $PATTERNS_RESP.

:

The pattern will be applied only in the header.

\

The pattern will be applied only after a blank line.

Anything else

A normal pattern, applied to any non-blank line.

The following patterns list is a much simplified version of Russell Nelson's qmail-smtpd virus scan patch. In particular, it doesn't actually do any kind of checking if the blank line really marked a MIME boundary or not.

=We don't accept email with executable content (#5.3.4)
\TVqQAAMAA*
\TVpQAAIAA*
\TVpAALQAc*
\TVpyAXkAX*
\TVrmAU4AA*
\TVrhARwAk*
\TVoFAQUAA*
\TVoAAAQAA*
\TVoIARMAA*
\TVouARsAA*
\TVrQAT8AA*
\TVoAAAEAAA*