>
> ----- Original Message ----
> > From: mouss <[EMAIL PROTECTED]>
> > To: Postfix users <postfix-users@postfix.org>
> > Sent: Friday, November 14, 2008 7:58:45 AM
> > Subject: Re: Body checks and warning log
> >
> > MacShane, Tracy wrote:
> > > I'm trying to create a very simple body check for a limited time
to
> > > get an indicative idea of how many users may be sending credit
card
> > > numbers via email. ...
> > > Our security people are having wibbles about this logging regime,
so
> > > I was wondering if there was some way to ensure the WARN action
> > > doesn't log the matched line (I can obviously append a truncated
> > > version of the apparent number with the optional text), or if
there
> > > might be a better way to do this auditing task.
> > >
> >
> >
> > you can use HOLD, then have a cron job to check the message and
release it.
> >
> > Alternatively, you can use FILTER to pass the message to another
smtpd. example:
> >
> >
> > == body_checks:
> > /..../ FILTER filter:[127.0.0.1]:25666
> >
> > == master.cf
> > 127.0.0.1:25666 ..... smtpd
> > -o syslog_name=postwatch
> > -o receive_override_options=no_address_mappings
> > -o mynetworks=127.0.0.1
> > -o smtpd_recipient_restrictions=${smtpd666_recipient_restrictions}
> > ...
> >
> > == main.cf
> > smtpd666_recipient_restrictions=
> > check_client_access pcre:/etc/postfix/logcard
> > permit_mynetworks
> > reject
> >
> > == logcard
> > /./ WARN credit card blah blah
> >
> >
> > note that this will override your content filter setting. if you had
> > one, then make sure it is used in the :25666 smtpd (either explicit
-o content_filter=...
> > in master.cf, or a content_filter=... in main.cf will do).
> >
> > PS. if you use clamav, check its Data Loss Protection feature.
>
> Do you have American Express cards covered and other store
> based credit cards? Also do you account for the expiration
> date and 3 digit security code?
>
>
>
Thanks for the great suggestions, mouss. We use Trend Micro IMSS, which
is very similar to amavisd. I'm sure we can work around it.
Daniel, I'm not too concerned about absolute accuracy at this stage,
since I just want to assess whether we need to take firmer measures. The
regexp I have should trap Amex numbers, although there may be a number
of false positives. I'll be reviewing them manually in any case. I'm not
worried about the expiration date or security code (with the latter, I
know of at least one example of a "pay-by-email" form that didn't
require that number at all) - I'm not planning to *use* the cards, heh.
Also, I believe crooks can use a credit card number to generate both an
expiry date and security code using some algorithm.
