Strip or modify URLs in mails - how?

[Jakob Curdes]

Hello all,

this is a "side-topic" question but perhaps of interest to many. In the wake of the recent 
ransomware attacks, which we used to prevent effectively for our customers by banning old .doc (et 
al) formats, now the focus has been shifted on sending mails with seemingly valid links, and in 
December we all saw several infections proably due to such phishing mails.

I am now looking for a solution that in the scope of a classic postfix-amavisd-spamassassin setup either

a) at least remove hrefs from mails, leaving only the actual URL for copy&paste (thus reducing the 
danger of a fast click, and at the same time prevents faked "URL"s in the visible text with a 
different destination underneath

or b) modifys the URL to point to an intermediate system where a CGI displays a warning together 
with a link to the real URL.

There could be solutions out there to do this, but I could not find any (one reason might be the 
concept that the MTA should never alter the mail content, which I find correct in principle, but 
there are valid reasons...).
I looked into modifying altermime, which already has a lot of the framework for modifications  (out 
of the box it only modifies headers or adds a disclaimer to the body), but it is a C program and I 
am no C programmer ...

Has anybody got an idea how this could be achieved? Any hint welcome ...

Best regards and a happy new year, Jakob