From owner-freebsd-questions@FreeBSD.ORG Thu Jun 16 16:06:33 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C570116A41C for ; Thu, 16 Jun 2005 16:06:33 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43BCB43D55 for ; Thu, 16 Jun 2005 16:06:33 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (unverified [65.193.73.208]) by trans-warp.net (SurgeMail 2.2g3) with ESMTP id 12545899 for multiple; Thu, 16 Jun 2005 12:10:07 -0400 In-Reply-To: <200506161200.37738.ean@hedron.org> References: <6dedebc6087b144b0a6e63b7e5a57b3a@chrononomicon.com> <200506161200.37738.ean@hedron.org> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <3bc8151dc61a1c11518e077a8cc7ccb5@chrononomicon.com> Content-Transfer-Encoding: 7bit From: Bart Silverstrim Date: Thu, 16 Jun 2005 12:06:19 -0400 To: Ean Kingston X-Mailer: Apple Mail (2.622) X-Server: High Performance Mail Server - http://surgemail.com X-Authenticated-User: bsilver@chrononomicon.com Cc: freebsd-questions@freebsd.org Subject: Re: Postfix on BSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 16:06:33 -0000 On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: > On June 16, 2005 11:54 am, Bart Silverstrim wrote: >> Probably off-topic, but it's a sysadmin question that maybe someone on >> the list could send a quick blurb answer about :-/ >> >> I'm trying to filter some mail coming into Postfix based on the body >> content. I have the line >> >> body_checks = regexp:/usr/local/etc/postfix/body_checks >> >> in main.cf. The file contains: >> ******** >> # Will this stop RR collateral damage messages? >> /^* This e-mail was sent from a Road Runner IP address. As part of our >> continuing initiative to stop the spread of malicious viruses, Road >> Runner scans all outbound e-mail attachments./ REJECT Possible >> automated RoadRunner mail scanning collateral damage. Eliminate the >> notifying text and resend message. >> >> # Borrowed check lines >> /^This e-mail, in its original form, contained one or more attached >> files that were infected with a virus, worm,/ REJECT Email reporting >> virus detected >> /^This e-mail in its original form contained one or more attached >> files >> that were infected with the / REJECT Email reporting virus detected >> ********** >> >> The files are owned root, wheel with rwrr, so it should be readable by >> the postfix processes. I do a "postfix reload", send an email from >> the >> Internet to this mail server containing the key phrase(s), and they >> seem to go right through! Am I missing something? > > Yes you are missing something. Postfix does not do multi-line > expression > matching. Maybe I'm misunderstanding you, but the lines wrapped in the email and are one line each in the actual configuration file. Also the asterisk in "/^* This e-mail was sent from a Road Runner IP address." has been removed now...a warning was appearing in the maillog. No longer gives warning, but still lets the m ail through. Postconf shows that the value for body_check is pointing at the correct file...