Date: Thu, 16 Jun 2005 13:25:17 -0400 From: Ean Kingston <ean@hedron.org> To: freebsd-questions@freebsd.org Subject: Re: Postfix on BSD Message-ID: <200506161325.17995.ean@hedron.org> In-Reply-To: <3bc8151dc61a1c11518e077a8cc7ccb5@chrononomicon.com> References: <6dedebc6087b144b0a6e63b7e5a57b3a@chrononomicon.com> <200506161200.37738.ean@hedron.org> <3bc8151dc61a1c11518e077a8cc7ccb5@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On June 16, 2005 12:06 pm, Bart Silverstrim wrote: > On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: > > On June 16, 2005 11:54 am, Bart Silverstrim wrote: > >> Probably off-topic, but it's a sysadmin question that maybe someone on > >> the list could send a quick blurb answer about :-/ > >> > >> I'm trying to filter some mail coming into Postfix based on the body > >> content. I have the line > >> > >> body_checks = regexp:/usr/local/etc/postfix/body_checks > >> > >> in main.cf. The file contains: > >> ******** > >> # Will this stop RR collateral damage messages? > >> /^* This e-mail was sent from a Road Runner IP address. As part of our > >> continuing initiative to stop the spread of malicious viruses, Road > >> Runner scans all outbound e-mail attachments./ REJECT Possible > >> automated RoadRunner mail scanning collateral damage. Eliminate the > >> notifying text and resend message. > >> > >> # Borrowed check lines > >> /^This e-mail, in its original form, contained one or more attached > >> files that were infected with a virus, worm,/ REJECT Email reporting > >> virus detected > >> /^This e-mail in its original form contained one or more attached > >> files > >> that were infected with the / REJECT Email reporting virus detected > >> ********** > >> > >> The files are owned root, wheel with rwrr, so it should be readable by > >> the postfix processes. I do a "postfix reload", send an email from > >> the > >> Internet to this mail server containing the key phrase(s), and they > >> seem to go right through! Am I missing something? > > > > Yes you are missing something. Postfix does not do multi-line > > expression > > matching. > > Maybe I'm misunderstanding you, but the lines wrapped in the email and > are one line each in the actual configuration file. Postfix scans the body of the email message one line at a time. Your expressions have more text that would usually go on a single line in an email. > > Also the asterisk in "/^* This e-mail was sent from a Road Runner IP > address." has been removed now...a warning was appearing in the > maillog. No longer gives warning, but still lets the m ail through. > > Postconf shows that the value for body_check is pointing at the correct > file... -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506161325.17995.ean>