Date: Thu, 16 Jun 2005 14:30:15 -0400 From: Bart Silverstrim <bsilver@chrononomicon.com> To: Ean Kingston <ean@hedron.org> Cc: freebsd-questions@freebsd.org Subject: Re: Postfix on BSD Message-ID: <b49ca55acd4c0023ea65bf6c38625315@chrononomicon.com> In-Reply-To: <200506161325.17995.ean@hedron.org> References: <6dedebc6087b144b0a6e63b7e5a57b3a@chrononomicon.com> <200506161200.37738.ean@hedron.org> <3bc8151dc61a1c11518e077a8cc7ccb5@chrononomicon.com> <200506161325.17995.ean@hedron.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 16, 2005, at 1:25 PM, Ean Kingston wrote: > On June 16, 2005 12:06 pm, Bart Silverstrim wrote: >> On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: >>> On June 16, 2005 11:54 am, Bart Silverstrim wrote: >>>> Probably off-topic, but it's a sysadmin question that maybe someone >>>> on >>>> the list could send a quick blurb answer about :-/ >>>> >>>> I'm trying to filter some mail coming into Postfix based on the body >>>> content. I have the line >>>> >>>> body_checks = regexp:/usr/local/etc/postfix/body_checks >>>> >>>> in main.cf. The file contains: >>>> ******** >>>> # Will this stop RR collateral damage messages? >>>> /^* This e-mail was sent from a Road Runner IP address. As part of >>>> our >>>> continuing initiative to stop the spread of malicious viruses, Road >>>> Runner scans all outbound e-mail attachments./ REJECT Possible >>>> automated RoadRunner mail scanning collateral damage. Eliminate the >>>> notifying text and resend message. >>>> >>>> # Borrowed check lines >>>> /^This e-mail, in its original form, contained one or more attached >>>> files that were infected with a virus, worm,/ REJECT Email reporting >>>> virus detected >>>> /^This e-mail in its original form contained one or more attached >>>> files >>>> that were infected with the / REJECT Email reporting virus detected >>>> ********** >>>> >>>> The files are owned root, wheel with rwrr, so it should be readable >>>> by >>>> the postfix processes. I do a "postfix reload", send an email from >>>> the >>>> Internet to this mail server containing the key phrase(s), and they >>>> seem to go right through! Am I missing something? >>> >>> Yes you are missing something. Postfix does not do multi-line >>> expression >>> matching. >> >> Maybe I'm misunderstanding you, but the lines wrapped in the email and >> are one line each in the actual configuration file. > > Postfix scans the body of the email message one line at a time. Your > expressions have more text that would usually go on a single line in > an > email. I'm sorry, you're right. I tested using telnet to the SMTP server and it flagged it; something with my MTA or MUA was wrapping the lines. I didn't know if you meant the lines were too long in the body_checks or in the raw source of the message. Thanks, -Bart
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b49ca55acd4c0023ea65bf6c38625315>