From owner-freebsd-questions@FreeBSD.ORG Thu Jun 16 15:55:01 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 677C216A41C for ; Thu, 16 Jun 2005 15:55:01 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18BB943D49 for ; Thu, 16 Jun 2005 15:55:00 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (unverified [65.193.73.208]) by trans-warp.net (SurgeMail 2.2g3) with ESMTP id 12544904 for ; Thu, 16 Jun 2005 11:58:43 -0400 Mime-Version: 1.0 (Apple Message framework v622) Content-Transfer-Encoding: 7bit Message-Id: <6dedebc6087b144b0a6e63b7e5a57b3a@chrononomicon.com> Content-Type: text/plain; charset=US-ASCII; format=flowed To: FreeBSD Mailing List From: Bart Silverstrim Date: Thu, 16 Jun 2005 11:54:52 -0400 X-Mailer: Apple Mail (2.622) X-Server: High Performance Mail Server - http://surgemail.com X-Authenticated-User: bsilver@chrononomicon.com Subject: Postfix on BSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 15:55:01 -0000 Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: ******** # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ********** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a "postfix reload", send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? I (have, am) going through docs and examples to try to figure it out...but any hints from people on the list using postfix would be appreciated. The logs aren't showing any error messages from postfix on reload (or start/stop).