From owner-freebsd-questions@FreeBSD.ORG Thu Jun 16 17:25:15 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3D9216A41C for ; Thu, 16 Jun 2005 17:25:15 +0000 (GMT) (envelope-from ean@hedron.org) Received: from prosporo.hedron.org (hedron.org [66.11.182.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A75843D49 for ; Thu, 16 Jun 2005 17:25:15 +0000 (GMT) (envelope-from ean@hedron.org) Received: from localhost.hedron.org (localhost.hedron.org [127.0.0.1]) by prosporo.hedron.org (Postfix) with ESMTP id D2045C275 for ; Thu, 16 Jun 2005 13:25:18 -0400 (EDT) From: Ean Kingston To: freebsd-questions@freebsd.org Date: Thu, 16 Jun 2005 13:25:17 -0400 User-Agent: KMail/1.8 References: <6dedebc6087b144b0a6e63b7e5a57b3a@chrononomicon.com> <200506161200.37738.ean@hedron.org> <3bc8151dc61a1c11518e077a8cc7ccb5@chrononomicon.com> In-Reply-To: <3bc8151dc61a1c11518e077a8cc7ccb5@chrononomicon.com> X-Face: W{mkf[fd1042ubL1FZ(CABIMzn~rdu<:SW\^LF_RB' Subject: Re: Postfix on BSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 17:25:15 -0000 On June 16, 2005 12:06 pm, Bart Silverstrim wrote: > On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: > > On June 16, 2005 11:54 am, Bart Silverstrim wrote: > >> Probably off-topic, but it's a sysadmin question that maybe someone on > >> the list could send a quick blurb answer about :-/ > >> > >> I'm trying to filter some mail coming into Postfix based on the body > >> content. I have the line > >> > >> body_checks = regexp:/usr/local/etc/postfix/body_checks > >> > >> in main.cf. The file contains: > >> ******** > >> # Will this stop RR collateral damage messages? > >> /^* This e-mail was sent from a Road Runner IP address. As part of our > >> continuing initiative to stop the spread of malicious viruses, Road > >> Runner scans all outbound e-mail attachments./ REJECT Possible > >> automated RoadRunner mail scanning collateral damage. Eliminate the > >> notifying text and resend message. > >> > >> # Borrowed check lines > >> /^This e-mail, in its original form, contained one or more attached > >> files that were infected with a virus, worm,/ REJECT Email reporting > >> virus detected > >> /^This e-mail in its original form contained one or more attached > >> files > >> that were infected with the / REJECT Email reporting virus detected > >> ********** > >> > >> The files are owned root, wheel with rwrr, so it should be readable by > >> the postfix processes. I do a "postfix reload", send an email from > >> the > >> Internet to this mail server containing the key phrase(s), and they > >> seem to go right through! Am I missing something? > > > > Yes you are missing something. Postfix does not do multi-line > > expression > > matching. > > Maybe I'm misunderstanding you, but the lines wrapped in the email and > are one line each in the actual configuration file. Postfix scans the body of the email message one line at a time. Your expressions have more text that would usually go on a single line in an email. > > Also the asterisk in "/^* This e-mail was sent from a Road Runner IP > address." has been removed now...a warning was appearing in the > maillog. No longer gives warning, but still lets the m ail through. > > Postconf shows that the value for body_check is pointing at the correct > file... -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly.