Your message dated Sun, 1 Dec 2024 13:16:32 +0300
with message-id <[email protected]>
and subject line Re: content checks are now mime checks?
has caused the Debian Bug report #208304,
regarding pcre doesnt work sometimes
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
208304: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=208304
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postfix-tls
Version: 2.0.14-1
Severity: minor
Hello Lamont,
I got a spam in my email. OK so not new news. The problem is that
this spam should of matched a body_check line and it didn't, or it
didn't work.
# grep body_check /etc/postfix/main.cf
body_checks = pcre:/etc/postfix/body_checks
# cat /tmp/spam | ( while read LINE ; do postmap -q "$LINE"
pcre:/etc/postfix/body_checks ; done ) | more
REJECT
To me the postfix map thinks that it has a match. so why did the email
make it through? This used to work! Actually it does for other
matches, even with the same pcre.
Here is the body_check line
# block windows executables
/^(Content-(Disposition:
attachment;|Type:).*|\s+)(file)?name\s*=\s*"?.*\.(lnk|bat|c[ho]m|cmd|com|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh])"?\s*$/
REJECT
Here is the line in the spam that should (does with my test) match
#### Content-Disposition: attachment; filename=patch.exe
Remove the 4 # and two spaces. Why do that? because the outgoing email
was blocked by the body_checks. Now that is even stranger.
So what is going on? I'd say its something I'm doing wrong but, maybe
not? The lack of consistency worries me.
thanks!
-- System Information:
Debian Release: 2.2
Architecture: alpha
Kernel: Linux fozzie 2.4.20-xfs #2 Sun Feb 23 13:14:57 EST 2003 alpha
Locale: LANG=C, LC_CTYPE=C
Versions of packages postfix-tls depends on:
ii libc6.1 2.3.1-17 GNU C Library: Shared libraries an
ii libdb4.1 4.1.25-6 Berkeley v4.1 Database Libraries [
ii libgdbm3 1.8.3-1 GNU dbm database routines (runtime
ii libsasl2 2.1.15-5 Authentication abstraction library
ii libssl0.9.7 0.9.7b-2 SSL shared libraries
ii postfix 2.0.14-1 A high-performance mail transport
-- debconf information:
* postfix/mailname: eye-net.com.au
postfix/recipient_delim: +
* postfix/main_mailer_type: Internet Site
postfix/transport_map_warning:
postfix/db2_db3_upgrade: true
* postfix/world_writable_maildrop: true
postfix/relayhost:
postfix/procmail: true
postfix/bad_recipient_delimiter:
postfix/rfc1035_violation: false
postfix/mynetworks: 127.0.0.0/8, 150.101.196.24/29, 172.16.42.0/24
* postfix/destinations: /etc/postfix/mydestination
postfix/not_configured:
----- End forwarded message -----
--
Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
Eye-Net Consulting http://www.enc.com.au/ MIEE Debian developer
csmall at : enc.com.au ieee.org debian.org
--- End Message ---
--- Begin Message ---
[replying to a more than 20 years old email...]
On Fri, 19 Sep 2003 14:55:21 +1000 [email protected] (Craig Small) wrote:
PCRE is still broken with body checks, i turned on some debugging and
got this:
Sep 19 14:44:31 fozzie postfix/cleanup[18112]: header_token: application /
x-msdownload
Sep 19 14:44:31 fozzie postfix/cleanup[18112]: cleanup_header_callback: 'Content-Type:
application/x-msdownload; name="upgrade45.exe"'
Sep 19 14:44:31 fozzie postfix/cleanup[18112]: dict_pcre_lookup:
/etc/postfix/header_checks: Content-Type: application/x-msdownload;
name="upgrade45.exe"
Sep 19 14:44:31 fozzie postfix/cleanup[18112]: maps_find: mime_header_checks:
Content-Type: application/x-msdownload; name="upgrade45.exe": not found
I'm wondering, does postfix now think this stuff is headers?
There are body_checks, header_checks, mime_header_checks, nested_header_checks.
You can read about them in the docs, when each of them applies.
Closing this bug report finally.
Thanks,
/mjt
--- End Message ---
