On 02/14/2011 02:54 PM, J4K wrote: > On 02/14/2011 02:23 PM, Noel Jones wrote: >> On 2/14/2011 4:16 AM, J4K wrote: >>> Good Monday morning to you all, >>> >>> I have a regex question for header_checks, that I cannot get to >>> work. Possible caused by line wrapping. >>> >>> I want to replace this line: >>> Received: from [127.0.0.1] (unknown [62.11.11.11]) (using TLSv1 with >>> cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate >>> requested) by klunky.co.uk (Postfix) with ESMTPSA id D34A4806B4 for >>> <[email protected]>; Mon, 14 Feb 2011 10:11:43 +0100 (CET) >>> >>> with this line: >>> Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost >>> >>> I have the regex in header_checks, and its enabled in main.cf >>> >>> header_checks = regexp:/etc/postfix/header_checks >>> >>> # cat /etc/postfix/header_checks >>> /^Received: from \[[0-9.]+\] >>> \([^) ]+ \[[0-9.]+\]\) >>> \(using TLSv1 with cipher DHE-RSA-AES256-SHA \(256\/256 bits\)\) >>> \(No client certificate requested\) >>> by klunky.co.uk \(Postfix\)/ REPLACE /^Received: from [127.0.0.1] >>> (localhost [127.0.0.1]) by localhost/ >> >> Don't try to match line feeds literally; match them with a dot "." or >> a [[:space:]] class. Don't enclose the REPLACE text in /^.../, use >> the text only. >> >> /bar/ REPLACE foo >> >> >> But why replace it anyway? Why does the client HELO with [127.0.0.1] >> when the connection comes from 62.11.11.11? Looks like broken routing >> from a content filter. You should cure the disease, not put a >> band-aid on the symptom. >> >> >> >> -- Noel Jones > I tried with the [[:space]], but it still won't match. The [[:space:]] > looked good because it matches so many things (CR, space, CR-LF etc), > but it won't match. > > N.B. moved to pcre as its quicker than regex:- > > if /^Received:/ > /^Received: from \[[0-9.]+\][:space:]\([^) ]+ > \[[0-9.]+\]\)[:space:]\(using TLSv1 with cipher DHE-RSA-AES256-SHA > \(256\/256 bits\)\)[:space:]\(No client certificate > requested\)[:space:]by klunky.co.uk \(Postfix\)/ REPLACE Received: from > [127.0.0.1] (localhost [127.0.0.1]) by localhost > endif > > Should it be on one long line like I have above, or should I add CR in > the file /etc/postfix/header_check file? > I sussed it out. I had to add [[:space:]]* instead of only [[:space:]]. The asterix solved the problem.
Thank-you for the pointers. # cat header_checks if /^Received:/ /^Received: from \[[0-9.]+\][[:space:]]*\([^) ]+ \[[0-9.]+\]\)[[:space:]]*\(using TLSv1 with cipher DHE-RSA-AES256-SHA \(256\/256 bits\)\)[[:space:]]*\(No client certificate requested\)[[:space:]]*by klunky.co.uk \(Postfix\)/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost endif
