Re: Postfix on BSD
On Jun 16, 2005, at 1:25 PM, Ean Kingston wrote: On June 16, 2005 12:06 pm, Bart Silverstrim wrote: On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: On June 16, 2005 11:54 am, Bart Silverstrim wrote: Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a "postfix reload", send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. Maybe I'm misunderstanding you, but the lines wrapped in the email and are one line each in the actual configuration file. Postfix scans the body of the email message one line at a time. Your expressions have more text that would usually go on a single line in an email. I'm sorry, you're right. I tested using telnet to the SMTP server and it flagged it; something with my MTA or MUA was wrapping the lines. I didn't know if you meant the lines were too long in the body_checks or in the raw source of the message. Thanks, -Bart ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix on BSD
On June 16, 2005 12:06 pm, Bart Silverstrim wrote: > On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: > > On June 16, 2005 11:54 am, Bart Silverstrim wrote: > >> Probably off-topic, but it's a sysadmin question that maybe someone on > >> the list could send a quick blurb answer about :-/ > >> > >> I'm trying to filter some mail coming into Postfix based on the body > >> content. I have the line > >> > >> body_checks = regexp:/usr/local/etc/postfix/body_checks > >> > >> in main.cf. The file contains: > >> > >> # Will this stop RR collateral damage messages? > >> /^* This e-mail was sent from a Road Runner IP address. As part of our > >> continuing initiative to stop the spread of malicious viruses, Road > >> Runner scans all outbound e-mail attachments./ REJECT Possible > >> automated RoadRunner mail scanning collateral damage. Eliminate the > >> notifying text and resend message. > >> > >> # Borrowed check lines > >> /^This e-mail, in its original form, contained one or more attached > >> files that were infected with a virus, worm,/ REJECT Email reporting > >> virus detected > >> /^This e-mail in its original form contained one or more attached > >> files > >> that were infected with the / REJECT Email reporting virus detected > >> ** > >> > >> The files are owned root, wheel with rwrr, so it should be readable by > >> the postfix processes. I do a "postfix reload", send an email from > >> the > >> Internet to this mail server containing the key phrase(s), and they > >> seem to go right through! Am I missing something? > > > > Yes you are missing something. Postfix does not do multi-line > > expression > > matching. > > Maybe I'm misunderstanding you, but the lines wrapped in the email and > are one line each in the actual configuration file. Postfix scans the body of the email message one line at a time. Your expressions have more text that would usually go on a single line in an email. > > Also the asterisk in "/^* This e-mail was sent from a Road Runner IP > address." has been removed now...a warning was appearing in the > maillog. No longer gives warning, but still lets the m ail through. > > Postconf shows that the value for body_check is pointing at the correct > file... -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix on BSD
On Thu, June 16, 2005 12:06 pm, Bart Silverstrim said: > On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: >> On June 16, 2005 11:54 am, Bart Silverstrim wrote: >>> body_checks = regexp:/usr/local/etc/postfix/body_checks >>> >>> in main.cf. The file contains: >>> >>> # Will this stop RR collateral damage messages? >>> /^* This e-mail was sent from a Road Runner IP address. As part of our >>> continuing initiative to stop the spread of malicious viruses, Road >>> Runner scans all outbound e-mail attachments./ REJECT Possible >>> automated RoadRunner mail scanning collateral damage. Eliminate the >>> notifying text and resend message. > Also the asterisk in "/^* This e-mail was sent from a Road Runner IP > address." has been removed now...a warning was appearing in the > maillog. No longer gives warning, but still lets the m ail through. I don't know about the rest of the issue (though I suspect that the problem is that in the original message the text is not being sent as a single line), but what you need here is "/^\*" -- you need to match the asterisk, since it's in the original message. Without the backslash, you have an improperly formed regular expression since there is no character for the wildcard to apply to. Jim -- Jim Trigg, Lord High Everything Else O- /"\ Hostmaster, Huie Kin family website\ / ASCII RIBBON CAMPAIGN Verger and System Administrator,XHELP CURE HTML MAIL All Saints Church - Sharon Chapel / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix on BSD
On Jun 16, 2005, at 12:00 PM, Ean Kingston wrote: On June 16, 2005 11:54 am, Bart Silverstrim wrote: Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a "postfix reload", send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. Maybe I'm misunderstanding you, but the lines wrapped in the email and are one line each in the actual configuration file. Also the asterisk in "/^* This e-mail was sent from a Road Runner IP address." has been removed now...a warning was appearing in the maillog. No longer gives warning, but still lets the m ail through. Postconf shows that the value for body_check is pointing at the correct file... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix on BSD
On June 16, 2005 11:54 am, Bart Silverstrim wrote: > Probably off-topic, but it's a sysadmin question that maybe someone on > the list could send a quick blurb answer about :-/ > > I'm trying to filter some mail coming into Postfix based on the body > content. I have the line > > body_checks = regexp:/usr/local/etc/postfix/body_checks > > in main.cf. The file contains: > > # Will this stop RR collateral damage messages? > /^* This e-mail was sent from a Road Runner IP address. As part of our > continuing initiative to stop the spread of malicious viruses, Road > Runner scans all outbound e-mail attachments./ REJECT Possible > automated RoadRunner mail scanning collateral damage. Eliminate the > notifying text and resend message. > > # Borrowed check lines > /^This e-mail, in its original form, contained one or more attached > files that were infected with a virus, worm,/ REJECT Email reporting > virus detected > /^This e-mail in its original form contained one or more attached files > that were infected with the / REJECT Email reporting virus detected > ** > > The files are owned root, wheel with rwrr, so it should be readable by > the postfix processes. I do a "postfix reload", send an email from the > Internet to this mail server containing the key phrase(s), and they > seem to go right through! Am I missing something? Yes you are missing something. Postfix does not do multi-line expression matching. > I (have, am) going > through docs and examples to try to figure it out...but any hints from > people on the list using postfix would be appreciated. The logs aren't > showing any error messages from postfix on reload (or start/stop). > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" -- Ean Kingston E-Mail: ean AT hedron DOT org URL: http://www.hedron.org/ I am currently looking for work. If you need competent system/network administration please feel free to contact me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Postfix on BSD
Probably off-topic, but it's a sysadmin question that maybe someone on the list could send a quick blurb answer about :-/ I'm trying to filter some mail coming into Postfix based on the body content. I have the line body_checks = regexp:/usr/local/etc/postfix/body_checks in main.cf. The file contains: # Will this stop RR collateral damage messages? /^* This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments./ REJECT Possible automated RoadRunner mail scanning collateral damage. Eliminate the notifying text and resend message. # Borrowed check lines /^This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm,/ REJECT Email reporting virus detected /^This e-mail in its original form contained one or more attached files that were infected with the / REJECT Email reporting virus detected ** The files are owned root, wheel with rwrr, so it should be readable by the postfix processes. I do a "postfix reload", send an email from the Internet to this mail server containing the key phrase(s), and they seem to go right through! Am I missing something? I (have, am) going through docs and examples to try to figure it out...but any hints from people on the list using postfix would be appreciated. The logs aren't showing any error messages from postfix on reload (or start/stop). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
