Loading ...
Sorry, an error occurred while loading the content.

creating header checks

Expand Messages
  • John Baker
    Hi I have only used headers checks to hold for spam scanning. But today after a phising scam came in purporting to be from our helpdesk I put one like this in
    Message 1 of 4 , May 1, 2008
    • 0 Attachment
      Hi

      I have only used headers checks to hold for spam scanning.

      But today after a phising scam came in purporting to be from our
      helpdesk I put one like this in to block users from replying:

      /^To: fromthehelpdesk2007@.../ REJECT

      And then I get this warning when I run postmap /etc/postfix/header_checks

      postmap: warning: /etc/postfix/header_checks, line 1: record is in "key:
      value" format; is this an alias file?

      It appeared from all the information I could find that I was going about
      this the right way and the check actually does seem to work.

      But I'm not clear on exactly what is going on. Why do I get this warning
      and is there a proper way to do this that will make the warning stop
      when I add a header_check?
      --
      John Baker
      Network Systems Administrator
      Marlboro College
      Phone: 451-7551 off campus; 551 on campus
    • D Hill
      ... There is no need to postmap pcre or regexp files.
      Message 2 of 4 , May 1, 2008
      • 0 Attachment
        On Thu, 1 May 2008 at 11:27 -0400, johnnyb@... confabulated:

        > Hi
        >
        > I have only used headers checks to hold for spam scanning.
        >
        > But today after a phising scam came in purporting to be from our helpdesk I
        > put one like this in to block users from replying:
        >
        > /^To: fromthehelpdesk2007@.../ REJECT
        >
        > And then I get this warning when I run postmap /etc/postfix/header_checks
        >
        > postmap: warning: /etc/postfix/header_checks, line 1: record is in "key:
        > value" format; is this an alias file?

        There is no need to postmap pcre or regexp files.

        > It appeared from all the information I could find that I was going about this
        > the right way and the check actually does seem to work.
        >
        > But I'm not clear on exactly what is going on. Why do I get this warning and
        > is there a proper way to do this that will make the warning stop when I add a
        > header_check?
        > --
        > John Baker
        > Network Systems Administrator
        > Marlboro College
        > Phone: 451-7551 off campus; 551 on campus
        >
      • j debert
        ... Hash: SHA1 ... This is a regular expression form: (regexp or pcre) However, you probably should escape the . thus: . , since . means match any
        Message 3 of 4 , May 2, 2008
        • 0 Attachment
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA1

          John Baker さんは書きました:
          | Hi
          |
          | I have only used headers checks to hold for spam scanning.
          |
          | But today after a phising scam came in purporting to be from our
          | helpdesk I put one like this in to block users from replying:
          |
          | /^To: fromthehelpdesk2007@.../ REJECT
          |

          This is a regular expression form: (regexp or pcre)

          However, you probably should escape the "." thus: "\.", since "."
          means 'match any character' in regexps. Fortunately, it already
          matches what you want to match. Using "\." will match it literally.

          (It might be helpful to add text to your REJECT to explain why your
          users' replies your "helpdesk" are being rejected or they might think
          you don't like them anymore.)

          | And then I get this warning when I run postmap
          /etc/postfix/header_checks
          |
          | postmap: warning: /etc/postfix/header_checks, line 1: record is in
          "key:
          | value" format; is this an alias file?
          |

          Postmap can make a map from a regexp or pcre file but the results are
          useless, afaik. The postmap manpage doesn't seem to indicate this.
          Postmapping regexp files is a common mistake even among experienced
          postfixers. (I wonder whether gurus ever make this mistake...)

          | It appeared from all the information I could find that I was going
          about
          | this the right way and the check actually does seem to work.
          |

          You're apparently not using the resulting hash file header_checks.db,
          so it will work just fine.

          | But I'm not clear on exactly what is going on. Why do I get this
          warning
          | and is there a proper way to do this that will make the warning stop
          | when I add a header_check?

          Remember not to postmap regexp files like header_checks. perhaps
          appending ".regex" or ".pcre" to these files will be a helpful reminder.

          (Is there a regexp/pcre howto or tutorial somewhere? I bought a little
          Bell manual 20+ years ago that covers regexps exhaustively so /I/
          don't need it but surely such a howto would be useful for those who
          don't have such a book. [sorry, don't mean to call anyone 'Shirley'!])

          ==
          jd
          -----BEGIN PGP SIGNATURE-----
          Version: GnuPG v2.0.4-svn0 (GNU/Linux)

          iD8DBQFIGynBhpL3F+HeDrIRAkyVAKCLG76W7q8Q1yDBqM6HCy87T2YWjACgpW2c
          /W58YEti1HoMjFGTxdt77GI=
          =+NQC
          -----END PGP SIGNATURE-----
        • /dev/rob0
          ... That won t match! Furthermore it s entirely the wrong tool for the purpose as described. Mail routing is done using the envelope recipient, and thus you
          Message 4 of 4 , May 2, 2008
          • 0 Attachment
            On Thu May 1 2008 10:27:13 John Baker wrote:
            > I have only used headers checks to hold for spam scanning.
            >
            > But today after a phising scam came in purporting to be from our
            > helpdesk I put one like this in to block users from replying:
            >
            > /^To: fromthehelpdesk2007@.../ REJECT

            That won't match!

            Furthermore it's entirely the wrong tool for the purpose as described.
            Mail routing is done using the envelope recipient, and thus you need a
            check_recipient_access lookup to happen *before* permit_mynetworks and
            permit_sasl_authenticated.

            > And then I get this warning when I run postmap
            > /etc/postfix/header_checks
            >
            > postmap: warning: /etc/postfix/header_checks, line 1: record is in
            > "key: value" format; is this an alias file?

            The FAQ of trying to compile a regexp or pcre file with postmap(1),
            already answered.

            > It appeared from all the information I could find that I was going
            > about this the right way and the check actually does seem to work.

            You didn't find very good information. Try going into one of your
            users' MUAs and hit "reply". Then look at the actual MUA-generated
            "To:" header. Check your expression against that header using
            "postmap -q" or other pcre/regexp tool.

            > But I'm not clear on exactly what is going on. Why do I get this
            > warning and is there a proper way to do this that will make the
            > warning stop when I add a header_check?

            Patient: "Doc, it hurts when I do this."
            Doctor: "So don't do that!"
            --
            Offlist mail to this address is discarded unless
            "/dev/rob0" or "not-spam" is in Subject: header
          Your message has been successfully submitted and would be delivered to recipients shortly.