Loading ...
Sorry, an error occurred while loading the content.

Re: creating header checks

Expand Messages
  • D Hill
    ... There is no need to postmap pcre or regexp files.
    Message 1 of 4 , May 1, 2008
    • 0 Attachment
      On Thu, 1 May 2008 at 11:27 -0400, johnnyb@... confabulated:

      > Hi
      >
      > I have only used headers checks to hold for spam scanning.
      >
      > But today after a phising scam came in purporting to be from our helpdesk I
      > put one like this in to block users from replying:
      >
      > /^To: fromthehelpdesk2007@.../ REJECT
      >
      > And then I get this warning when I run postmap /etc/postfix/header_checks
      >
      > postmap: warning: /etc/postfix/header_checks, line 1: record is in "key:
      > value" format; is this an alias file?

      There is no need to postmap pcre or regexp files.

      > It appeared from all the information I could find that I was going about this
      > the right way and the check actually does seem to work.
      >
      > But I'm not clear on exactly what is going on. Why do I get this warning and
      > is there a proper way to do this that will make the warning stop when I add a
      > header_check?
      > --
      > John Baker
      > Network Systems Administrator
      > Marlboro College
      > Phone: 451-7551 off campus; 551 on campus
      >
    • j debert
      ... Hash: SHA1 ... This is a regular expression form: (regexp or pcre) However, you probably should escape the . thus: . , since . means match any
      Message 2 of 4 , May 2, 2008
      • 0 Attachment
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        John Baker さんは書きました:
        | Hi
        |
        | I have only used headers checks to hold for spam scanning.
        |
        | But today after a phising scam came in purporting to be from our
        | helpdesk I put one like this in to block users from replying:
        |
        | /^To: fromthehelpdesk2007@.../ REJECT
        |

        This is a regular expression form: (regexp or pcre)

        However, you probably should escape the "." thus: "\.", since "."
        means 'match any character' in regexps. Fortunately, it already
        matches what you want to match. Using "\." will match it literally.

        (It might be helpful to add text to your REJECT to explain why your
        users' replies your "helpdesk" are being rejected or they might think
        you don't like them anymore.)

        | And then I get this warning when I run postmap
        /etc/postfix/header_checks
        |
        | postmap: warning: /etc/postfix/header_checks, line 1: record is in
        "key:
        | value" format; is this an alias file?
        |

        Postmap can make a map from a regexp or pcre file but the results are
        useless, afaik. The postmap manpage doesn't seem to indicate this.
        Postmapping regexp files is a common mistake even among experienced
        postfixers. (I wonder whether gurus ever make this mistake...)

        | It appeared from all the information I could find that I was going
        about
        | this the right way and the check actually does seem to work.
        |

        You're apparently not using the resulting hash file header_checks.db,
        so it will work just fine.

        | But I'm not clear on exactly what is going on. Why do I get this
        warning
        | and is there a proper way to do this that will make the warning stop
        | when I add a header_check?

        Remember not to postmap regexp files like header_checks. perhaps
        appending ".regex" or ".pcre" to these files will be a helpful reminder.

        (Is there a regexp/pcre howto or tutorial somewhere? I bought a little
        Bell manual 20+ years ago that covers regexps exhaustively so /I/
        don't need it but surely such a howto would be useful for those who
        don't have such a book. [sorry, don't mean to call anyone 'Shirley'!])

        ==
        jd
        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v2.0.4-svn0 (GNU/Linux)

        iD8DBQFIGynBhpL3F+HeDrIRAkyVAKCLG76W7q8Q1yDBqM6HCy87T2YWjACgpW2c
        /W58YEti1HoMjFGTxdt77GI=
        =+NQC
        -----END PGP SIGNATURE-----
      • /dev/rob0
        ... That won t match! Furthermore it s entirely the wrong tool for the purpose as described. Mail routing is done using the envelope recipient, and thus you
        Message 3 of 4 , May 2, 2008
        • 0 Attachment
          On Thu May 1 2008 10:27:13 John Baker wrote:
          > I have only used headers checks to hold for spam scanning.
          >
          > But today after a phising scam came in purporting to be from our
          > helpdesk I put one like this in to block users from replying:
          >
          > /^To: fromthehelpdesk2007@.../ REJECT

          That won't match!

          Furthermore it's entirely the wrong tool for the purpose as described.
          Mail routing is done using the envelope recipient, and thus you need a
          check_recipient_access lookup to happen *before* permit_mynetworks and
          permit_sasl_authenticated.

          > And then I get this warning when I run postmap
          > /etc/postfix/header_checks
          >
          > postmap: warning: /etc/postfix/header_checks, line 1: record is in
          > "key: value" format; is this an alias file?

          The FAQ of trying to compile a regexp or pcre file with postmap(1),
          already answered.

          > It appeared from all the information I could find that I was going
          > about this the right way and the check actually does seem to work.

          You didn't find very good information. Try going into one of your
          users' MUAs and hit "reply". Then look at the actual MUA-generated
          "To:" header. Check your expression against that header using
          "postmap -q" or other pcre/regexp tool.

          > But I'm not clear on exactly what is going on. Why do I get this
          > warning and is there a proper way to do this that will make the
          > warning stop when I add a header_check?

          Patient: "Doc, it hurts when I do this."
          Doctor: "So don't do that!"
          --
          Offlist mail to this address is discarded unless
          "/dev/rob0" or "not-spam" is in Subject: header
        Your message has been successfully submitted and would be delivered to recipients shortly.