OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Noel Jones (njones_at_megan.vbhcs.org)
Date: Sun Sep 01 2002 - 22:33:57 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----- Original Message -----
    From: "Stephen McHenry" <postlistsofti.com>
    To: <postfix-userspostfix.org>
    Sent: Sunday, September 01, 2002 9:05 PM
    Subject: Body_checks and LogCheck conflict

    > I just installed Postfix and one of the features I couldn't wait
    to use is
    > the UCE controls - specifically, header_checks and body_checks.
    Postfix
    > seems to be working very well in bagging a lot of crap that used
    to fill my
    > inbox.
    >
    > Only one hitch... I run logcheck (the utility that scans the log
    files
    > periodically and sends "interesting" entries to an email address -
    in my
    > case, once per hour). Now, when Postfix discovers UCE via a body
    check, it
    > puts part of the match into the log message. When logcheck picks
    up the
    > entry and puts it in the body of its own message, the logcheck
    message is
    > also bagged as UCE, and rejected.
    >
    > Has anyone encountered this? I tried putting a header check that
    would
    > accept the message, but it doesn't help as body checks are still
    run and it
    > kicks it out.
    >
    > My workaround is to tell logcheck to ignore those entries, but I'd
    rather
    > be getting that information. Has anyone dealt with this issue? It
    would be
    > nice for an unconditional ACCEPT in either header or body checks -
    i.e., if
    > it matches here, accept it and don't do any more checks on this
    message.
    >

    Many of us have had that same problem using the pflogsumm.pl
    program, but there are a couple workarounds.

    This is kind of tricky to do, but if you can figure out a common
    component of the lines you wish to pass, you can put an OK rule in
    your body_checks at the beginning of the file, before the lines that
    would otherwise match and reject the message. This will allow those
    lines to pass.
    For this to be effective, you need to make it as restrictive as
    possible, i.e. try to make it only pass your log entries without
    missing stuff you really intend to block.

    Maybe something like:

    /hostname postfix\/cleanup\[ .* reject: body/ OK

    where hostname is your local hostname reported in your log. You
    might need to adjust this depending on what your log entries look
    like.

    The other things you can do are zip or uuencode the log entry and
    send it as an attachment with mutt, or you can use some perl module
    to mime encode it. 

    --
Noel Jones

    -
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users