On Thu, Jan 02, 2003 at 12:48:26AM -0600, Noel Jones wrote:
> Only things that jump out at me are:
> - sure do have a lot of header_checks here...

...I get a hellacious amount of spam.

> - I don't believe it's necessary to escape with PCRE (or regexp). But
> I don't think this is your problem.

Neither do I, but put it down to constructive paranoia.

> - Nearly all your matches are right-anchored with a $. Are you sure
> this is what you want? This will only match if an address header ends
> with the specified text.

Actually, thinking more about it, no it probably isn't in many cases,
since Postfix checks the entire header line, not just one address at a
time. I should think about how to do that better. I really need to be
able to match against either end-of-line there, or a comma.

Hmmm .... perhaps an optional comma followed by whitespace, since I
believe EOL is considered whitespace...?

> - what are you trying to match with
> /^(to|cc|from|reply-to):.*\.*[^o][^z]email\.com$/ REJECT
> Looks to me like this will allow domains ending with "ozemail.com" but
> reject anything else ending with "..email.com". Fine if this is what
> you intend.

Precisely.

> - The following rule is unlikely to do what you intend.
> /^(to|cc|from|reply-to):.*\.*promot(eion)$/ REJECT
> maybe /^(to|cc|from|reply-to):.*.*promot(eion)?$/ REJECT
> using a ? after (eion) to make that part optional

Erm. That's supposed to be promot(e|ion). I'll have to fix that.
Thanks for catching it.

I was able to do some testing earlier with the sysadmin of one of my
backup MX sites, who had one of the offending messages stuck in his
queue. Before we had a mishap and lost the test-case message, we were
able to verify that (1) Postfix is breaking at dict_pcre_lookup:
/etc/postfix/spam_sites, and (2) it's breaking within the first 16
regexps in that file, before we had a mishap and lost the test-case
message. However, I've scrutinized those first 16 regexps minutely,
and if there's anything wrong with them I can't see it. We'll have
to wait for another testcase message to come in now, but when it
does, I fully expect to see it fail within the first 8, the first 4, the
first 2, and down to a single regexp.

What I'm curious to see is whether it fails when the file is empty.

-- 
 .*********  Fight Back!  It may not be just YOUR life at risk.  *********.
 : phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
 :  alaricbabcom.com  :  alaric-ruthvenearthlink.net  :  phillatt.net  :
 :   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)   :
 :    Linux Now!   ...Because friends don't let friends use Microsoft.    :

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]