From: /dev/rob0 (rob0gmx.co.uk)
Date: Fri May 02 2008 - 12:36:18 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu May 1 2008 10:27:13 John Baker wrote:
> I have only used headers checks to hold for spam scanning.
>
> But today after a phising scam came in purporting to be from our
> helpdesk I put one like this in to block users from replying:
>
> /^To: fromthehelpdesk2007gmail.com/ REJECT

That won't match!

Furthermore it's entirely the wrong tool for the purpose as described.
Mail routing is done using the envelope recipient, and thus you need a
check_recipient_access lookup to happen *before* permit_mynetworks and
permit_sasl_authenticated.

> And then I get this warning when I run postmap
> /etc/postfix/header_checks
>
> postmap: warning: /etc/postfix/header_checks, line 1: record is in
> "key: value" format; is this an alias file?

The FAQ of trying to compile a regexp or pcre file with postmap(1),
already answered.

> It appeared from all the information I could find that I was going
> about this the right way and the check actually does seem to work.

You didn't find very good information. Try going into one of your
users' MUAs and hit "reply". Then look at the actual MUA-generated
"To:" header. Check your expression against that header using
"postmap -q" or other pcre/regexp tool.

> But I'm not clear on exactly what is going on. Why do I get this
> warning and is there a proper way to do this that will make the
> warning stop when I add a header_check?

Patient: "Doc, it hurts when I do this."
Doctor: "So don't do that!"
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]