Postfix header_checks not working: Invalid preceding regular expression

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix header_checks not working: Invalid preceding regular expression

Simone Marchioni
I have a problem with Postfix. Recently we are receiving mail messages
with malformed "From:" headers as these:

From: "Name Surname <[hidden email]>" <[hidden email]>
From: "[hidden email]" <[hidden email]>

Ended up with a solution based on PCRE header checks, with these two regexp:

/^From:.+(".+<(.*@+.*)>").*<((?!\2).*)>$/ REJECT
/^From:.+("([^<>]*@+[^<>]*)").*<((?!\2).*)>$/ REJECT

Modified /etc/postfix/header_checks with these and then made a:

postmap /etc/postfix/header_checks

and reloaded postfix.

Seems to work ok and Postfix apparently handles the PCRE with no problem:

postmap -q 'From: "Name Surname <[hidden email]>"
<[hidden email]>' pcre:/etc/postfix/header_checks
REJECT
postmap -q 'From: "[hidden email]" <[hidden email]>'
pcre:/etc/postfix/header_checks
REJECT

But in real usage the mails are not being blocked.
Looking at the logs there are the following (repeated) errors:

Nov 22 10:52:19 mx1 postfix/cleanup[32087]: warning: regexp map
/etc/postfix/header_checks, line 497: Invalid preceding regular expression
Nov 22 10:52:19 mx1 postfix/cleanup[32087]: warning: regexp map
/etc/postfix/header_checks, line 498: Invalid preceding regular expression

The content of the /etc/postfix/header_checks file is the following (the
first 496 lines are comments):

/^From:.+(".+<(.*@+.*)>").*<((?!\2).*)>$/ REJECT
/^From:.+("([^<>]*@+[^<>]*)").*<((?!\2).*)>$/ REJECT
/^Subject:/ WARN

Additional info:

- There are no receive_override_options: the file is used as the subject
are correctly logged in logfile (last line of
/etc/postfix/header_checks). And the errors too shows the file is
handled by postfix.
- Tested the two regexp with multiple online services and they seems
correct: also the postmap -q tests shows they are working correctly.
- Version and operating system: Postfix 2.10.1 and PCRE 8.32 on a CentOS 7.7

Any idea why with postmap -q it shows REJECT but in real usage it
doesn't work?

Thanks,
Simone
Reply | Threaded
Open this post in threaded view
|

Re: Postfix header_checks not working: Invalid preceding regular expression

Dominic Raferd


On Mon, 9 Dec 2019 at 14:13, Simone Marchioni <[hidden email]> wrote:
I have a problem with Postfix. Recently we are receiving mail messages
with malformed "From:" headers as these:

From: "Name Surname <[hidden email]>" <[hidden email]>
From: "[hidden email]" <[hidden email]>

Ended up with a solution based on PCRE header checks, with these two regexp:

/^From:.+(".+<(.*@+.*)>").*<((?!\2).*)>$/ REJECT
/^From:.+("([^<>]*@+[^<>]*)").*<((?!\2).*)>$/ REJECT

Modified /etc/postfix/header_checks with these and then made a:

postmap /etc/postfix/header_checks

and reloaded postfix.

Seems to work ok and Postfix apparently handles the PCRE with no problem:

postmap -q 'From: "Name Surname <[hidden email]>"
<[hidden email]>' pcre:/etc/postfix/header_checks
REJECT
postmap -q 'From: "[hidden email]" <[hidden email]>'
pcre:/etc/postfix/header_checks
REJECT

But in real usage the mails are not being blocked.
Looking at the logs there are the following (repeated) errors:

Nov 22 10:52:19 mx1 postfix/cleanup[32087]: warning: regexp map
/etc/postfix/header_checks, line 497: Invalid preceding regular expression
Nov 22 10:52:19 mx1 postfix/cleanup[32087]: warning: regexp map
/etc/postfix/header_checks, line 498: Invalid preceding regular expression

The content of the /etc/postfix/header_checks file is the following (the
first 496 lines are comments):

/^From:.+(".+<(.*@+.*)>").*<((?!\2).*)>$/ REJECT
/^From:.+("([^<>]*@+[^<>]*)").*<((?!\2).*)>$/ REJECT
/^Subject:/ WARN

Additional info:

- There are no receive_override_options: the file is used as the subject
are correctly logged in logfile (last line of
/etc/postfix/header_checks). And the errors too shows the file is
handled by postfix.
- Tested the two regexp with multiple online services and they seems
correct: also the postmap -q tests shows they are working correctly.
- Version and operating system: Postfix 2.10.1 and PCRE 8.32 on a CentOS 7.7

Any idea why with postmap -q it shows REJECT but in real usage it
doesn't work?

Check that in main.cf and/or master.cf you are specifying the file with type pcre: (and not say type regexp:)
Reply | Threaded
Open this post in threaded view
|

Re: Postfix header_checks not working: Invalid preceding regular expression

@lbutlr
In reply to this post by Simone Marchioni
On 09 Dec 2019, at 07:12, Simone Marchioni <[hidden email]> wrote:
> I have a problem with Postfix. Recently we are receiving mail messages with malformed "From:" headers as these:
>
> From: "Name Surname <[hidden email]>" <[hidden email]>
> From: "[hidden email]" <[hidden email]>

There is nothing malformed about these headers.




--
A closed mouth gathers no feet.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix header_checks not working: Invalid preceding regular expression

Simone Marchioni
In reply to this post by Dominic Raferd


Il 09/12/19 15:34, Dominic Raferd ha scritto:
On Mon, 9 Dec 2019 at 14:13, Simone Marchioni <[hidden email]> wrote:
I have a problem with Postfix. Recently we are receiving mail messages
with malformed "From:" headers as these:

From: "Name Surname <[hidden email]>" <[hidden email]>
From: "[hidden email]" <[hidden email]>

Ended up with a solution based on PCRE header checks, with these two regexp:

/^From:.+(".+[hidden email]").*<((?!\2).*)>$/ REJECT
/^From:.+("([^<>]*@+[^<>]*)").*<((?!\2).*)>$/ REJECT

Modified /etc/postfix/header_checks with these and then made a:

postmap /etc/postfix/header_checks

and reloaded postfix.

Seems to work ok and Postfix apparently handles the PCRE with no problem:

postmap -q 'From: "Name Surname <[hidden email]>"
<[hidden email]>' pcre:/etc/postfix/header_checks
REJECT
postmap -q 'From: "[hidden email]" <[hidden email]>'
pcre:/etc/postfix/header_checks
REJECT

But in real usage the mails are not being blocked.
Looking at the logs there are the following (repeated) errors:

Nov 22 10:52:19 mx1 postfix/cleanup[32087]: warning: regexp map
/etc/postfix/header_checks, line 497: Invalid preceding regular expression
Nov 22 10:52:19 mx1 postfix/cleanup[32087]: warning: regexp map
/etc/postfix/header_checks, line 498: Invalid preceding regular expression

The content of the /etc/postfix/header_checks file is the following (the
first 496 lines are comments):

/^From:.+(".+[hidden email]").*<((?!\2).*)>$/ REJECT
/^From:.+("([^<>]*@+[^<>]*)").*<((?!\2).*)>$/ REJECT
/^Subject:/ WARN

Additional info:

- There are no receive_override_options: the file is used as the subject
are correctly logged in logfile (last line of
/etc/postfix/header_checks). And the errors too shows the file is
handled by postfix.
- Tested the two regexp with multiple online services and they seems
correct: also the postmap -q tests shows they are working correctly.
- Version and operating system: Postfix 2.10.1 and PCRE 8.32 on a CentOS 7.7

Any idea why with postmap -q it shows REJECT but in real usage it
doesn't work?

Check that in main.cf and/or master.cf you are specifying the file with type pcre: (and not say type regexp:)

Makes me feels so stupid... you're right: was specified with regexp.
Now with pcre: the error gone away.

Thank you very much for your time.
Simone
Reply | Threaded
Open this post in threaded view
|

Re: Postfix header_checks not working: Invalid preceding regular expression

Wietse Venema
In reply to this post by Simone Marchioni
Simone Marchioni:
> Any idea why with postmap -q it shows REJECT but in real usage it
> doesn't work?

What happens when you do

    $ LANG=C postmap -q ....

Hint: Postfix daemons run in the C locale, and you may have some
UTF8 in your pattern.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix header_checks not working: Invalid preceding regular expression

Simone Marchioni
Il 09/12/19 16:10, Wietse Venema ha scritto:

> Simone Marchioni:
>> Any idea why with postmap -q it shows REJECT but in real usage it
>> doesn't work?
> What happens when you do
>
>      $ LANG=C postmap -q ....
>
> Hint: Postfix daemons run in the C locale, and you may have some
> UTF8 in your pattern.
>
> Wietse

Tried the same tests I used to check the regexp was working properly,
but prepending them with LANG=C, and the results where the same: what
was REJECTED before was REJECTED again, and what passed was passing again.

Thank you for your clarification!
Simone