Quantcast

creating header checks

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

creating header checks

John Baker-5
Hi

I have only used headers checks to hold for spam scanning.

But today after a phising scam came in purporting to be from our
helpdesk I put one like this in to block users from replying:

/^To: [hidden email]/ REJECT

And then I get this warning when I run postmap /etc/postfix/header_checks

postmap: warning: /etc/postfix/header_checks, line 1: record is in "key:
value" format; is this an alias file?

It appeared from all the information I could find that I was going about
this the right way and the check actually does seem to work.

But I'm not clear on exactly what is going on. Why do I get this warning
and is there a proper way to do this that will make the warning stop
when I add a header_check?
--
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: creating header checks

d.hill
On Thu, 1 May 2008 at 11:27 -0400, [hidden email] confabulated:

> Hi
>
> I have only used headers checks to hold for spam scanning.
>
> But today after a phising scam came in purporting to be from our helpdesk I
> put one like this in to block users from replying:
>
> /^To: [hidden email]/ REJECT
>
> And then I get this warning when I run postmap /etc/postfix/header_checks
>
> postmap: warning: /etc/postfix/header_checks, line 1: record is in "key:
> value" format; is this an alias file?

There is no need to postmap pcre or regexp files.

> It appeared from all the information I could find that I was going about this
> the right way and the check actually does seem to work.
>
> But I'm not clear on exactly what is going on. Why do I get this warning and
> is there a proper way to do this that will make the warning stop when I add a
> header_check?
> --
> John Baker
> Network Systems Administrator
> Marlboro College
> Phone: 451-7551 off campus; 551 on campus
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: creating header checks

j debert
In reply to this post by John Baker-5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Baker さんは書きました:
| Hi
|
| I have only used headers checks to hold for spam scanning.
|
| But today after a phising scam came in purporting to be from our
| helpdesk I put one like this in to block users from replying:
|
| /^To: [hidden email]/ REJECT
|

This is a regular expression form: (regexp or pcre)

However, you probably should escape the "." thus: "\.", since "."
means 'match any character' in regexps. Fortunately, it already
matches what you want to match. Using "\." will match it literally.

(It might be helpful to add text to your REJECT to explain why your
users' replies your "helpdesk" are being rejected or they might think
you don't like them anymore.)

| And then I get this warning when I run postmap
/etc/postfix/header_checks
|
| postmap: warning: /etc/postfix/header_checks, line 1: record is in
"key:
| value" format; is this an alias file?
|

Postmap can make a map from a regexp or pcre file but the results are
useless, afaik. The postmap manpage doesn't seem to indicate this.
Postmapping regexp files is a common mistake even among experienced
postfixers. (I wonder whether gurus ever make this mistake...)

| It appeared from all the information I could find that I was going
about
| this the right way and the check actually does seem to work.
|

You're apparently not using the resulting hash file header_checks.db,
so it will work just fine.

| But I'm not clear on exactly what is going on. Why do I get this
warning
| and is there a proper way to do this that will make the warning stop
| when I add a header_check?

Remember not to postmap regexp files like header_checks. perhaps
appending ".regex" or ".pcre" to these files will be a helpful reminder.

(Is there a regexp/pcre howto or tutorial somewhere? I bought a little
Bell manual 20+ years ago that covers regexps exhaustively so /I/
don't need it but surely such a howto would be useful for those who
don't have such a book. [sorry, don't mean to call anyone 'Shirley'!])

==
jd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFIGynBhpL3F+HeDrIRAkyVAKCLG76W7q8Q1yDBqM6HCy87T2YWjACgpW2c
/W58YEti1HoMjFGTxdt77GI=
=+NQC
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: creating header checks

/dev/rob0
In reply to this post by John Baker-5
On Thu May 1 2008 10:27:13 John Baker wrote:
> I have only used headers checks to hold for spam scanning.
>
> But today after a phising scam came in purporting to be from our
> helpdesk I put one like this in to block users from replying:
>
> /^To: [hidden email]/ REJECT

That won't match!

Furthermore it's entirely the wrong tool for the purpose as described.
Mail routing is done using the envelope recipient, and thus you need a
check_recipient_access lookup to happen *before* permit_mynetworks and
permit_sasl_authenticated.

> And then I get this warning when I run postmap
> /etc/postfix/header_checks
>
> postmap: warning: /etc/postfix/header_checks, line 1: record is in
> "key: value" format; is this an alias file?

The FAQ of trying to compile a regexp or pcre file with postmap(1),
already answered.

> It appeared from all the information I could find that I was going
> about this the right way and the check actually does seem to work.

You didn't find very good information. Try going into one of your  
users' MUAs and hit "reply". Then look at the actual MUA-generated
"To:" header. Check your expression against that header using
"postmap -q" or other pcre/regexp tool.

> But I'm not clear on exactly what is going on. Why do I get this
> warning and is there a proper way to do this that will make the
> warning stop when I add a header_check?

Patient: "Doc, it hurts when I do this."
Doctor:  "So don't do that!"
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Loading...