milter_header_checks not supporting pcre

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

milter_header_checks not supporting pcre

Matthias Schneider
i am trying to use this feature in postfix 2.11:
http://www.postfix.org/postconf.5.html#milter_header_checks

I have created a milter which adds a Header: "X-Body: bla" and i'd like to filter mails, unfortunately the cleanup process doesn't support pcre for "milter_header_checks", if i use the same pcre file for "header_checks" instead of milter_header_checks the pcre check is working,

here my debug cleanup -v log :

Aug 12 12:30:55 mslnx postfix/cleanup[22263]: reply: SMFIR_ADDHEADER data 11 bytes
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: hbc_header_checks: 'X-Body: bla'
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: warning: pcre:/etc/postfix/milter_header_checks is unavailable. unsupported dictionary type: pcre
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: warning: pcre:/etc/postfix/milter_header_checks lookup error for "X-Body: bla"
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: maps_find: milter_header_checks: X-Body: bla: search aborted
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: warning: 268A6A80F9B: milter_header_checks map lookup problem -- message not accepted, try again later
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: reply: SMFIR_ACCEPT data 0 bytes
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: maps_free: pcre:/etc/postfix/milter_header_checks(0,lock)
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: leave cleanup_milter

main.cf:
smtpd_milters = unix:/pythonsock
milter_header_checks = pcre:/etc/postfix/milter_header_checks
#header_checks = pcre:/etc/postfix/milter_header_checks <- this works fine when uncommented

/etc/postfix/milter_header_checks:
/^X-Body:\s+bla/ OK
/^./@./$/ REJECT

pcre is installed and configured in dynamicmaps.cf

$postmap -v -q "X-Body: bla" pcre:/etc/postfix/milter_header_checks
postmap: name_mask: all
postmap: inet_addr_local: configured 3 IPv4 addresses
postmap: inet_addr_local: configured 7 IPv6 addresses
postmap: dict_open: pcre:/etc/postfix/milter_header_checks
postmap: dict_pcre_lookup: /etc/postfix/milter_header_checks: X-Body: bla
OK

$postmap -v -q "a@bc" pcre:/etc/postfix/milter_header_checks
postmap: name_mask: all
postmap: inet_addr_local: configured 3 IPv4 addresses
postmap: inet_addr_local: configured 7 IPv6 addresses
postmap: dict_open: pcre:/etc/postfix/milter_header_checks
postmap: dict_pcre_lookup: /etc/postfix/milter_header_checks: a@bc
REJECT


Best regards
Matthias Schneider

Reply | Threaded
Open this post in threaded view
|

Re: milter_header_checks not supporting pcre

lists@rhsoft.net

Am 12.08.2014 um 13:59 schrieb Matthias Schneider:

> i am trying to use this feature in postfix 2.11:
> http://www.postfix.org/postconf.5.html#milter_header_checks
>
> I have created a milter which adds a Header: "X-Body: bla" and i'd like to filter mails, unfortunately the cleanup
> process doesn't support pcre for "milter_header_checks", if i use the same pcre file for "header_checks" instead of
> milter_header_checks the pcre check is working,
>
> warning: pcre:/etc/postfix/milter_header_checks is unavailable.
>
> unsupported dictionary type: pcre

what does "postconf -m" list - most likely not pcre
if not complain at the distributor responsible for the postfix build

[root@rh:~]$ postconf -m
btree
cidr
environ
fail
hash
internal
memcache
mysql
pcre
proxy
regexp
socketmap
static
tcp
texthash
unix
Reply | Threaded
Open this post in threaded view
|

Re: milter_header_checks not supporting pcre

Matthias Schneider
please note that pcre is working fine with normal "header_checks", the
problem is just with milter_header_checks :

# postconf -m
btree
cidr
environ
fail
hash
internal
memcache
nis
pcre
proxy
regexp
sdbm
socketmap
sqlite
static
tcp
texthash
unix

> what does "postconf -m" list - most likely not pcre
> if not complain at the distributor responsible for the postfix build
>
> [root@rh:~]$ postconf -m
> btree
> cidr
> environ
> fail
> hash
> internal
> memcache
> mysql
> pcre
> proxy
> regexp
> socketmap
> static
> tcp
> texthash
> unix

Reply | Threaded
Open this post in threaded view
|

Re: milter_header_checks not supporting pcre

Matthias Schneider
i searched the code what returns the error, hope this will help.

if you have any suggestions or experimantal code changes i'll compile
and test them
with my addheader milter.

Best regards
Matthias Schneider


cleanup_milter.c:

381 static int cleanup_milter_header_checks(CLEANUP_STATE *state,
VSTRING *buf)
382 {
383     char   *ret;
384
385     /*
386      * Milter application "add/insert/replace header" requests
happen at the
387      * end-of-message stage, therefore all the header operations are
relative
388      * to the primary message header.
389      */
390     ret = hbc_header_checks((void *) state, state->milter_hbc_checks,
391                 MIME_HDR_PRIMARY, (HEADER_OPTS *) 0,
392                 buf, (off_t) 0);
393     if (ret == 0) {
394     return (0);
395     } else if (ret == HBC_CHECKS_STAT_ERROR) {
396     msg_warn("%s: %s map lookup problem -- "
397          "message not accepted, try again later",
398          state->queue_id, VAR_MILT_HEAD_CHECKS);
399     state->errs |= CLEANUP_STAT_WRITE;
400     return (0);
401     } else {
402     if (ret != STR(buf)) {
403         vstring_strcpy(buf, ret);
404         myfree(ret);
405     }
406     return (1);
407     }
408 }



Reply | Threaded
Open this post in threaded view
|

Re: milter_header_checks not supporting pcre

Matthias Schneider
I found a solution, turning off chroot for cleanup in master.cf

cleanup   unix  n       -       n       -       0       cleanup

this should be added to the documention:
http://www.postfix.org/postconf.5.html#milter_header_checks
Reply | Threaded
Open this post in threaded view
|

Re: milter_header_checks not supporting pcre

Viktor Dukhovni
On Tue, Aug 12, 2014 at 04:04:46PM +0200, Matthias Schneider wrote:

> I found a solution, turning off chroot for cleanup in master.cf
>
> cleanup   unix  n       -       n       -       0       cleanup
>
> this should be added to the documention:
> http://www.postfix.org/postconf.5.html#milter_header_checks

When using dynamicmaps.cf, the table drivers (shared objects) need
to also be present in the chroot jail.  Milter header check tables
are currently registered on the fly, after the process is chrooted.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: milter_header_checks not supporting pcre

lists@rhsoft.net
In reply to this post by Matthias Schneider


Am 12.08.2014 um 16:04 schrieb Matthias Schneider:
> I found a solution, turning off chroot for cleanup in master.cf
>
> cleanup   unix  n       -       n       -       0       cleanup
>
> this should be added to the documention:
> http://www.postfix.org/postconf.5.html#milter_header_checks

no - chroot should not be enabled until someone knows
exactly what he is doing and it is *not* enabled by
default except by the Debian maintainers

over years more then 50% of the here reported problems
are caused by chroot enabled somewhere in "master.cf"