Hi Stephane, postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases body_checks = regexp:/etc/postfix/bodychecks canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 10 default_privs = nobody inet_interfaces = all local_destination_concurrency_limit = 2 mail_name = Postfix mail_owner = postfix mail_spool_directory = /var/mail mydestination = $myhostname, localhost.$mydomain, $mydomain mydomain = belfin.reinach myhostname = mx.belfin.reinach mynetworks = 10.0.0.0/24, 127.0.0.0/8 program_directory = /usr/lib/postfix queue_directory = /var/spool/postfix relocated_maps = hash:/etc/postfix/relocated smtpd_banner = $myhostname ESMTP $mail_name smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_maps = hash:/etc/postfix/virtual Version: 20001212-4 Version should not be an issue cause header_checks for MIME encoded mails works wonderfully (for testing it's disabled right now). For UUENCODE e-mails regexp in body_checks does not work. Philipp
-----Ursprungliche Nachricht----- Von: stephane parenton [mailto:sparenton@experia.com] Gesendet: Freitag, 5. Oktober 2001 09:37 An: Philipp Snizek Cc: suse-security@suse.com Betreff: Re: [suse-security] postfix regexp in body_checks
Philipp Snizek wrote:
Hi,
I hope I hit the right list with my request. I'm trying to
set up a filter for postfix to filter
malicious stuff like all windows executables. For MIME encoded headers I had no problem, this works fine. But if the header is uuencode, the attachment is only visible in the e-mail's body. I tried a regexp like /.*\.(bat|exe|cmd|vbs|vba)/ REJECT in /etc/postfix/body_checks which should filter all *.bat|and so on. But nothing at all happens. Mails go thru as if there wasn't an obstacle.
If there is some postfix & regexp pro on this list, please tell me what I am doing wrong.
I'm not a pro, but I've been testing this a while so maybe I can help you. First of all, what version of postfix do you use ?... if it's an old version, the body & header checks were not usable... tell me what is your snapshot #.