you didn't compile in regexp support?
think yes. Or why would regexp work in header_checks then?
You didn't reload postfix?
oh, yes I did. Although obsolete I even restarted it with rcpostfix restart. Just to be all sure.
I dunno.
Me either. That's why I'm asking.
Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/
----- Original Message ----- From: "Philipp Snizek" <mailinglists@belfin.ch> To: "'Kurt Seifried'" <listuser@seifried.org>; <suse-security@suse.com> Sent: Friday, October 05, 2001 12:04 AM Subject: AW: [suse-security] postfix regexp in body_checks
-----Ursprüngliche Nachricht----- Von: Kurt Seifried [mailto:listuser@seifried.org] Gesendet: Freitag, 5. Oktober 2001 00:07 An: Philipp Snizek; suse-security@suse.com Betreff: Re: [suse-security] postfix regexp in body_checks
body_checks = regexp:/etc/postfix/body-checks
this one is in my main.cf: body_checks = regexp:/etc/postfix/bodychecks
# #.386 Windows 386 enhanced mode driver # /name=".*.386"/ REJECT
This is the content of my /etc/postfix/bodychecks /name=".*.bat"/ REJECT
and so on. it's poor regex (overly matching) but I'm not
to worried.
but mails still go thru. Have you got any ideas?
Philipp
Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/
----- Original Message ----- From: "Philipp Snizek" <mailinglists@belfin.ch> To: <suse-security@suse.com> Sent: Thursday, October 04, 2001 1:45 PM Subject: [suse-security] postfix regexp in body_checks
Hi,
I hope I hit the right list with my request. I'm trying to set up a filter for postfix to filter malicious stuff like all windows executables. For MIME encoded headers I had no problem, this works fine. But if the header is uuencode, the attachment is only visible in the e-mail's body. I tried a regexp like /.*.(bat|exe|cmd|vbs|vba)/ REJECT in /etc/postfix/body_checks which should filter all *.bat|and so on. But nothing at all happens. Mails go thru as if there wasn't an obstacle.
If there is some postfix & regexp pro on this list, please tell me what I am doing wrong.
Thanx, Philipp
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com