LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-02-2004, 04:37 AM   #1
wijnands
Member
 
Registered: Mar 2004
Posts: 132

Rep: Reputation: 15
postfix regexp question


Hi,

I run postfix 1.1.12 at home. Works nicely, secure and all that. I'm using the postfix body_checks function to keep virusses away from my inbox. Usually this works well but recently I got into problems there.

my domain is wijnands.xs4all.nl, my isp's mailservers are called maildropx.xs4all.nl, they are sending mail from normal users and are also the output servers for my backup mx host.

Now I'm seeing entries like this:

Jun 1 22:21:43 vuurmuur postfix/smtpd[15672]: 9CE03D0E: client=maildrop17.xs4all.nl[194.109.127.147]
Jun 1 22:21:43 vuurmuur postfix/cleanup[15788]: 9CE03D0E: message-id=<f869550f68a14e.78b84.qmail@wijnands.xs4all.nl>
Jun 1 22:21:43 vuurmuur postfix/cleanup[15788]: 9CE03D0E: reject: body UEsDBAoAAAAAAAFYrjCN6Qnn/cEAAP3BAAAfAAAAcC16aXBwZWRfZmlsZV9kYXRhICAgICAgICAg; from=<jeroen@wijnands.xs4all.nl> to=<Hf7.95@wijnands.xs4all.nl>: Suspected w32.mydoom.a/w32.novarg virus in attachment
Jun 1 22:21:45 vuurmuur postfix/cleanup[15673]: 7EFE7CDA: message-id=<20040601202142.7EFE7CDA@wijnands.xs4all.nl>
Jun 1 22:21:45 vuurmuur postfix/cleanup[15673]: 7EFE7CDA: reject: body ?name="bill.scr"; from=<kateurboy34@aol.com> to=<jeroen@wijnands.xs4all.nl>: virus-like attachment, please use zip to send binary files - mogelijk virus in je email, gebruik aub zip om bestanden te versturen
Jun 1 22:21:49 vuurmuur postfix/smtpd[15672]: AC6FAD0E: client=maildrop17.xs4all.nl[194.109.127.147]
Jun 1 22:21:49 vuurmuur postfix/cleanup[15788]: AC6FAD0E: message-id=<f869550f68a14e.78b84.qmail@wijnands.xs4all.nl>
Jun 1 22:21:49 vuurmuur postfix/cleanup[15788]: AC6FAD0E: reject: body UEsDBAoAAAAAAAFYrjCN6Qnn/cEAAP3BAAAfAAAAcC16aXBwZWRfZmlsZV9kYXRhICAgICAgICAg; from=<jeroen@wijnands.xs4all.nl> to=<marjatiditweglaten@wijnands.xs4all.nl>: Suspected w32.mydoom.a/w32.novarg virus in attachment
Jun 1 22:21:55 vuurmuur postfix/smtpd[15672]: C0E6BD0E: client=maildrop17.xs4all.nl[194.109.127.147]
Jun 1 22:21:55 vuurmuur postfix/cleanup[15788]: C0E6BD0E: message-id=<200406012016.i51KGZ97029660@maildrop17.xs4all.nl>
Jun 1 22:21:56 vuurmuur postfix/cleanup[15788]: C0E6BD0E: reject: body UEsDBAoAAAAAAAFYrjCN6Qnn/cEAAP3BAAAfAAAAcC16aXBwZWRfZmlsZV9kYXRhICAgICAgICAg; from=<> to=<jeroen@wijnands.xs4all.nl>: Suspected w32.mydoom.a/w32.novarg virus in attachment
Jun 1 22:22:01 vuurmuur postfix/smtpd[15672]: 642BBD0E: client=maildrop17.xs4all.nl[194.109.127.147]
Jun 1 22:22:05 vuurmuur postfix/cleanup[15788]: 642BBD0E: message-id=<200406012016.i51KGfmS029817@maildrop17.xs4all.nl>
Jun 1 22:22:05 vuurmuur postfix/cleanup[15788]: 642BBD0E: reject: body UEsDBAoAAAAAAAFYrjCN6Qnn/cEAAP3BAAAfAAAAcC16aXBwZWRfZmlsZV9kYXRhICAgICAgICAg; from=<> to=<jeroen@wijnands.xs4all.nl>: Suspected w32.mydoom.a/w32.novarg virus in attachment
<truncated>


I've already had a word with the xs4all admins, they don't really mind but I do since this has doubled my log file size.

I'd still like to keep reject virusses on general principle but I think what I need to do is modify my body_checks so that any virus from maildropX.xs4all.nl is discarded instead of bounced.

Any feedback on that?

Next problem, I'm really bad at regexp writing. Anyone willing to help me out there?

TIA!
 
Old 06-03-2004, 06:19 AM   #2
wijnands
Member
 
Registered: Mar 2004
Posts: 132

Original Poster
Rep: Reputation: 15
ok, failing that, a good regexp primer for dummies?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
regexp help cliff76 Linux - Newbie 3 03-07-2008 02:15 PM
little help for regexp EmOuBi Linux - Newbie 6 08-06-2005 02:19 AM
Regexp question scuffell Programming 4 04-30-2005 03:35 AM
regexp help ... pld Programming 1 03-15-2005 03:45 PM
regexp question rytrom Linux - Newbie 3 09-01-2003 12:50 PM


All times are GMT -5. The time now is 07:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration