LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-23-2009, 03:13 PM   #1
shudini
LQ Newbie
 
Registered: Jul 2008
Posts: 6

Rep: Reputation: 0
Postfix Regexp lookahead body check


I am trying to have my Postfix server block emails that contain links that are highly likely to be spam - specifically links that contain a format similar to mysite.com.something.dn where the recipient is supposed to be fooled into thinking it's mysite.com when in reality it is something else. i am trying to use a regexp in the body check to do this, but for some reason it is not working. initially, i tried blocking using /.*http:.*?\.(com|org)\./ which worked but found that there were legitimate sites that contained mysite.com.com. As a result, i decided to only block emails that contained a standard root domain but did not end with that actual root domain: /.*http:.*?\.(com|org)\.(?!(com|org)).*/ (any link containing .com or .org not followed by .com or .org. It's primitive, I know, but for my operation it would be effective and i am prepared to take the risk of false positives. Unfortunately, this is not working. I debugged the mail going through and it clearly contained an entry which should have matched but didn't. Does Postfix have the ability to perform a negative lookahead in a regexp?

Here's the line from my config file:

body_checks = regexp:/etc/postfix/body_checks

Any help would be greatly appreciated.

Shuie
 
Old 07-23-2009, 05:30 PM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
I would use clamav-milter. Clamav already has facilities for such things. This is from clamd.conf:
Code:
...
# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
#PhishingScanURLs yes
...
You'd also be getting a virus scanner for free. To do the lookahead stuff, you need to use pcre, not regexp.
 
Old 07-24-2009, 09:32 AM   #3
shudini
LQ Newbie
 
Registered: Jul 2008
Posts: 6

Original Poster
Rep: Reputation: 0
Thank you for your help!

-shuie
 
  


Reply

Tags
postfix


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hello every body, i'm using redhat linux I don't know about samba server any body seenas Linux - Newbie 2 07-04-2009 04:47 AM
Postfix regexp header_checks issue shudini Linux - Server 4 06-07-2009 02:19 PM
Starting postfix: Postfix integrity check failed! Leirith Linux - Software 2 01-02-2008 10:55 PM
How do I use a regexp in Postfix alias table? quackking Linux - Server 11 04-13-2007 01:10 PM
postfix regexp question wijnands Linux - Newbie 1 06-03-2004 07:19 AM


All times are GMT -5. The time now is 01:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration