Postfix Regexp lookahead body check
I am trying to have my Postfix server block emails that contain links that are highly likely to be spam - specifically links that contain a format similar to mysite.com.something.dn where the recipient is supposed to be fooled into thinking it's mysite.com when in reality it is something else. i am trying to use a regexp in the body check to do this, but for some reason it is not working. initially, i tried blocking using /.*http:.*?\.(com|org)\./ which worked but found that there were legitimate sites that contained mysite.com.com. As a result, i decided to only block emails that contained a standard root domain but did not end with that actual root domain: /.*http:.*?\.(com|org)\.(?!(com|org)).*/ (any link containing .com or .org not followed by .com or .org. It's primitive, I know, but for my operation it would be effective and i am prepared to take the risk of false positives. Unfortunately, this is not working. I debugged the mail going through and it clearly contained an entry which should have matched but didn't. Does Postfix have the ability to perform a negative lookahead in a regexp?
Here's the line from my config file:
body_checks = regexp:/etc/postfix/body_checks
Any help would be greatly appreciated.