HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=29)
-   -   Postfix regex (http://www.howtoforge.com/forums/showthread.php?t=50815)

cyrus1977 5th January 2011 22:11

Postfix regex
 
Maybe a good idea for a thread.
Post your regex examples here in this thread, so others can benefit.

falko 6th January 2011 15:16

This is from the ISPConfig 3 Manual - these are regular expressions for Postfix header and body checks:

Code:

Regexp. Pattern:          Filter Type:          Explanation:
/^Subject: .*Make Money Fast!/        Header Filter        Searches for the string Make Money Fast! in the Subject line.
/name=[^>]*\.(bat|com|exe|dll)/        MIME-Header Filter        This will match all messages that have attachments whose files end in .bat, .com, .exe or .dll.
/^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/        Body Filter        Body pattern to stop a specific HTML browser vulnerability exploit.
/^From: joe@example.com/        Header Filter        Matches all messages sent by joe@example.com.
/^From: .*@example.com/        Header Filter        Matches all messages sent from the example.com domain.
/Real Bad Words/        Body Filter        This matches "real bad words" in any case (upper, lower, or mixed).
/^Date: .* 200[0-2]/        Header Filter        This matches all emails sent in the years 2000 - 2002.
/^Date: .* 19[0-9][0-9]/        Header Filter        This matches all emails sent between 1900 and 1999.
/^To: postmaster@yourdom.ain/        Header Filter        Matches all messages sent to postmaster@yourdom.ain.


cyrus1977 7th January 2011 23:08

thank but actually i was more looking for custom filters other users made.

Here is a more fine tuned one out of the manual:

Regexp. Pattern: Filter Type: Explanation:
/^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(bat|exe|scr |lnk|com))(\?=)?"?\s*(;|$)/x MIME-Header Filter This will match all messages that have attachments whose files end in .bat, .com, .exe or .dll.


What i dont understand is what the difference is betwee reject (does a warning go out), ignore and discard.

Can you shed some light on it ?

Added two cronjobs aswell related to messages who where hold.

10 2 * * * find /var/lib/amavis/virusmails/ -type f -mtime +31 -exec rm {} \;
15 2 * * * find /var/lib/amavis/tmp/ -type f -mtime +31 -exec rm -r {} \;

manarak 11th October 2014 11:30

This is an excellent idea for a thread, and I'm disappointed nobody contributes.

The documentation expects the user to know how to use regex, which is far from being straightforward even in simple cases such as making a list of words.

example for a list of words for the body filter, case-insensitive, with and without spaces:

Code:

/badword1|badword2|bad word/i
this is a cool tool to test regexp:
http://www.gethifi.com/tools/regex

kephra 24th October 2014 01:27

Here are mine:
This rejects all mail from non-US sites and gets rid of almost all spam
/(from|reply-to|helo).+?<.+?(\.\w+(?<!com|org|net|edu|gov)>)/ REJECT

This one rejects mail with no from, message-id, or helo
/(from|message-id|helo).+?<>/

Get rid of russian and chinese spam
/(GB2312|koi[78]-r)/ DISCARD

These three header filters gets rid of most of my spam.


All times are GMT +2. The time now is 01:11.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.