regex – Regexp header_checks in postfix for a match over multiple lines

Here’s my /etc/postfix/main.cf header_checks line:

header_checks = regexp:/etc/postfix/maps/header_checks

And here is header_checks:

/From:.*email@my\.com.(\n|.)*?To:.*email@my\.com./     DISCARD

Here’s portion of the header from the emails I’m trying to match:

Received: from localhost (localhost [127.0.0.1])
    by mail.server.com (Postfix) with ESMTP id 690649204C0
    for <email@my.com>; Mon,  7 Nov 2022 13:27:00 -0600 (CST)
From: "White Carb Tricks" <email@my.com>
To: "email" <email@my.com>
Subject: Clear artery-blocking plaque overnight
Date: Mon, 7 Nov 2022 09:42:42 -0600

As you can see I’m trying to match when spammers spoof the “For” and the “To” to look like the user sent it.

If I test the regular expression in header_checks via an online regex tool it matches the “From” and “To” lines like I want.

regex produces one match when applied to the full email headers

When I do:

postmap -q $'From: "White Carb Tricks" <email@my.com>\r\nTo: "email" <email@my.com>' regexp:/etc/postfix/maps/header_checks

It returns “DISCARD” as expected.

When I paste the header text into a test file and test it like this:

postmap -q - regexp:/etc/postfix/maps/header_checks < /etc/postfix/maps/regex-test 

…it returns blank.

I should note that Postfix isn’t discarding them either. The user keeps getting the emails.

I also changed this in master.cf:

-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

to

-o receive_override_options=no_unknown_recipient_checks,no_address_mappings

…based on another thread I read.

Any ideas what I’m doing wrong? Is it my regex in header_checks?

Read more here: Source link