Here’s my /etc/postfix/main.cf header_checks line:
header_checks = regexp:/etc/postfix/maps/header_checks
And here is header_checks:
Here’s portion of the header from the emails I’m trying to match:
Received: from localhost (localhost [127.0.0.1]) by mail.server.com (Postfix) with ESMTP id 690649204C0 for <email@example.com>; Mon, 7 Nov 2022 13:27:00 -0600 (CST) From: "White Carb Tricks" <firstname.lastname@example.org> To: "email" <email@example.com> Subject: Clear artery-blocking plaque overnight Date: Mon, 7 Nov 2022 09:42:42 -0600
As you can see I’m trying to match when spammers spoof the “For” and the “To” to look like the user sent it.
If I test the regular expression in header_checks via an online regex tool it matches the “From” and “To” lines like I want.
When I do:
postmap -q $'From: "White Carb Tricks" <firstname.lastname@example.org>\r\nTo: "email" <email@example.com>' regexp:/etc/postfix/maps/header_checks
It returns “DISCARD” as expected.
When I paste the header text into a test file and test it like this:
postmap -q - regexp:/etc/postfix/maps/header_checks < /etc/postfix/maps/regex-test
…it returns blank.
I should note that Postfix isn’t discarding them either. The user keeps getting the emails.
I also changed this in master.cf:
…based on another thread I read.
Any ideas what I’m doing wrong? Is it my regex in header_checks?
Read more here: Source link