Re: _checks in a postfix instance?

[mouss]

Jannis Kafkoulas wrote:
Hi,
we're using postfix 2.3.8-2+b1 on a debian etch box with imss.
I wanted to reject all emails to the company ccc.com or ccc.net with a subject 
containing a specific string ("Subject: [xxx] " in this test. I also tried different variations).

So I created a new postfix instance on port 10023 where the 

no, you added an smtpd listener on 10023. you did not create a "new 
POSTFIX instance". a new postfix instance has its own config_directory 
(thus its own main.cf and master.cf), ... etc.


subject should be checked against the string of interest.
A filter directs all emails going to ccc.com to this instance.

if your filter gets mail after the queue, it should not reject. it's too 
late. otherwise, you generate backscatter and we hate you.



This instance receives the email but now it seems that the header_check doesn't 
work.

it doesn't work if you don't define them where they should be defined.

The regexp works fine when I'm testing a test file with the postmap command.

[snip]
mydomain = aaa.com

does "aaa.com" belong to you or this is a silly example? please don't 
hijack other people domains. if you want to hide your domain, use 
example.com and the like.

myhostname = postprx2.fw.aaa.com
mynetworks = localhost 10.6.7.90  10.6.7.91 10.6.7.92 10.8.66.138 10.8.66.164 
10.8.67.2...

what is "10.8.67.2..."? ok, I guess I see. but please remove "localhost" 
and put 127.0.0.1.

smtpd_banner = $myhostname ESMTP - much luck!

do you find this funny? keep your imagination for constructive tasks. 
leave the banner as clean as you found it.

ccc_recipient_access.cf:
=========================
ccc.net        FILTER smtp:[127.0.0.1]:10023
ccc.com        FILTER smtp:[127.0.0.1]:10023


per recipient FILTER is the wrong approach. only _ONE_ filter is used 
for each message, even if there are multiple recipients.


header_checks_NR.cf
===================
# Filter classified messages
/^Subject:.*\[xxxx\].*/  WARN  TEST rejecting [xxxx] mails ccc.com, ccc.net


".*" at the end of a regular expression is useless. /foo/ and /foo.*/ 
match the same things.



# ( testing on port 26! ) 
ccc-smtp inet  n  -  n  -    -      smtpd -D
[127.0.0.1]:10023 inet  n  -  n  -  -  smtpd -D

why do you put brakets ('[' and ']') here?

   -o header_checks=regexp:/etc/postfix/header_checks_NR.cf

This is useless. header_checks are checked by cleanup, not by smtpd.