> > /^Received:\s+from\s+domain\.example\s+/ ... I may be the least expert on this list so take what I say with a grain of salt. But this observation may be helpful:
I have seen several cases where there was no space between the "Header-name:" and the header value. In particular, I have seen this in both the From: and Message-ID: headers. I know this because I wrote a little script to read a mail file and report the From:, To:, Subject:, and Message-ID: values on some mailboxes I was watching. My script expected a space after the "Header-name". Occasionally it would return null for a header value. Looking at the actual mail file, I found it to be missing the space after the header name. In all cases that I'm aware of, the messages were handled just fine by Postfix. I don't know if the same is true of Received: header since my script wasn't looking at that header line. My point: perhaps you want to use :\s* instead of :\s+ or else you might miss an occasional message. Michael
