I have a problem with Postfix. Recently we are receiving mail messages
with malformed "From:" headers as these:
From: "Name Surname <u...@good-domain.com>" <us...@bad-domain.com>
From: "u...@good-domain.com" <us...@bad-domain.com>
Ended up with a solution based on PCRE header checks, with these two regexp:
/^From:.+(".+<(.*@+.*)>").*<((?!\2).*)>$/ REJECT
/^From:.+("([^<>]*@+[^<>]*)").*<((?!\2).*)>$/ REJECT
Modified /etc/postfix/header_checks with these and then made a:
postmap /etc/postfix/header_checks
and reloaded postfix.
Seems to work ok and Postfix apparently handles the PCRE with no problem:
postmap -q 'From: "Name Surname <u...@good-domain.com>"
<us...@bad-domain.com>' pcre:/etc/postfix/header_checks
REJECT
postmap -q 'From: "u...@good-domain.com" <us...@bad-domain.com>'
pcre:/etc/postfix/header_checks
REJECT
But in real usage the mails are not being blocked.
Looking at the logs there are the following (repeated) errors:
Nov 22 10:52:19 mx1 postfix/cleanup[32087]: warning: regexp map
/etc/postfix/header_checks, line 497: Invalid preceding regular expression
Nov 22 10:52:19 mx1 postfix/cleanup[32087]: warning: regexp map
/etc/postfix/header_checks, line 498: Invalid preceding regular expression
The content of the /etc/postfix/header_checks file is the following (the
first 496 lines are comments):
/^From:.+(".+<(.*@+.*)>").*<((?!\2).*)>$/ REJECT
/^From:.+("([^<>]*@+[^<>]*)").*<((?!\2).*)>$/ REJECT
/^Subject:/ WARN
Additional info:
- There are no receive_override_options: the file is used as the subject
are correctly logged in logfile (last line of
/etc/postfix/header_checks). And the errors too shows the file is
handled by postfix.
- Tested the two regexp with multiple online services and they seems
correct: also the postmap -q tests shows they are working correctly.
- Version and operating system: Postfix 2.10.1 and PCRE 8.32 on a CentOS 7.7
Any idea why with postmap -q it shows REJECT but in real usage it
doesn't work?
Thanks,
Simone
