I've set up a postfix instance
[127.0.0.1]:10003 inet n - n - - smtpd
-o syslog_name=postfix/after-filters
...
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings,no_milters
-o content_filter=relay-internal:[internal-mx.example.com]:10001
which relays after all pre-queue filters, and final queuing via
relay-internal unix - - n - - smtp
...
Mail flows as intended.
I'd like to do a final pcre header check BEFORE doing the relay, REJECTing on
match of a X-Spam-Level header if/when set by ANY prior, pre-Q filter.
reading
http://www.postfix.org/postconf.5.html
where
cat /usr/local/etc/postfix/spamlevel.pcre
/X-Spam-Level: \*{10,}/ REJECT TEST
I note that for SMTP body checks, REJECT action
This feature is not supported with smtp header/body checks.
Instead, trying
http://www.postfix.org/postconf.5.html#milter_header_checks
, editing the instance config
[127.0.0.1]:10003 inet n - n - - smtpd
...
- -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings,no_milters
+ -o milter_header_checks=pcre:/usr/local/etc/postfix/spamlevel.pcre
-o content_filter=relay-internal:[internal-mx.example.com]:10001
after service restart, non-spam mail still flows as expected.
BUT, so does tagged mail with X-Spam-Level > 10*; it's passed as well; i.e.,
NOT matched/REJECTed.
The final/received email is verified as tagged with
X-Spam-Level: ******************************
which i'd hoped would match the regex, get the REJECT, and prevent the relay.
There's no obvious postfix error in logs.
Is my usage here wrong? If so, what's the problem/fix?
or am i trying to use the wrong tool with 'milter_header_checks' ?
