Reputation: 21
postfix header_checks pcre (lookahead)
Currently a lot of spam mails containing links to trojans go around. This mails are relativ good fakes, they mostly look like legitimate delivery announcements from delivery services like UPS or DHL.
But there is one significant difference: Legitimate mails, e. g. from DHL have a from like From: "DHL name"<[email protected]>
The trojans from is like "DHL name"<name@any_domain.tld>
So I want to block any mail, which starts with From: "DHL, but has any other domain but dhl after the @.
I think, that the following lookahead should fit: /^From: "dhl(?!.*@dhl)/ REJECT No trojans please
Don't work.
Afaik the regexes in header_checks are not case-senitive. To avoid any confusion with special characters like " and @, I tried the more simple form From: .dhl(?!.*dhl)
Don't work either.
Is there something wrong with my regex, or with my understanding of pcre's in postfix?
Upvotes: 0
Views: 1654
Answers (1)
Reputation: 21
Solved! The problem was my own fault. In main.cf, header_checks was bound in as regexp: rather than pcre: so it did not support the enhanced syntax of PCRE.
Upvotes: 2
Related Questions
- Avoid negative lookahead regex in mail spam detection
- Broken syntax in Postfix header_checks
- Postfix header checks multiple actions
- POSTFIX header checks with TO and FROM conditions
- Postfix header_checks leading whitespace in regex
- Postfix Body Checks Regex Example Needed
- Regex - Negative Lookahead
- postfix regex change for subject headers
- PCRE - Negative Lookahead
- How to convert a regex from PCRE to POSIX format, that warns about repetition-operator operand invalid?