Postfix Global SMTP Rules (Regex) in headers and body:
Regex rules are designed to refuse the SMTP connexion according values found in specific headers.
In order to use this rules you must be familiar with Regular expressions.
When using Regex Rules, mail that matches rules will be rejected. You must understand that messages will be not saved into the quarantine area.
- Click on the Security Icon and select the Content Filtering tab.
- Click on Global SMTP Rules icon.
You have 3 main sections:
- Headers Rules: designed to find strings in the message SMTP header.
- Bodies rules: Designed to find strings in the Message Body - all after the headers
- MIME rules: Designed to find strings inside attached content of the message (the body parts).
On each section you can click on "Import predefined rules" in order to display examples and how rules can be set.
The table allows to play with some features:
- You can search rules by regex pattern or response flag.
- You can decide to notify you if a rule matches.
- You can enable or disable the rule by check the ENABLE checkbox.
The search engine allows "*" character in order to find the appropriate rule.
You can find the rule by pattern (the expression rule), Flags (the log set to this rule).
On the version 1.6060920 or above, you can find rule by ID.
In the Postfix log, if a rule matches, there will be an entry like :
said: 550 5.7.1 RULEID:5147 (in reply to end of DATA command)
To find the rule, just select ID in the drop-down list and put the numeric ID inside the Find field.
Actions on matched rules.
The main important think is to define what task the Postfix service will perform when a rule matches.
- Filter: After the message is queued, send the entire message through the specified external content filter.
The transport name specifies the first field of a mail delivery agent definition; the syntax of the next-hop destination is described in the manual page of the corresponding delivery agent.
- Hold: Arrange for the message to be placed on the hold queue, and inspect the next input line.
The message remains on hold until someone either deletes it or releases it for delivery.
Log the optional text if specified, otherwise log a generic message.
Mail that is placed on hold can be examined with the postcat command, and can be destroyed or released with the postsupe command.
- Ignore: Delete the current line from the input, and inspect the next input line.
- Info: Log an "info:" record with the optional text... (or log a generic text), and inspect the next input line.
This action is useful for routine logging or for debugging.
- Prepend: Prepend one line with the specified text, and inspect the next input line.
Notes:The prepended text is output on a separate line, immediately before the input that triggered the PREPEND action.
- Dunno: Pretend that the input line did not match any pattern, and inspect the next input line.
This action can be used to shorten the table search.
When prepending text before a message header line, the prepended text must begin with a valid message header label.
This action cannot be used to prepend multi-line text.
- Redirect to email address
Write a message redirection request to the queue file, and inspect the next input line.
After the message is queued, it will be sent to the specified address instead of the intended recipient(s).
Note: this action overrides the FILTER action, and affects all recipients of the message. If multiple REDIRECT actions fire, only the last one is executed.
- Replace: Replace the current line with the specified text, and inspect the next input line.
Notes:When replacing a message header line, the replacement text must begin with a valid header label.
The replaced text remains part of the input stream.
Unlike the result from the PREPEND action, a replaced message header may be subject to address rewriting and may affect the way that Postfix adds missing message headers.
- Reject: Reject the entire message.
Reply with optional text... when the optional text is specified, otherwise reply with a generic error message.
- Warn: Log a "warning:" record with the optional text (or log a generic text), and inspect the next input line.
This action is useful for debugging and for testing a pattern before applying more drastic actions.