Postfix Global SMTP Rules (Regex) in headers and body:

Regex rules are designed to refuse the SMTP connexion according values found in specific headers.
In order to use this rules you must be familiar with Regular expressions.
When using Regex Rules, mail that matches rules will be rejected. You must understand that messages will be not saved into the quarantine area.

  • Click on the Security Icon and select the Content Filtering tab.
  • Click on Global SMTP Rules icon.

09-06-2012_19-25-59.png

You have 3 main sections:

  • Headers Rules: designed to find strings in the message SMTP header.
  • Bodies rules: Designed to find strings in the Message Body - all after the headers
  • MIME rules: Designed to find strings inside attached content of the message (the body parts).

On each section you can click on "Import predefined rules" in order to display examples and how rules can be set.

09-06-2012_19-29-46.png

The table allows to play with some features:

  • You can search rules by regex pattern or response flag.
  • You can decide to notify you if a rule matches.
  • You can enable or disable the rule by check the ENABLE checkbox.

The search engine allows "*" character in order to find the appropriate rule.
You can find the rule by pattern (the expression rule), Flags (the log set to this rule).

09-06-2012_20-04-48.png

On the version 1.6060920 or above, you can find rule by ID.
In the Postfix log, if a rule matches, there will be an entry like :

said: 550 5.7.1 RULEID:5147 (in reply to end of DATA command)

 To find the rule, just select ID in the drop-down list and put the numeric ID inside the Find field.

09-06-2012_19-34-29.png

 

Actions on matched rules.

The main important think is to define what task the Postfix service will perform when a rule matches.

09-06-2012_19-41-29.png

  • Filter: After the message is queued, send the  entire  message through the specified external content filter.
    The transport name specifies the first field  of  a mail  delivery  agent  definition; the syntax of the next-hop destination is described  in the  manual  page  of  the  corresponding  delivery agent.

  • Hold: Arrange  for  the  message to be placed on the hold queue, and inspect the next input line.
    The  message  remains  on hold until someone either deletes it or releases it for delivery.
    Log  the  optional text if specified, otherwise log a generic message.
    Mail that is placed on hold can  be  examined  with the  postcat  command,  and  can be destroyed or released with the postsupe command.

  • Ignore: Delete the current line from the input, and inspect the next input line.

  • Info: Log an "info:" record with the optional text... (or log  a  generic  text),  and inspect the next input line.
    This action is useful for routine logging  or for debugging.

  • Prepend: Prepend one  line  with  the  specified  text,  and inspect the next input line.
    Notes:The  prepended  text is output on a separate line,  immediately  before  the  input  that triggered the PREPEND action.
  • Dunno: Pretend  that the input line did not match any pattern, and inspect the next input line.
    This  action can be used to shorten the table search.
    When prepending text before a message header line, the prepended text must begin  with  a valid message header label.
    This action cannot be used to prepend multi-line text.

  • Redirect to email address
    Write a message redirection request  to  the  queue file,  and  inspect  the next input line.
    After the message is queued, it will be sent to the specified address instead of the intended recipient(s).
    Note:  this action overrides the FILTER action, and affects all recipients of the message. If  multiple REDIRECT  actions  fire,  only the last one is executed.

  • Replace: Replace the current line with the  specified  text, and inspect the next input line.
    Notes:When  replacing  a  message header line, the replacement text must  begin  with  a  valid header label.
    The  replaced text remains part of the input stream.
    Unlike the result from  the  PREPEND action,  a  replaced  message  header may be subject to address rewriting and may  affect the  way  that  Postfix adds missing message headers.

  • Reject: Reject the  entire  message. 
    Reply  with  optional text... when the optional text is specified, otherwise reply with a generic error message.

  • Warn: Log a "warning:" record with the  optional  text (or log a generic text), and inspect the next input line.
    This action is useful for debugging  and  for testing  a  pattern  before  applying  more drastic actions.