> I just installed Postfix and one of the features I couldn't wait
to use is
> the UCE controls - specifically, header_checks and body_checks.
> seems to be working very well in bagging a lot of crap that used
to fill my
> Only one hitch... I run logcheck (the utility that scans the log
> periodically and sends "interesting" entries to an email address -
> case, once per hour). Now, when Postfix discovers UCE via a body
> puts part of the match into the log message. When logcheck picks
> entry and puts it in the body of its own message, the logcheck
> also bagged as UCE, and rejected.
> Has anyone encountered this? I tried putting a header check that
> accept the message, but it doesn't help as body checks are still
run and it
> kicks it out.
> My workaround is to tell logcheck to ignore those entries, but I'd
> be getting that information. Has anyone dealt with this issue? It
> nice for an unconditional ACCEPT in either header or body checks -
> it matches here, accept it and don't do any more checks on this
Many of us have had that same problem using the pflogsumm.pl
program, but there are a couple workarounds.
This is kind of tricky to do, but if you can figure out a common
component of the lines you wish to pass, you can put an OK rule in
your body_checks at the beginning of the file, before the lines that
would otherwise match and reject the message. This will allow those
lines to pass.
For this to be effective, you need to make it as restrictive as
possible, i.e. try to make it only pass your log entries without
missing stuff you really intend to block.
Maybe something like:
/hostname postfix\/cleanup\[ .* reject: body/ OK
where hostname is your local hostname reported in your log. You
might need to adjust this depending on what your log entries look
The other things you can do are zip or uuencode the log entry and
send it as an attachment with mutt, or you can use some perl module
to mime encode it.
To unsubscribe, send mail to majo...@postfix.org with content
(not subject): unsubscribe postfix-users