Body_checks and LogCheck conflict

0 Aufrufe
Direkt zur ersten ungelesenen Nachricht

Noel Jones

ungelesen,
01.09.2002, 23:34:4201.09.02
an

----- Original Message -----
From: "Stephen McHenry" <post...@softi.com>
To: <postfi...@postfix.org>
Sent: Sunday, September 01, 2002 9:05 PM
Subject: Body_checks and LogCheck conflict


> I just installed Postfix and one of the features I couldn't wait
to use is
> the UCE controls - specifically, header_checks and body_checks.
Postfix
> seems to be working very well in bagging a lot of crap that used
to fill my
> inbox.
>
> Only one hitch... I run logcheck (the utility that scans the log
files
> periodically and sends "interesting" entries to an email address -
in my
> case, once per hour). Now, when Postfix discovers UCE via a body
check, it
> puts part of the match into the log message. When logcheck picks
up the
> entry and puts it in the body of its own message, the logcheck
message is
> also bagged as UCE, and rejected.
>
> Has anyone encountered this? I tried putting a header check that
would
> accept the message, but it doesn't help as body checks are still
run and it
> kicks it out.
>
> My workaround is to tell logcheck to ignore those entries, but I'd
rather
> be getting that information. Has anyone dealt with this issue? It
would be
> nice for an unconditional ACCEPT in either header or body checks -
i.e., if
> it matches here, accept it and don't do any more checks on this
message.
>

Many of us have had that same problem using the pflogsumm.pl
program, but there are a couple workarounds.

This is kind of tricky to do, but if you can figure out a common
component of the lines you wish to pass, you can put an OK rule in
your body_checks at the beginning of the file, before the lines that
would otherwise match and reject the message. This will allow those
lines to pass.
For this to be effective, you need to make it as restrictive as
possible, i.e. try to make it only pass your log entries without
missing stuff you really intend to block.

Maybe something like:

/hostname postfix\/cleanup\[ .* reject: body/ OK

where hostname is your local hostname reported in your log. You
might need to adjust this depending on what your log entries look
like.

The other things you can do are zip or uuencode the log entry and
send it as an attachment with mutt, or you can use some perl module
to mime encode it.

--
Noel Jones

-
To unsubscribe, send mail to majo...@postfix.org with content
(not subject): unsubscribe postfix-users

Allen antworten
Dem Autor antworten
Weiterleiten
0 neue Nachrichten