0

I have a body_checks file for postfix.

Unfortunately I rarely, but sometimes important mails are not received, because they are rejected by the body_checks, although there should be no match. Here is my body_checks file:

body_checks = pcre:/etc/postfix/body_checks

/xxlady/                               REJECT
/Aktfotos/                             REJECT
/betrogen/                             REJECT
/Anlageempfehlung/                     REJECT
/Porno/                                REJECT
/Pornovideo/                           REJECT
/Pfund/                                REJECT
/Wohltatigkeitsorganisation/           REJECT
/TronTee/                              REJECT
/90offbags/                            REJECT
/90offsunglasses/                      REJECT
/porn/                                 REJECT
/masturbieren/                         REJECT
/CPF\s057\s200\s664\s645/              REJECT
/CPF\s057\sxxx\sxxx\s645/              REJECT
/CPF\sO57\s2OO\s664\s645\./            REJECT
/Pu\$\$y/                              REJECT
/S#x/                                  REJECT
/Bitcoin-Wallet/                       REJECT
/track-paket-149/                      REJECT
/dhl-paket-track/                      REJECT
/asfona\.net/                          REJECT
/Ihr\sDHL-Team/                        REJECT
/Stockwell-London/                     REJECT
/Ray\sBan\sSunglasses\s2023\sStyle/    REJECT
/Bored\sApe/                           REJECT
/www\.85off-lv\.com/                   REJECT
/https:\/\/www\.85off-lv\.com/         REJECT
/Temps\sde\slecture/                   REJECT
/Spendencode/                          REJECT
/Viagra\sPrice/                        REJECT
/McAfeefor/                            REJECT
/McAfee/                               REJECT
/breercecet/                           REJECT
/WANCZYK/                              REJECT
/tinyurl/                              REJECT
/pessinastefano986/                    REJECT

The error message I receive is:

2024-04-08T10:33:45.983819+02:00 admin postfix/cleanup[1414013]: 37595320177: reject: body ImTpT+mI0EwcUpHvMLuJSvUWb7mYBmN1zQpOrN0o7X6ipZgpUna92TxyHzObekdTa8IwZkqmS9fO from o4.transactional.digitecgalaxus.ch[168.245.116.150]; from=<bounces+12270525-14cf-kontakt=rafaelbetz.de@em1070.notifications.galaxus.de> to=<[email protected]> proto=ESMTP helo=<o4.transactional.digitecgalaxus.ch>: 5.7.1 message content rejected

I don't get what this crypted body ImTpT+mI0EwcUpHvMLuJSvUWb7mYBmN1zQpOrN0o7X6ipZgpUna92TxyHzObekdTa8IwZkqmS9fO is and why it gets rejected. But the mail was definitely legit.

2
  • This is some base64-encoded hash of something. Oh, by the way, what was your question? Commented May 21 at 15:23
  • Oh sorry, my question is how can I find out what exactly is being blocked so I can remove that from the filter and learn.
    – Rafael
    Commented May 21 at 17:38

1 Answer 1

1

You can add unique custom reject codes to your regexps. Then, by seeing which code appeared in logs, you can find out what regexp matched.

Something like this:

/xxlady/    REJECT 5.7.1 message body rejected (dac1d073-3128-4f9f-8b49-d49ffaf27898)
/Aktfotos/  REJECT 5.7.1 message body rejected (b323abb6-52ff-4ba3-99b9-4bd3c73933ac)
...

I used a random UUID generator; you may use any approach, just make sure your random identifiers are unique (within the body checks) and aren't related to actual filter strings.

See man 5 header_checks for details (yes, body_checks are described on that manual page too).

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .