Here's my /etc/postfix/main.cf header_checks line:
header_checks = regexp:/etc/postfix/maps/header_checks
And here is header_checks:
/From:.*email@my\.com.(\n|.)*?To:.*email@my\.com./ DISCARD
Here's portion of the header from the emails I'm trying to match:
Received: from localhost (localhost [127.0.0.1])
by mail.server.com (Postfix) with ESMTP id 690649204C0
for <[email protected]>; Mon, 7 Nov 2022 13:27:00 -0600 (CST)
From: "White Carb Tricks" <[email protected]>
To: "email" <[email protected]>
Subject: Clear artery-blocking plaque overnight
Date: Mon, 7 Nov 2022 09:42:42 -0600
As you can see I'm trying to match when spammers spoof the "For" and the "To" to look like the user sent it.
If I test the regular expression in header_checks via an online regex tool it matches the "From" and "To" lines like I want.
When I do:
postmap -q $'From: "White Carb Tricks" <[email protected]>\r\nTo: "email" <[email protected]>' regexp:/etc/postfix/maps/header_checks
It returns "DISCARD" as expected.
When I paste the header text into a test file and test it like this:
postmap -q - regexp:/etc/postfix/maps/header_checks < /etc/postfix/maps/regex-test
...it returns blank.
I should note that Postfix isn't discarding them either. The user keeps getting the emails.
I also changed this in master.cf:
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
to
-o receive_override_options=no_unknown_recipient_checks,no_address_mappings
...based on another thread I read.
Any ideas what I'm doing wrong? Is it my regex in header_checks?