Problem filtering broken PGP mail with body_checks
Im trying to filter broken PGP mail into usable mail with body checks. I have selected to use pcre: when defining body_checks. The problem is that certain PGP useragents, inserts a \r charachter, a tab, space, or any other whitespace char immediately before or after the “-BEGIN PGP MESSAGE-“ header. So the rule is as follows: /[ \t\r\f]*-(BEGIN|END)([^-]*)-[ \t\r\f]*/ REPLACE -$1$2- The problem with this, is that this removed the whole body of the mail except for the -BEGIN PGP MESSAGE- line. What are im doing wrong? I have tried with different flags like /s or /si and such, but still it removes the whole body. I want it to scan line for line and process it. smime.p7s Description: S/MIME Cryptographic Signature
Re: Problem filtering broken PGP mail with body_checks
On 12/09/15 06:29, Sebastian Nielsen wrote: > So the rule is as follows: > /[ \t\r\f]*-(BEGIN|END)([^-]*)-[ \t\r\f]*/ REPLACE -$1$2- > > The problem with this, is that this removed the whole body of the mail > except for the -BEGIN PGP MESSAGE- line. > > What are im doing wrong? I have tried with different flags like /s or > /si and such, but still it removes the whole body. > I want it to scan line for line and process it. This is just a wild guess on my part, but could that possibly be matching: > -BEGIN BLAH- ^^^ > yadda yadda yadda ^ > -END BLAH- ^ and giving you: $1="BEGIN", $2=" BLAH-\r\nyadda yadda yadda\r\n-END BLAH"? What happens if you try /[ \t\r\f]*-(BEGIN|END)([A-Z ]*)-[ \t\r\f]*/ REPLACE -$1$2- instead? -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Re: Problem filtering broken PGP mail with body_checks
On 12/09/15 08:24, Stuart Longland wrote: > This is just a wild guess on my part, but could that possibly be matching: > >> > -BEGIN BLAH- >^^^ >> > yadda yadda yadda > ^ >> > -END BLAH- > ^ > > and giving you: $1="BEGIN", $2=" BLAH-\r\nyadda yadda > yadda\r\n-END BLAH"? And as most wild guesses, they can be wildly inaccurate. Just realised what the substitution would look like in that case. Apologies for the noise. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. signature.asc Description: OpenPGP digital signature
Re: Problem filtering broken PGP mail with body_checks
Yep. On top of that: ([^-]*) means any charachter except for -, so it shouldn't match any -, and thus $2 cannot contain the charachter "-" at all. I suspect that postfix in some way matches the whole message in once, and when the REPLACE word is given, the whole message, even including parts of message that does not match the regexp, are replaced by the "REPLACE". But I tried with (.*) before and after, and added $1 to the beginning and $4 to the end, and also changed $1$2 to $2$3, but that didnt help. -Ursprungligt meddelande- From: Stuart Longland Sent: Saturday, September 12, 2015 12:29 AM To: postfix-users@postfix.org Subject: Re: Problem filtering broken PGP mail with body_checks [Invalid] On 12/09/15 08:24, Stuart Longland wrote: This is just a wild guess on my part, but could that possibly be matching: > -BEGIN BLAH- ^^^ > yadda yadda yadda ^ > -END BLAH- ^ and giving you: $1="BEGIN", $2=" BLAH-\r\nyadda yadda yadda\r\n-END BLAH"? And as most wild guesses, they can be wildly inaccurate. Just realised what the substitution would look like in that case. Apologies for the noise. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. smime.p7s Description: S/MIME Cryptographic Signature
Re: Problem filtering broken PGP mail with body_checks
On 12/09/15 08:31, Sebastian Nielsen wrote: > Yep. On top of that: ([^-]*) means any charachter except for -, so it > shouldn't match any -, and thus $2 cannot contain the charachter "-" at > all. > > I suspect that postfix in some way matches the whole message in once, > and when the REPLACE word is given, the whole message, even including > parts of message that does not match the regexp, are replaced by the > "REPLACE". But I tried with (.*) before and after, and added $1 to the > beginning and $4 to the end, and also changed $1$2 to $2$3, but that > didnt help. Indeed, does it dump the email body content for *all* emails or just the ones with inline PGP? If not, a possible rule: /[ \t\r\f]*-BEGIN ([^-]*)-[ \t\r\f]*(.*)-END \1-/ REPLACE -BEGIN $1-\r$2-END $1- That should preserve the content inside the PGP message (probably discarding anything outside). You want to avoid changing things between BEGIN and END though because that might cause signature invalidation. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. signature.asc Description: OpenPGP digital signature
