# Patch to pflogsumm to prevent report being flagged by body_check regex



## Ruler2112 (Mar 16, 2010)

I use the header and body checks to filter out a significant amount of spam.  As described in another thread, I simply add a rule or two whenever a spam or phishing message makes it through my blocks.  It's worked fantastically so far, blocking spam from being accepted at a very lost cost of CPU time.  However, I've run into a problem.

The e-mail server status report that's generated by cron runs pflogsumm to provide me a report of the mail statistics from the previous day.  In this, there are listed the complete patterns that match the regular expressions (if they're short enough) that I filter as spam.  (And who seriously says stuff like 'Best compliments of the day.' as a greeting?   )

Is there a way to exclude a given address from the header_checks and body_checks in Postfix?  I've searched via google and haven't been able to find a way, but am probably just missing it or mis-phrasing my search query because nothing applicable is turned up.


----------



## Ruler2112 (Mar 25, 2010)

I found a solution for this, more elegant than excluding an address from the body_checks.  I altered pflogsumm in order to include a command-line parameter that will replace the first few characters of the block message with <snip>, thereby eliminating the report from being caught by the body_check regex that caused the line to be included in the report to begin with.  After making the alterations to pflogsumm, I added --snip_cleanup_msgs to the periodic script that generates the report.

Here's a patch to pflogsumm 1.1.2 (current as of 2010-03-25):


```
201a202,208
>     --snip_cleanup_msgs
>                    Replaces the beginning of lines containing cleanup-type 
>                    messages with the text <snip>.  This avoids pflogsumm
>                    reports run from cron and e-mailed from being blocked
>                    with the Postfix body_checks expressions when one or
>                    more messages were bounced with the same expression.
> 
458c465
<        [file1 [filen]]
---
>        [--snip_cleanup_msgs] [file1 [filen]]
488a496
>     "snip_cleanup_msgs"  => \$opts{'snipCleanupWarnings'},
573a582,585
>   if(defined($opts{'snipCleanupWarnings'}))
>     {
>     $rejRmdr = "<snip>" . substr($rejRmdr, 5);
>     }
```

Note that this patch works perfectly for me.  However, I take no responsibility if you use it and it causes your computer to blow up, hard drive to be erased, oceans to rise, ice-caps to melt, a comet crash into the planet, or upset the stellar balance of the universe resulting in global annihilation.  In other words, use at your own risk.


----------



## Ruler2112 (Apr 12, 2010)

Version 1.1.3 of pflogsumm hit the ports tree a few days ago.  I finally had time to update this patch for the new version.


```
242a243,249
>     --snip_cleanup_msgs
>                    Replaces the beginning of lines containing cleanup-type
>                    messages with the text <snip>.  This avoids pflogsumm
>                    reports run from cron and e-mailed from being blocked
>                    with the Postfix body_checks expressions when one or
>                    more messages were bounced with the same expression.
> 
502c509
< 	[--zero_fill] [file1 [filen]]
---
> 	[--zero_fill] [--snip_cleanup_msgs] [file1 [filen]]
537a545
>     "snip_cleanup_msgs"        => \$opts{'snipCleanupWarnings'},
668a677,680
>   if(defined($opts{'snipCleanupWarnings'}))
>     {
>     $rejRmdr = "<snip>" . substr($rejRmdr, 5);
>     }
```


----------

