Postfix regex for smtpd_command_filter

Question

Some of my users are using Gmail to send mail to our domain (The mail server for which is hosted on a CentOS 5 machine with postfix). Sometimes, but not all the time, when they do, they get a bounceback similar to:

---------- Forwarded message ----------
From: Mail Delivery Subsystem <mailer-daemon@googlemail.com>
Date: Mon, Aug 19, 2013 at 9:12 AM
Subject: Delivery Status Notification (Failure)
To: user1@domain.com


Delivery to the following recipient failed permanently:

 user2@domain.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the       recipient domain domain.com by mail.domain.com. [xxx.xxx.xxx.xxx].

The error that the other server returned was:
502 5.5.2 Error: command not recognized

----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gmail.com; s=;
    h=mime-version:sender:in-reply-to:references:date:message-id:subject
     :from:to:content-type;
    bh=...=;
    b=...==
MIME-Version: 1.0
X-Received: by xxx.xxx.xxx.xxx with SMTP id ...;
 Mon, 19 Aug 2013 06:12:55 -0700 (PDT)
Sender: user1@gmail.com
Received: by xxx.xxx.xxx.xxx with HTTP; Mon, 19 Aug 2013 06:12:55 -0700 (PDT)
In-Reply-To: <...@mail.gmail.com>
References: <...@mail.gmail.com>
    <...@domain.com>
    <....gmail.com>
    <....gmail.com>
Date: Mon, 19 Aug 2013 09:12:55 -0400
X-Google-Sender-Auth: ...
Message-ID: <...@mail.gmail.com>
Subject: ...
From: <user1@domain.com>
To: <user2@domain.com>
Content-Type: multipart/alternative; boundary=...  

But the weird thing is, the mail still goes through...
Upon inspection of my maillogs, I see lines similar to:

Aug 19 9:12:36 domain postfix/smtpd[...]: connect from mail.google.com[xxx.xxx.xxx.xxx]
Aug 19 9:12:37 domain postfix/smtpd[...]: XXXX: mail.google.com[xxx.xxx.xxx.xxx]
Aug 19 9:12:37 domain postfix/smtpd[...]: warning: non-SMTP command from mail.google.com[xxx.xxx.xxx.xxx]:         h=mime-version:sender:in-reply-to:references:date:message-id:subject
Aug 19 9:12:37 domain postfix/smtpd[...]: disconnect from mail.google.com[xxx.xxx.xxx.xxx]  

It appears as though my mail server is interpreting the "h=mime" line as a command.
After some research, I followed this thread:

http://serverfault.com/questions/379964/postfix-unknown-command/380248#380248  

and I added the

smtpd_command_filter = pcre:/etc/postfix/bogus_commands  

parameter to my /etc/postfix/main.cf file, then added some regex to the bogus_commands file to try and replace any command beginning with

h=mime  

to

NOOP  

But, none of the regex I've tried seems to be working.
I have tried:

/^.*h=mime.*$/\s NOOP  

preg_replace(^.*h=mime.*$, NOOP, )  

/.*h=mime.*/ NOOP  

Can anyone help me find the proper syntax for the regex that I need for this to work? I'm not a regex expert by any means. I'm probably just doing something simple wrong. Any help you can provide is most appreciated.

Answer 1

In my particular case, it turns out I was using an incorrect version of postfix to try and implement the smtpd_command_filter parameter. After updating postfix to the latest version, everything is working fine now.