Stopping spam from a specifig subnet (relayed through a freemailprovider)
in [Postfix]
|
From: Noel Jones on 5 May 2010 13:39 On 5/5/2010 12:00 PM, Laurent CARON wrote: > Hi, > > I'm basically trying to protect my users from the following: > > Spam > - Sent from accounts hosted on freemail providers (yahoo, ...) > - Originating from AfriNIC ranges > - Tergetted at several dozen of users > > The headers look like this: > Received: from [41.207.213.162] by web1104.biz.mail.sk1.yahoo.com via HTTP; Tue, 04 May 2010 14:44:20 PDT > > > It is fairly trivial to block suck things via a header access map > > if > /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ > /\b(41\.\d+\.\d+\.\d+)\b/ REJECT regional junk 001 #Africa > endif > > Some of my users receive a few legitimate emails from Africa. > > Apart from using a policy server, can postfix natively be configured to > acheive this goal ? Policy servers don't have access to headers. Header_checks apply to all mail with no exceptions. Sounds as if you need amavisd-new + SpamAssassin. -- Noel Jones
From: Brian Evans - Postfix List on 5 May 2010 13:44 On 5/5/2010 1:10 PM, Louis-David Mitterrand wrote: > On Wed, May 05, 2010 at 07:00:37PM +0200, Laurent CARON wrote: > >> Hi, >> >> I'm basically trying to protect my users from the following: >> >> Spam >> - Sent from accounts hosted on freemail providers (yahoo, ...) >> - Originating from AfriNIC ranges >> - Tergetted at several dozen of users >> >> The headers look like this: >> Received: from [41.207.213.162] by web1104.biz.mail.sk1.yahoo.com via HTTP; Tue, 04 May 2010 14:44:20 PDT >> >> >> It is fairly trivial to block suck things via a header access map >> >> if >> /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ >> /\b(41\.\d+\.\d+\.\d+)\b/ REJECT regional junk 001 #Africa >> endif >> >> Some of my users receive a few legitimate emails from Africa. >> > You could try this in /etc/postfis/header_checks > > if /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ > if !/^(X-Original-)?To:[^@]*(africanspamlover1|africanspamlover2|etc..)@/ > /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1 > /\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2 > .. and all other rules ... > endif > endif > > This will not work. Postfix analyzes headers one at a time. You cannot check multiple headers at once in header_checks. You need a milter or other filter to do that.
From: Tom Hendrikx on 6 May 2010 05:15 On 06/05/10 10:58, Louis-David Mitterrand wrote: > On Wed, May 05, 2010 at 01:44:54PM -0400, Brian Evans - Postfix List wrote: >>>> >>> You could try this in /etc/postfis/header_checks >>> >>> if /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ >>> if !/^(X-Original-)?To:[^@]*(africanspamlover1|africanspamlover2|etc..)@/ >>> /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1 >>> /\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2 >>> .. and all other rules ... >>> endif >>> endif >>> >> This will not work. >> Postfix analyzes headers one at a time. >> You cannot check multiple headers at once in header_checks. >> You need a milter or other filter to do that. > > Could this be entered as a postfix wishlist item then? A 'm' flag to > pcre_table that would match on the whole headers (instead of > line-by-line), akin to Perl's 'm' regexp flag: > > m Treat string as multiple lines. That is, change "^" and "$" from > matching the start or end of the string to matching the start or > end of any line anywhere within the string. > > It would be very powerful, yet retain the ability to match on any > individual header line with ^ and $ anchors. > Hi, I think that postfwd can do all of this already, working as a policy daemon. See http://www.postfwd.org/ No need to complicate postfix any further: it is an MTA, and should concentrate on mail delivery. There is a reason that you can hook up a myriad of external tools into postfix. -- Regards, Tom
From: Noel Jones on 6 May 2010 07:29 On 5/6/2010 4:15 AM, Tom Hendrikx wrote: > On 06/05/10 10:58, Louis-David Mitterrand wrote: >> On Wed, May 05, 2010 at 01:44:54PM -0400, Brian Evans - Postfix List wrote: >>>>> >>>> You could try this in /etc/postfis/header_checks >>>> >>>> if /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ >>>> if !/^(X-Original-)?To:[^@]*(africanspamlover1|africanspamlover2|etc..)@/ >>>> /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1 >>>> /\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2 >>>> .. and all other rules ... >>>> endif >>>> endif >>>> >>> This will not work. >>> Postfix analyzes headers one at a time. >>> You cannot check multiple headers at once in header_checks. >>> You need a milter or other filter to do that. >> >> Could this be entered as a postfix wishlist item then? A 'm' flag to >> pcre_table that would match on the whole headers (instead of >> line-by-line), akin to Perl's 'm' regexp flag: >> >> m Treat string as multiple lines. That is, change "^" and "$" from >> matching the start or end of the string to matching the start or >> end of any line anywhere within the string. >> >> It would be very powerful, yet retain the ability to match on any >> individual header line with ^ and $ anchors. >> > > Hi, > > I think that postfwd can do all of this already, working as a policy > daemon. See http://www.postfwd.org/ > > No need to complicate postfix any further: it is an MTA, and should > concentrate on mail delivery. There is a reason that you can hook up a > myriad of external tools into postfix. > > -- > Regards, > Tom No, postfwd cannot examine message headers; policy services do not have access to headers. You must use a content_filter, proxy, or milter to process message contents. -- Noel Jones
|
Pages: 1 Prev: Allowing e-mails to be relayed from a dynamic IP Next: content_file pipe args question |