Stopping spam from a specifig subnet (relayed through afreemail provider)
in [Postfix]
|
From: Louis-David Mitterrand on 5 May 2010 13:10 On Wed, May 05, 2010 at 07:00:37PM +0200, Laurent CARON wrote: > Hi, > > I'm basically trying to protect my users from the following: > > Spam > - Sent from accounts hosted on freemail providers (yahoo, ...) > - Originating from AfriNIC ranges > - Tergetted at several dozen of users > > The headers look like this: > Received: from [41.207.213.162] by web1104.biz.mail.sk1.yahoo.com via HTTP; Tue, 04 May 2010 14:44:20 PDT > > > It is fairly trivial to block suck things via a header access map > > if > /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ > /\b(41\.\d+\.\d+\.\d+)\b/ REJECT regional junk 001 #Africa > endif > > Some of my users receive a few legitimate emails from Africa. You could try this in /etc/postfis/header_checks if /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ if !/^(X-Original-)?To:[^@]*(africanspamlover1|africanspamlover2|etc..)@/ /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1 /\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2 .. and all other rules ... endif endif (the indent is purely for clarity. Not sure postfix accepts it.) -- http://www.cruisefish.net
From: Louis-David Mitterrand on 6 May 2010 04:58 On Wed, May 05, 2010 at 01:44:54PM -0400, Brian Evans - Postfix List wrote: > >> > > You could try this in /etc/postfis/header_checks > > > > if /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ > > if !/^(X-Original-)?To:[^@]*(africanspamlover1|africanspamlover2|etc..)@/ > > /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1 > > /\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2 > > .. and all other rules ... > > endif > > endif > > > This will not work. > Postfix analyzes headers one at a time. > You cannot check multiple headers at once in header_checks. > You need a milter or other filter to do that. Could this be entered as a postfix wishlist item then? A 'm' flag to pcre_table that would match on the whole headers (instead of line-by-line), akin to Perl's 'm' regexp flag: m Treat string as multiple lines. That is, change "^" and "$" from matching the start or end of the string to matching the start or end of any line anywhere within the string. It would be very powerful, yet retain the ability to match on any individual header line with ^ and $ anchors.
From: Louis-David Mitterrand on 6 May 2010 05:25 On Thu, May 06, 2010 at 11:15:21AM +0200, Tom Hendrikx wrote: > On 06/05/10 10:58, Louis-David Mitterrand wrote: > > On Wed, May 05, 2010 at 01:44:54PM -0400, Brian Evans - Postfix List wrote: > >>>> > >>> You could try this in /etc/postfis/header_checks > >>> > >>> if /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ > >>> if !/^(X-Original-)?To:[^@]*(africanspamlover1|africanspamlover2|etc..)@/ > >>> /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1 > >>> /\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2 > >>> .. and all other rules ... > >>> endif > >>> endif > >>> > >> This will not work. > >> Postfix analyzes headers one at a time. > >> You cannot check multiple headers at once in header_checks. > >> You need a milter or other filter to do that. > > > > Could this be entered as a postfix wishlist item then? A 'm' flag to > > pcre_table that would match on the whole headers (instead of > > line-by-line), akin to Perl's 'm' regexp flag: > > > > m Treat string as multiple lines. That is, change "^" and "$" from > > matching the start or end of the string to matching the start or > > end of any line anywhere within the string. > > > > It would be very powerful, yet retain the ability to match on any > > individual header line with ^ and $ anchors. > > > > Hi, > > I think that postfwd can do all of this already, working as a policy > daemon. See http://www.postfwd.org/ > > No need to complicate postfix any further: it is an MTA, and should > concentrate on mail delivery. There is a reason that you can hook up a > myriad of external tools into postfix. What is more complicated? Plug yet another policy daemon to one's postfix installation (with all the care and feeding it entails) or add a totally transparent and optional 'm' flag to postfix's pcre_table?
From: /dev/rob0 on 6 May 2010 09:11 On Thu, May 06, 2010 at 10:58:01AM +0200, Louis-David Mitterrand wrote: > On Wed, May 05, 2010 at 01:44:54PM -0400, Brian Evans - Postfix > List wrote: > > >> > > > You could try this in /etc/postfis/header_checks > > > > > > if /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ > > > if !/^(X-Original-)?To:[^@]*(africanspamlover1|africanspamlover2|etc..)@/ > > > /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1 > > > /\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2 > > > .. and all other rules ... > > > endif > > > endif > > > > > This will not work. > > Postfix analyzes headers one at a time. > > You cannot check multiple headers at once in header_checks. > > You need a milter or other filter to do that. > > Could this be entered as a postfix wishlist item then? A 'm' flag I can't speak for Wietse, but: no. What you're talking about would probably require major restructuring of cleanup(8). As you were told, what you want to do is already possible by means of external content filters and/or milters. I believe you will find Wietse's answer to your wish here: http://www.postfix.org/CONTENT_INSPECTION_README.html -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
|
Pages: 1 Prev: .forward files Next: Allowing e-mails to be relayed from a dynamic IP |