Hi, I have a problem with a PCRE-based rule in header_checks which seems to be ignored and I can’t understand why this is the case. Hopefully you guys have an idea on how to fix this :-)
So here is my setup: I am using Postfix 2.11.7 on FreeBSD 10 and as I am being
bombarded with emails from certain hosts in France (and I have no idea why).
These hosts are always following this format:
letter e
1-2 digit number
hostname
.fr
Here are some samples from today:
e16.sodipoc.fr
e38.info-essentiel.fr
e42.1jour1news.fr
I have defined a rule in SpamAssassin which successfully marks the related spam
accordingly (works like a charm):
header French_Spam ALL =~ / e\d{1,2}\.\S+\.fr /i
score French_Spam 4.8
Now I am trying not to mark the unsolicited emails anymore but block them
entirely. As such I have defined the following rule in header_checks based on
the rule that I have defined in SpamAssassin:
/e\d{1,2}\.\S+\.fr/i REJECT French Spam
I reloaded Postfix (postmap is not necessary for PCRE files, or?) but still I
have received three spam mails today. Still the rule seems okay from my
perspective - here is a test of the rule with three hosts I have received spam
from today:
$ postmap -q "e16.sodipoc.fr" pcre:/etc/postfix/header_checks
REJECT French Spam
$ postmap -q "e38.info-essentiel.fr" pcre:/etc/postfix/header_checks
REJECT French Spam
$ postmap -q "e42.1jour1news.fr" pcre:/etc/postfix/header_checks
REJECT French Spam
Any idea why this is happening?
Here an extract of the headers of one of the emails received today (note: The
message was marked as spam by Postfix but I manually removed all the related
headers and information not to end up in your spam filters):
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from waldfest (localhost [127.0.0.1])
by waldfest.wolfgarten.com (Postfix) with ESMTP id 4154D704B9
for <[email protected]>; Sun, 31 Jan 2016 11:06:58 +0100 (CET)
X-Quarantine-ID: <xg91jhFD9UJP>
Received: from waldfest.wolfgarten.com ([127.0.0.1])
by waldfest (waldfest.wolfgarten.com [127.0.0.1]) (amavisd-new, port
10024)
with LMTP id xg91jhFD9UJP for <[email protected]>;
Sun, 31 Jan 2016 11:06:44 +0100 (CET)
X-Greylist: delayed 300 seconds by postgrey-1.36 at waldfest; Sun, 31 Jan 2016
11:06:44 CET
Received: from e42.1jour1news.fr (e42.1jour1news.fr [62.210.13.102])
by waldfest.wolfgarten.com (Postfix) with ESMTP id A6750704AC
for <[email protected]>; Sun, 31 Jan 2016 11:06:44 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key; d=e42.1jour1news.fr;
h=List-Unsubscribe:Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type;
[email protected];
bh=zQj93n30egRyo2hFB5OnJZSylLw=;
b=FSLGriDlKRcl/NXBkxXU7ANj7JEO3+ltGllwY3hZu2bXxjJLXjFbz+fTZljB2BHbYMaKFmZxd6cF
6OhoV689FNZPqC1SBUt7rA2qMTRP0gqpuCGkMqTZ9KaSObrSNlZgCsxnsOuLWt7zrjF1OHL6jT8C
y0Nre8XUjO0vR+d2Jbs=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key; d=e42.1jour1news.fr;
b=Y4c0lfDPkQ4YaimLaY4exKzB9WpnZVLpQ+HP7976BIB5gFzWEIF+n9wYB7afXxThUNNWaomOHcJs
LxgAMqLl9nmkNLI6FRS0zn3cC/Pq8wUoUxdhyity3JWxiTo3q12ZP2/UxsYaOcWccB03Ch8VsB2u
9dhJQsHlnHCxcvj2Grs=;
List-Unsubscribe:
<http://link.lilinews.fr/t/u/mT2NTvqG3IQSUL1gyO7Px8zP42vuolnECda87eT2bELfB63CFJolSx2R-d9wMmfhSsIzs-RQFBJ7mGmt1RffM79Wt7YeSHwsbbVWTpjRwEE>
Message-ID: <[email protected]>
Date: Sun, 31 Jan 2016 11:01:44 +0100
Subject: =?UTF-8?Q?15=E2=82=AC?= offerts sur la nouvelle collection
Finally, here is Postfix config:
alias_maps = hash:/etc/aliases,mysql:/etc/postfix/mysql_virtual_alias_maps.cf
body_checks = pcre:/etc/postfix/body_checks,pcre:/etc/postfix/bad_urls
canonical_maps = regexp:/etc/postfix/rewrite
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 20
dovecot_destination_recipient_limit = 1
header_checks = pcre:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
local_destination_concurrency_limit = 2
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 0
milter_default_action = accept
milter_protocol = 2
mlmmj_destination_recipient_limit = 1
mydestination = $myhostname, sms.wolfgarten.com
mydomain = wolfgarten.com
myhostname = waldfest.wolfgarten.com
mynetworks = ***REMOVED***
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = $smtpd_milters
propagate_unmatched_extensions = virtual
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_non_fqdn_recipient, permit_sasl_authenticated,
reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname,
reject_unknown_sender_domain, check_sender_access
hash:/etc/postfix/sender_access, check_client_access
cidr:/etc/postfix/access-client, reject_rbl_client b.barracudacentral.org,
reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org,
reject_rbl_client truncate.gbudb.net, reject_rbl_client dul.dnsbl.sorbs.net,
check_policy_service inet:127.0.0.1:10023
smtpd_reject_unlisted_sender = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_access, permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unknown_sender_domain,
reject_non_fqdn_sender
soft_bounce = no
transport_maps = regexp:/etc/postfix/transport,hash:/var/spool/mlmmj/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
hash:/etc/postfix/virtual,hash:/var/spool/mlmmj/virtual,mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot
Thank you.
Best regards
Sebastian
signature.asc
Description: Message signed with OpenPGP using GPGMail
