No, you can use PCRE lists with check_sender_access too. I use it successfully to block certain tld's and partial domains.
However, I would suggest using DISCARD instead of REJECT. With REJECT, you tell the spammer that he got blocked, thus he will switch to a new domain. With DISCARD, it will silently "swallow" the email (eg pipe it to /dev/null), thus the spammer will think the email got through the spam filter. (However, only use DISCARD with hosts/domains you are 100% sure its spam related and no legit mail will ever originate from that particular host or domain, if unsure, use REJECT instead). Best regards, Sebastian Nielsen -----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Sebastian Wolfgarten Skickat: den 31 januari 2016 14:03 Till: Sebastian Nielsen <sebast...@sebbe.eu> Kopia: postfix-users@postfix.org Ämne: Re: PCRE regex in header_checks ignored - why? [Invalid] Hi Sebastian, yes but this would require me to actually know all the hostnames upfront, i.e. I cannot use a PCRE regex if I am not mistaken, or? Thanks. Best regards Sebastian > Am 31.01.2016 um 12:52 schrieb Sebastian Nielsen <sebast...@sebbe.eu>: > > I would suggest use check_sender_access intead of header checks. Then you can > reject based on MAIL FROM:, since apparently the hosts are using their e**. > hostname in MAIL FROM. > > -----Ursprungligt meddelande----- > Från: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] För Sebastian Wolfgarten > Skickat: den 31 januari 2016 11:56 > Till: postfix-users@postfix.org > Ämne: PCRE regex in header_checks ignored - why? [Invalid] > > Hi, > > I have a problem with a PCRE-based rule in header_checks which seems > to be ignored and I can’t understand why this is the case. Hopefully > you guys have an idea on how to fix this :-) > > So here is my setup: I am using Postfix 2.11.7 on FreeBSD 10 and as I am > being bombarded with emails from certain hosts in France (and I have no idea > why). These hosts are always following this format: > > letter e > 1-2 digit number > hostname > .fr > > Here are some samples from today: > > e16.sodipoc.fr > e38.info-essentiel.fr > e42.1jour1news.fr > > I have defined a rule in SpamAssassin which successfully marks the related > spam accordingly (works like a charm): > > header French_Spam ALL =~ / e\d{1,2}\.\S+\.fr /i score French_Spam 4.8 > > Now I am trying not to mark the unsolicited emails anymore but block them > entirely. As such I have defined the following rule in header_checks based on > the rule that I have defined in SpamAssassin: > > /e\d{1,2}\.\S+\.fr/i REJECT French Spam > > I reloaded Postfix (postmap is not necessary for PCRE files, or?) but still I > have received three spam mails today. Still the rule seems okay from my > perspective - here is a test of the rule with three hosts I have received > spam from today: > > $ postmap -q "e16.sodipoc.fr" pcre:/etc/postfix/header_checks REJECT > French Spam > > $ postmap -q "e38.info-essentiel.fr" pcre:/etc/postfix/header_checks > REJECT French Spam > > $ postmap -q "e42.1jour1news.fr" pcre:/etc/postfix/header_checks > REJECT French Spam > > Any idea why this is happening? > > Here an extract of the headers of one of the emails received today (note: The > message was marked as spam by Postfix but I manually removed all the related > headers and information not to end up in your spam filters): > > Return-Path: <bou...@e42.1jour1news.fr> > Delivered-To: sebast...@wolfgarten.com > Received: from waldfest (localhost [127.0.0.1]) > by waldfest.wolfgarten.com (Postfix) with ESMTP id 4154D704B9 > for <sebast...@wolfgarten.com>; Sun, 31 Jan 2016 11:06:58 +0100 (CET) > X-Quarantine-ID: <xg91jhFD9UJP> > Received: from waldfest.wolfgarten.com ([127.0.0.1]) > by waldfest (waldfest.wolfgarten.com [127.0.0.1]) (amavisd-new, port > 10024) > with LMTP id xg91jhFD9UJP for <sebast...@wolfgarten.com>; > Sun, 31 Jan 2016 11:06:44 +0100 (CET) > X-Greylist: delayed 300 seconds by postgrey-1.36 at waldfest; Sun, 31 > Jan 2016 11:06:44 CET > Received: from e42.1jour1news.fr (e42.1jour1news.fr [62.210.13.102]) > by waldfest.wolfgarten.com (Postfix) with ESMTP id A6750704AC > for <sebast...@wolfgarten.com>; Sun, 31 Jan 2016 11:06:44 +0100 (CET) > DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key; > d=e42.1jour1news.fr; > h=List-Unsubscribe:Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type; > i=s...@e42.1jour1news.fr; bh=zQj93n30egRyo2hFB5OnJZSylLw=; > b=FSLGriDlKRcl/NXBkxXU7ANj7JEO3+ltGllwY3hZu2bXxjJLXjFbz+fTZljB2BHbYMaKFmZxd6cF > 6OhoV689FNZPqC1SBUt7rA2qMTRP0gqpuCGkMqTZ9KaSObrSNlZgCsxnsOuLWt7zrjF1OHL6jT8C > y0Nre8XUjO0vR+d2Jbs= > DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key; d=e42.1jour1news.fr; > b=Y4c0lfDPkQ4YaimLaY4exKzB9WpnZVLpQ+HP7976BIB5gFzWEIF+n9wYB7afXxThUNNWaomOHcJs > LxgAMqLl9nmkNLI6FRS0zn3cC/Pq8wUoUxdhyity3JWxiTo3q12ZP2/UxsYaOcWccB03Ch8VsB2u > 9dhJQsHlnHCxcvj2Grs=; > List-Unsubscribe: > <http://link.lilinews.fr/t/u/mT2NTvqG3IQSUL1gyO7Px8zP42vuolnECda87eT2b > ELfB63CFJolSx2R-d9wMmfhSsIzs-RQFBJ7mGmt1RffM79Wt7YeSHwsbbVWTpjRwEE> > Message-ID: > <1454234504.tinkiwinkilalapo56addb880b...@link.lilinews.fr> > Date: Sun, 31 Jan 2016 11:01:44 +0100 > Subject: =?UTF-8?Q?15=E2=82=AC?= offerts sur la nouvelle collection > > Finally, here is Postfix config: > > alias_maps = > hash:/etc/aliases,mysql:/etc/postfix/mysql_virtual_alias_maps.cf > body_checks = pcre:/etc/postfix/body_checks,pcre:/etc/postfix/bad_urls > canonical_maps = regexp:/etc/postfix/rewrite command_directory = > /usr/sbin config_directory = /etc/postfix content_filter = > amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix > data_directory = /var/db/postfix debug_peer_level = 2 debugger_command > = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > default_destination_concurrency_limit = 20 > dovecot_destination_recipient_limit = 1 header_checks = > pcre:/etc/postfix/header_checks html_directory = > /usr/share/doc/postfix in_flow_delay = 1s inet_interfaces = all > inet_protocols = ipv4 local_destination_concurrency_limit = 2 > mail_owner = postfix mail_spool_directory = /var/mail > mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = > /usr/share/man message_size_limit = 0 milter_default_action = accept > milter_protocol = 2 mlmmj_destination_recipient_limit = 1 > mydestination = $myhostname, sms.wolfgarten.com mydomain = > wolfgarten.com myhostname = waldfest.wolfgarten.com mynetworks = > ***REMOVED*** mynetworks_style = host myorigin = $myhostname > newaliases_path = /usr/bin/newaliases non_smtpd_milters = > $smtpd_milters propagate_unmatched_extensions = virtual > queue_directory = /var/spool/postfix readme_directory = > /usr/share/doc/postfix receive_override_options = no_address_mappings > recipient_delimiter = + sample_directory = /etc/postfix sendmail_path > = /usr/sbin/sendmail setgid_group = maildrop smtpd_banner = > $myhostname ESMTP smtpd_helo_required = yes smtpd_milters = > inet:127.0.0.1:8891 smtpd_recipient_restrictions = permit_mynetworks, > reject_non_fqdn_sender, reject_non_fqdn_recipient, > permit_sasl_authenticated, reject_unauth_destination, > reject_unauth_pipelining, reject_invalid_hostname, > reject_unknown_sender_domain, check_sender_access > hash:/etc/postfix/sender_access, check_client_access > cidr:/etc/postfix/access-client, reject_rbl_client > b.barracudacentral.org, reject_rbl_client sbl-xbl.spamhaus.org, > reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client > bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client > truncate.gbudb.net, reject_rbl_client dul.dnsbl.sorbs.net, > check_policy_service inet:127.0.0.1:10023 smtpd_reject_unlisted_sender > = yes smtpd_relay_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth > smtpd_sasl_type = dovecot smtpd_sender_restrictions = > check_sender_access hash:/etc/postfix/sender_access, > permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, reject_non_fqdn_recipient, > reject_unknown_recipient_domain, reject_unknown_sender_domain, > reject_non_fqdn_sender soft_bounce = no transport_maps = > regexp:/etc/postfix/transport,hash:/var/spool/mlmmj/transport > unknown_local_recipient_reject_code = 550 virtual_alias_maps = > hash:/etc/postfix/virtual,hash:/var/spool/mlmmj/virtual,mysql:/etc/pos > tfix/mysql_virtual_alias_maps.cf virtual_mailbox_domains = > mysql:/etc/postfix/mysql_virtual_domain_maps.cf > virtual_mailbox_maps = > mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf > virtual_transport = dovecot > > Thank you. > > Best regards > Sebastian > >
smime.p7s
Description: S/MIME Cryptographic Signature
