Hi,
do you use amavis in before or after queue mode?
If before, you should possibly look to your master.cf, to the lines
who get the mail from amavis back. Do you have somthing like
-o receive_override_options=no_header_body_checks
or
-o header_checks=
there ?
Willi
Am 31.01.2016 um 11:56 schrieb Sebastian Wolfgarten:
> Hi,
>
> I have a problem with a PCRE-based rule in header_checks which
> seems to be ignored and I can’t understand why this is the case.
> Hopefully you guys have an idea on how to fix this :-)
>
> So here is my setup: I am using Postfix 2.11.7 on FreeBSD 10 and as
> I am being bombarded with emails from certain hosts in France (and
> I have no idea why). These hosts are always following this format:
>
> letter e 1-2 digit number hostname .fr
>
> Here are some samples from today:
>
> e16.sodipoc.fr e38.info-essentiel.fr e42.1jour1news.fr
>
> I have defined a rule in SpamAssassin which successfully marks the
> related spam accordingly (works like a charm):
>
> header French_Spam ALL =~ / e\d{1,2}\.\S+\.fr /i score French_Spam
> 4.8
>
> Now I am trying not to mark the unsolicited emails anymore but
> block them entirely. As such I have defined the following rule in
> header_checks based on the rule that I have defined in
> SpamAssassin:
>
> /e\d{1,2}\.\S+\.fr/i REJECT French Spam
>
> I reloaded Postfix (postmap is not necessary for PCRE files, or?)
> but still I have received three spam mails today. Still the rule
> seems okay from my perspective - here is a test of the rule with
> three hosts I have received spam from today:
>
> $ postmap -q "e16.sodipoc.fr" pcre:/etc/postfix/header_checks
> REJECT French Spam
>
> $ postmap -q "e38.info-essentiel.fr"
> pcre:/etc/postfix/header_checks REJECT French Spam
>
> $ postmap -q "e42.1jour1news.fr" pcre:/etc/postfix/header_checks
> REJECT French Spam
>
> Any idea why this is happening?
>
> Here an extract of the headers of one of the emails received today
> (note: The message was marked as spam by Postfix but I manually
> removed all the related headers and information not to end up in
> your spam filters):
>
> Return-Path: <bou...@e42.1jour1news.fr> Delivered-To:
> sebast...@wolfgarten.com Received: from waldfest (localhost
> [127.0.0.1]) by waldfest.wolfgarten.com (Postfix) with ESMTP id
> 4154D704B9 for <sebast...@wolfgarten.com>; Sun, 31 Jan 2016
> 11:06:58 +0100 (CET) X-Quarantine-ID: <xg91jhFD9UJP> Received: from
> waldfest.wolfgarten.com ([127.0.0.1]) by waldfest
> (waldfest.wolfgarten.com [127.0.0.1]) (amavisd-new, port 10024)
> with LMTP id xg91jhFD9UJP for <sebast...@wolfgarten.com>; Sun, 31
> Jan 2016 11:06:44 +0100 (CET) X-Greylist: delayed 300 seconds by
> postgrey-1.36 at waldfest; Sun, 31 Jan 2016 11:06:44 CET Received:
> from e42.1jour1news.fr (e42.1jour1news.fr [62.210.13.102]) by
> waldfest.wolfgarten.com (Postfix) with ESMTP id A6750704AC for
> <sebast...@wolfgarten.com>; Sun, 31 Jan 2016 11:06:44 +0100 (CET)
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key;
> d=e42.1jour1news.fr;
> h=List-Unsubscribe:Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type;
> i=s...@e42.1jour1news.fr; bh=zQj93n30egRyo2hFB5OnJZSylLw=;
> b=FSLGriDlKRcl/NXBkxXU7ANj7JEO3+ltGllwY3hZu2bXxjJLXjFbz+fTZljB2BHbYMaKFmZxd6cF
>
>
6OhoV689FNZPqC1SBUt7rA2qMTRP0gqpuCGkMqTZ9KaSObrSNlZgCsxnsOuLWt7zrjF1OHL6jT8C
> y0Nre8XUjO0vR+d2Jbs= DomainKey-Signature: a=rsa-sha1; c=nofws;
> q=dns; s=key; d=e42.1jour1news.fr;
> b=Y4c0lfDPkQ4YaimLaY4exKzB9WpnZVLpQ+HP7976BIB5gFzWEIF+n9wYB7afXxThUNNWaomOHcJs
>
>
LxgAMqLl9nmkNLI6FRS0zn3cC/Pq8wUoUxdhyity3JWxiTo3q12ZP2/UxsYaOcWccB03Ch8VsB2u
> 9dhJQsHlnHCxcvj2Grs=; List-Unsubscribe:
> <http://link.lilinews.fr/t/u/mT2NTvqG3IQSUL1gyO7Px8zP42vuolnECda87eT2bELfB63CFJolSx2R-d9wMmfhSsIzs-RQFBJ7mGmt1RffM79Wt7YeSHwsbbVWTpjRwEE>
>
>
Message-ID: <1454234504.tinkiwinkilalapo56addb880b...@link.lilinews.fr>
> Date: Sun, 31 Jan 2016 11:01:44 +0100 Subject:
> =?UTF-8?Q?15=E2=82=AC?= offerts sur la nouvelle collection
>
> Finally, here is Postfix config:
>
> alias_maps =
> hash:/etc/aliases,mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> body_checks =
> pcre:/etc/postfix/body_checks,pcre:/etc/postfix/bad_urls
> canonical_maps = regexp:/etc/postfix/rewrite command_directory =
> /usr/sbin config_directory = /etc/postfix content_filter =
> amavisfeed:[127.0.0.1]:10024 daemon_directory =
> /usr/libexec/postfix data_directory = /var/db/postfix
> debug_peer_level = 2 debugger_command =
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
> $daemon_directory/$process_name $process_id & sleep 5
> default_destination_concurrency_limit = 20
> dovecot_destination_recipient_limit = 1 header_checks =
> pcre:/etc/postfix/header_checks html_directory =
> /usr/share/doc/postfix in_flow_delay = 1s inet_interfaces = all
> inet_protocols = ipv4 local_destination_concurrency_limit = 2
> mail_owner = postfix mail_spool_directory = /var/mail
> mailbox_size_limit = 0 mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man message_size_limit = 0
> milter_default_action = accept milter_protocol = 2
> mlmmj_destination_recipient_limit = 1 mydestination = $myhostname,
> sms.wolfgarten.com mydomain = wolfgarten.com myhostname =
> waldfest.wolfgarten.com mynetworks = ***REMOVED*** mynetworks_style
> = host myorigin = $myhostname newaliases_path =
> /usr/bin/newaliases non_smtpd_milters = $smtpd_milters
> propagate_unmatched_extensions = virtual queue_directory =
> /var/spool/postfix readme_directory = /usr/share/doc/postfix
> receive_override_options = no_address_mappings recipient_delimiter
> = + sample_directory = /etc/postfix sendmail_path =
> /usr/sbin/sendmail setgid_group = maildrop smtpd_banner =
> $myhostname ESMTP smtpd_helo_required = yes smtpd_milters =
> inet:127.0.0.1:8891 smtpd_recipient_restrictions =
> permit_mynetworks, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, permit_sasl_authenticated,
> reject_unauth_destination, reject_unauth_pipelining,
> reject_invalid_hostname, reject_unknown_sender_domain,
> check_sender_access hash:/etc/postfix/sender_access,
> check_client_access cidr:/etc/postfix/access-client,
> reject_rbl_client b.barracudacentral.org, reject_rbl_client
> sbl-xbl.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net,
> reject_rbl_client bl.spamcop.net, reject_rbl_client
> cbl.abuseat.org, reject_rbl_client truncate.gbudb.net,
> reject_rbl_client dul.dnsbl.sorbs.net, check_policy_service
> inet:127.0.0.1:10023 smtpd_reject_unlisted_sender = yes
> smtpd_relay_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination
> smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot smtpd_sender_restrictions =
> check_sender_access hash:/etc/postfix/sender_access,
> permit_sasl_authenticated, permit_mynetworks,
> reject_unauth_destination, reject_non_fqdn_recipient,
> reject_unknown_recipient_domain, reject_unknown_sender_domain,
> reject_non_fqdn_sender soft_bounce = no transport_maps =
> regexp:/etc/postfix/transport,hash:/var/spool/mlmmj/transport
> unknown_local_recipient_reject_code = 550 virtual_alias_maps =
> hash:/etc/postfix/virtual,hash:/var/spool/mlmmj/virtual,mysql:/etc/postfix/mysql_virtual_alias_maps.cf
>
>
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf
> virtual_mailbox_maps =
> mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport
> = dovecot
>
> Thank you.
>
> Best regards Sebastian
>
