Bryan K. Walton:
> Is it possible to combine header/body checks in such a way:
>
> If /^(From|Return-Path):.*\b(user@testdomain\.org)\b/
> ! /^Message-ID:.*@(testdomain\.org)/
> Reject ...
That is documented as NOT POSSIBLE.
if /pattern/flags
endif If the input string matches /pattern/, then match that input
string against the patterns between if and endif. The if..endif
can nest.
> Essentially, I want to only reject a message if the From/Return-Path
> matches a specific email address AND the Message-ID doesn't match the
> same domain.
For complex content filtering strategies you would need to use an
external filter. See http://www.postfix.org/CONTENT_INSPECTION_README.html
> I've read the backscatter howto. But in our case, we are receiving
> backscatter spam NDRs, where the recipient is a real recipient and the
> email server appears to not be forged. All I know is that the email
> server was not OUR email server.
If it really is backscatter to a testdomain address, consider
temporarily rejecting NDRs for that address (or the testdomain).
/etc/postfix/main.cf:
restriction_classes = reject-bounces
reject-bounces = check_sender_access inline:{{<> = reject}}
smtpd_recipient_restrictions =
...
reject_unauth_destination
check_recipient_access inline:{
{ u...@testdomain.org = reject-bounces }
}
http://www.postfix.orgpostconf.5.html#restriction_classes
http://www.postfix.org/DATABASE_README.html#types
Untested example, requires Postfix 3.0 or later. With earlier Postfix
versions, replace the inline:{a=b} with hash:/etc/postfix/whatever,
with /etc/postfix/whatever containing "a b".
> I can't reject on just the email address, because that would block
> legitimate NDRs that should come back to the original sender. And I
> obviously cannot block all Message-IDs that don't match our domain, as
> that would block almost all incoming mail. So, I believe I need to
> combine the two, if possible.
>
> Thanks,
> Bryan
>
