Re: Antispamming with header checks and regexp

2017-02-06 Thread Noel Jones 
On 2/6/2017 3:23 PM, Istvan Prosinger wrote:
> Hi All, and Happy New Year with a little delay :)
> 
> Comming to spam, header checks are one tool that I use frequently to
> prevent it.
> 
> So, amongst all, I have this:
> 
> if !/^Subject: (.*)[Aa]liexpress/
> /^Subject:(.*)% [Oo][Ff][Ff]/ REJECT Go away spammer
> endif
> 
> And this worked fine until _today_, when I got one email (and it
> wasn't from Ali) that had a subject:
> 
> You’re In Luck | Up to 70% Off
> 
> As for the regexp, I think this should definitely be a hit, but it
> got thru. First I thought that something bugged because of the |
> sign, but no.
> I've sent several tests from an external account and it's geting thru.
> 
> I need a 4-eye method - what the heck am I missing here?
> 
> Best,
> Istvan
> 
> 
> 

Oy, what an awkwardly awkward redundant expression that is up there
above.

Postfix regular expressions are case-insensitive by default, so the
[Aa] nonsense is unnecessary.  Encapsulating the wildcards with ()
is unnecessary unless you plan to use the result later.  The generic
"go away spammer" is useless for debugging your header_checks

much better:
if /^Subject: /
if !/aliexpress/
/% off/  REJECT percent off
endif
endif

and that could probably be further improved...

That said, your expression probably mostly works.

Remember that header_checks won't match encoded subjects, and only
one action is allowed per header, so if this header hits any prior
rules (such as a WARN, INFO, DUNNO) then it won't be rejected.




  -- Noel Jones

Re: Antispamming with header checks and regexp

2017-02-06 Thread Dominic Raferd 
On 6 February 2017 at 21:23, Istvan Prosinger  wrote:

> Hi All, and Happy New Year with a little delay :)
>
> Comming to spam, header checks are one tool that I use frequently to
> prevent it.
>
> So, amongst all, I have this:
>
> if !/^Subject: (.*)[Aa]liexpress/
> /^Subject:(.*)% [Oo][Ff][Ff]/ REJECT Go away spammer
> endif
>
> And this worked fine until _today_, when I got one email (and it wasn't
> from Ali) that had a subject:
>
> You’re In Luck | Up to 70% Off
>
> As for the regexp, I think this should definitely be a hit, but it got
> thru. First I thought that something bugged because of the | sign, but no.
> I've sent several tests from an external account and it's geting thru.
>
> I need a 4-eye method - what the heck am I missing here?
>
>
​Try removing the round brackets...​

Antispamming with header checks and regexp

2017-02-06 Thread Istvan Prosinger 

Hi All, and Happy New Year with a little delay :)

Comming to spam, header checks are one tool that I use frequently to 
prevent it.


So, amongst all, I have this:

if !/^Subject: (.*)[Aa]liexpress/
/^Subject:(.*)% [Oo][Ff][Ff]/ REJECT Go away spammer
endif

And this worked fine until _today_, when I got one email (and it wasn't 
from Ali) that had a subject:


You’re In Luck | Up to 70% Off

As for the regexp, I think this should definitely be a hit, but it got 
thru. First I thought that something bugged because of the | sign, but no.

I've sent several tests from an external account and it's geting thru.

I need a 4-eye method - what the heck am I missing here?

Best,
Istvan

Re: Postfix redirects emails to postmaster for non-existent users

2017-02-06 Thread Viktor Dukhovni 
On Mon, Feb 06, 2017 at 05:37:27PM +0300, Süleyman Düzdaban wrote:

> > Be specific, what type of domain is "mydomain":
> >
> > Please be very clear whether you're trying to reject mail *to*
> > non-existent recipients, or *from* non-existent senders.  I am
> > assuming "recipients" for now based on the above.
> 
> I mean virtual mailbox domain listed in $virtual_mailbox_domains.
> 
> >> virtual_mailbox_domains = 
> >> proxy:mysql:$config_directory/maps/sql-vdomains.cf
> > Any domains listed there?
> 
> Yes. All of our domains (ankara.edu.tr,
> agri.ankara.edu.tr,politics.ankara.edu.tr etc.) and "postmap -q
> existent-domain proxy:mysql:$config_directory/maps/sql-vdomains.cf"
> yields return value "virtual:" for the existent-domains and nothing for
> the non-existent-domains.

For domains listed in virtual_mailbox_domains the Postfix smtpd(8)
server rejects mail to addresses that are not listed in any of:

recipient_canonical_maps
canonical_maps
virtual_alias_maps
virtual_mailbox_maps

Perhaps you have wildcard mappings in one of these.  Based on your
reported configuration, that would be virtual_alias_maps or
virtual_mailbox_maps.  Any output from:

$ config_directory=$(postconf -hx config_directory)
$ postmap -q @ankara.edu.tr mysql:$config_directory/maps/sql-valiases.cf
$ postmap -q @ankara.edu.tr mysql:$config_directory/maps/sql-vmailboxes.cf

-- 
Viktor.

Re: Postfix redirects emails to postmaster for non-existent users

2017-02-06 Thread Süleyman Düzdaban 
On 02/02/2017 06:41 PM, Viktor Dukhovni wrote:
> On Thu, Feb 02, 2017 at 04:21:41PM +0300, S�leyman D�zdaban wrote:
>
>> When I send an email from existent-address@mydomain to
>> non-existent-address@mydomain postfix redirects email to postmaster.
>> I want to reject email to addresses that do not exist in database.
> Be specific, what type of domain is "mydomain":
>
>   * Local domain listed in $mydestination?
>   * Relay domain listed in $relay_domains?
>   * Virtual mailbox domain listed in $virtual_mailbox_domains?
>   * Virtual alias domain listed in $virtual_alias_domains?
>   * Other, please explain.
>
> Please be very clear whether you're trying to reject mail *to*
> non-existent recipients, or *from* non-existent senders.  I am
> assuming "recipients" for now based on the above.


I mean virtual mailbox domain listed in $virtual_mailbox_domains.
We have a multiple domains setup which is consist of "ankara.edu.tr" and
its subdomains.
For example when I tried to send an email from an
existent-address@{ankara.edu.tr,
agri.ankara.edu.tr,politics.ankara.edu.tr etc.} to a
non-existent-address@{ankara.edu.tr,
agri.ankara.edu.tr,politics.ankara.edu.tr etc.} then it redirects the
mail to postmaster@{ankara.edu.tr,
agri.ankara.edu.tr,politics.ankara.edu.tr etc.}


>
>> I want to reject email to addresses that do not exist in database.
> What database?


We are using MySQL for mapping and authentication purposes.


>> Feb  2 15:25:40 postaci postfix/pipe[129456]: 4CC4C22359D:
>>  to=, 
>> orig_to=,
>>  relay=maildrop, delay=0.08, delays=0.06/0/0/0.02, dsn=2.0.0, status=sent
>>  (delivered via maildrop service)
> Message bounced to postmaster.


Yes.


>
>> 2bounce_notice_recipient = postmaster@$mydomain
> As configured.


It bounces even when I commented it out.

>> disable_dns_lookups = yes
> This is wrong for an Internet connected machine unless all outbound
> email is via a "relayhost".


Yes it is. We have messaging gateways and our MX records point to them.

>> mydestination = $myhostname, $mydomain, localhost.$mydomain
>> mydomain = cc.ankara.edu.tr
>> myhostname = postaci.cc.ankara.edu.tr
>> myorigin = $myhostname
>> relay_domains =
> The domain "ankara.edu.tr" is not any of the above.


Yes. I've tried "ankara.edu.tr" for $mydomain then i got "unknown user"
for all emails from existent-address@{ankara.edu.tr,
agri.ankara.edu.tr,politics.ankara.edu.tr etc.} to
existent-address@{ankara.edu.tr,
agri.ankara.edu.tr,politics.ankara.edu.tr etc.}.

Feb  6 14:02:25 postaci postfix/local[25888]: C09A0221C5C:
to=, relay=local, delay=1161,
delays=1161/0.01/0/0.02, dsn=5.1.1, status=bounced (unknown user:
"existent-address-without-domain-part") (Yes, recipient address does not
contain "@mydomain" part)


>
>> transport_maps = hash:$config_directory/transport
>> virtual_alias_maps = proxy:mysql:$config_directory/maps/sql-valiases.cf
> Any domains listed there?  Does the non-existent recipient lookup
> key yield some return value in this table with "postmap -q"?


transport_maps contains our other mail server's address for different
domain that are not listed in $virtual_mailbox_domains:

ogrenci.ankara.edu.trsmtp:[ip-address]:25


"postmap -q existent-address@{ankara.edu.tr,
agri.ankara.edu.tr,politics.ankara.edu.tr etc.}
proxy:mysql:$config_directory/maps/sql-valiases.cf" yields some return
value and non-existent-address@{ankara.edu.tr,
agri.ankara.edu.tr,politics.ankara.edu.tr etc.} does not.


>
>> virtual_mailbox_domains = proxy:mysql:$config_directory/maps/sql-vdomains.cf
> Any domains listed there?


Yes. All of our domains (ankara.edu.tr,
agri.ankara.edu.tr,politics.ankara.edu.tr etc.) and "postmap -q
existent-domain proxy:mysql:$config_directory/maps/sql-vdomains.cf"
yields return value "virtual:" for the existent-domains and nothing for
the non-existent-domains.


>
>> virtual_mailbox_maps = proxy:mysql:$config_directory/maps/sql-vmailboxes.cf
> Does the non-existent recipient lookup key yield some return value
> in this table with "postmap -q"?
>

No, it doesn't. Only for existent-addresses.



And thank you for other suggestions.