[pfx] Re: body_checks not catching all backscatter
* Peter via Postfix-users [2023-05-03 07:45]: > On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote: > > Hi everyone, > > > > I'm not sure if I'm missing something but I can't find out why my > > body_checks doesn't catch all the backscatter I'm getting right now. > > Oh yuck. > > I've found that the best way to block backscatter is by using the > backscatter DNSRBL. Make sure you follow the instructions for setting it up > properly: > > https://www.backscatterer.org/?target=usage > > If used correctly it will only block DSNs from known backscatter sources. Thanks Peter but I will never ever, as long as I live, use anything connected to UCEProtect. Also: I might be interested in legitimate mail from backscatter MTAs. Best Regards Sebastian -- 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
* Sebastian Wiesinger [2023-04-27 17:59]: > root@alita:/etc/postfix# postmap -q - regexp:/etc/postfix/body_checks.pcre > Message-ID: > reject SPAM backscatter with forged domain name in Message-ID header And of course I ran into my own filter when I got the mail back from the mailinglist. :( I've deactivated the filter for now, but for this test case it worked. -- 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] body_checks not catching all backscatter
Hi everyone, I'm not sure if I'm missing something but I can't find out why my body_checks doesn't catch all the backscatter I'm getting right now. I've it configured like this: root@alita:/etc/postfix# postconf -n body_checks body_checks = pcre:$config_directory/body_checks.pcre root@alita:/etc/postfix# cat body_checks.pcre /^[> ]*Message-ID:.*@(fire-world\.de)/ reject SPAM backscatter with forged domain name in Message-ID header One example it doesn't catch seems to match the regex when I test it manually: root@alita:/etc/postfix# postmap -q - regexp:/etc/postfix/body_checks.pcre reject SPAM backscatter with forged domain name in Message-ID header I've got the original message (from my mailbox) here for you: https://www.karotte.org/big/backscatter.txt As I said, Postfix rejects some of the backscatter but not all. Any idea why it didn't reject this? Best Regards Sebastian -- 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org