Re: Chinese Spam
Fwiw I keep a pre-queue instance of milter-regex https://www.benzedrine.ch/milter-regex.html in place, for just such 'emergencies', as well as longer-term header match/action. Although it's a bit long in the tooth, and not actively supported, it still works well enough. It's a clean, easy config & relatively lightweight. Takes the burden off Postfix for header checking, and disposes of these before any heavy post-queue processing (Amavis, SA, etc).
Re: Chinese Spam
Thanks. I went with: IF /^Message-id:/ /@qq\.com/ Reject ENDIF It's not all that pretty, but it works fine. I have been watching the logs and those messages are now being rejected. Thanks for all the help. -- Doug > On 7 September 2017, at 15:50, pgndevwrote: > > I missed the "message id" ... > > You should be able to match/block any valid header name. > > Add it to, or replace, what's in the match -- up to you. Personally, I've > never received a valid email from 'anything' @qq.com. YMMV. > > If you're shutting down a flood, more extreme, blunt instrument measures @ > the firewall (e.g. GeoIP blocking) can be put in place.
Re: Chinese Spam
I missed the "message id" ... You should be able to match/block any valid header name. Add it to, or replace, what's in the match -- up to you. Personally, I've never received a valid email from 'anything' @qq.com. YMMV. If you're shutting down a flood, more extreme, blunt instrument measures @ the firewall (e.g. GeoIP blocking) can be put in place.
Re: Chinese Spam
> On 7 September 2017, at 15:28, pgndevwrote: > > It ain't pretty, or recommended for the long term, but something like this > should slow it down > > /etc/postfix/main.cf > header_checks = pcre:/etc/postfix/header_checks.pcre > > /etc/postfix/header_checks.pcre > IF /^(To|From|Cc|Reply-To|Sender|Return-Path): / > /@qq\.com/i REJECT > ENDIF > > (check the syntax!) > To block the message-id field shouldn't that be: IF /(Message-id):/ /@qq\.com/i REJECT ENDIF The qq.com only appears in the message-id, never in any of the addresses.
Re: Chinese Spam
It ain't pretty, or recommended for the long term, but something like this should slow it down /etc/postfix/main.cf header_checks = pcre:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.pcre IF /^(To|From|Cc|Reply-To|Sender|Return-Path): / /@qq\.com/i REJECT ENDIF (check the syntax!)
Chinese Spam
My server is being hit pretty hard by spam from China. Every email is from a different IP address. The only common item is the message id ends in @qq.com. Is there any way to block those with that ID? -- Doug