Postfix Header Checks: Difference between revisions

From RSWiki
Jump to navigation Jump to search
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{AdWords2}}
'''Please considering making a donation to keep this site running''' In the three years that I have been running this site costs have increased significantly. Unfortunately advertising does not come anywhere near covering the costs to keep this site running. Any donations, however small will help enormously in keeping this site running. If you found the information on this page helpful in any way why not make a donation now? <donationform></donationform>
== Postfix Header Checks ==
== Postfix Header Checks ==


Line 24: Line 21:
In the file header_checks we can add our regular expressions. For example to block Chinese encoding you would have the following line:
In the file header_checks we can add our regular expressions. For example to block Chinese encoding you would have the following line:


<nowiki>/^Subject: =?big5?/    REJECT Chinese encoding not accepted by this server</nowiki>
<syntaxhighlight lang="perl">
/^Subject: =?big5?/    REJECT Chinese encoding not accepted by this server
</syntaxhighlight>


The REJECT in the above example means that your Postfix will send a rejection message with the message Chinese encoding not accepted by this server to the originating MTA. If you would rather reject them outright without sending a non delivery report change REJECT to DISCARD.
The REJECT in the above example means that your Postfix will send a rejection message with the message Chinese encoding not accepted by this server to the originating MTA. If you would rather reject them outright without sending a non delivery report change REJECT to DISCARD.
Line 30: Line 29:
Here are some more examples that are pretty self explanatory:
Here are some more examples that are pretty self explanatory:


<nowiki>/^Subject: =?EUC-KR?/  REJECT Korean encoding not allowed by this server
<syntaxhighlight lang="perl">
/^Subject: =?EUC-KR?/  REJECT Korean encoding not allowed by this server
/^Subject: =?Windows-1251?/    REJECT Russian encoding not allowed by this server
/^Subject: =?Windows-1251?/    REJECT Russian encoding not allowed by this server
/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server
/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server
/^Subject: ADV:/        REJECT Advertisements not accepted by this server</nowiki>
/^Subject: ADV:/        REJECT Advertisements not accepted by this server
</syntaxhighlight>


If you are familiar with regular expressions then you may add your own. Once you make any changes to your header_access file don't forget to get Postfix to reload its configuration with the folllowing command:
If you are familiar with regular expressions then you may add your own. Once you make any changes to your header_access file don't forget to get Postfix to reload its configuration with the folllowing command:
Line 39: Line 40:
  postfix reload
  postfix reload


== My Running Config ==
Here is the contents of my header_checks file: (Note, each should be on their own line)


{{AdWords}}
<syntaxhighlight lang="perl" line>
/^Received:/ HOLD
/^Subject: =?big5?/    REJECT Chinese encoding not accepted by this server
/^Subject: =?EUC-KR?/  REJECT Korean encoding not allowed by this server
/^Subject: ADV:/        REJECT Advertisements not accepted by this server
/^Subject: =?Windows-1251?/    REJECT Russian encoding not allowed by this server
/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server
/^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/  REJECT Language not accepted by this server as it is probably spam
/[^[:print:]]{8}/      REJECT Sorry, ascii characters only permitted by this server
/^From:.*\@.*\.cn/      REJECT Sorry, Chinese mail not allowed here
/^From:.*\@.*\.kr/      REJECT Sorry, Korean mail not allowed here
/^From:.*\@.*\.tr/      REJECT Sorry, Turkish mail not allowed here
/^From:.*\@.*\.ru/      REJECT Sorry, Russian mail not allowed here
/^From:.*\@.*\.ro/      REJECT Sorry, Romanian mail not allowed here
/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum|Thunder Server|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam
/^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCool Blastoise|MailerGear|Advanced Mass Sender|SpireMail|MailWorkZ|UltimDBMail|Mabry|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam.
/^(To|From|Cc|Reply-To):.*@optonline/  REJECT Sorry, your message is probably spam
</syntaxhighlight>


[[Category:Linux| ]] [[Category:Unix| ]] [[Category:Technical| ]]
[[Category:Linux| ]] [[Category:Unix| ]] [[Category:Technical| ]]

Latest revision as of 10:58, 27 February 2017

Postfix Header Checks

If like almost everyone who administers a mail server you find yourself receiving lots of spam, there are a few tricks to stop some of them dead in their tracks if you are using Postfix as your MTA. The simple way to do this is to block them by the messages regional encoding in the subject line. Most of the spam that I receive originates from China, Korea and countries that use the Cyrillic alphabet so it is these that we will block.

At this point I should note that this is not a substitute for having some good spam filters in place to begin with. In my case I use this method to compliment spamassassin and mailscanner as both of these were ineffective with mail from mailing lists.

Also there are two methods of checking headers on Postfix. The first is by using regular expressions and the second is by using Perl Compatible Regular Expressions (PCRE). This document describes regular expressions only!

I am assuming the configuration files for your Postfix installation are in /etc/postfix.

Ensure Postfix is configured to use header checks

First up under /etc/postfix ensure that you have a file called header_checks. If not create it.

Next we want to ensure Postfix is configured to use this file so you do this from a command line by entering the following:

postconf -e "header_checks = regexp:/etc/postfix/header_checks"

Adding our header checks

In the file header_checks we can add our regular expressions. For example to block Chinese encoding you would have the following line:

/^Subject: =?big5?/     REJECT Chinese encoding not accepted by this server

The REJECT in the above example means that your Postfix will send a rejection message with the message Chinese encoding not accepted by this server to the originating MTA. If you would rather reject them outright without sending a non delivery report change REJECT to DISCARD.

Here are some more examples that are pretty self explanatory:

/^Subject: =?EUC-KR?/   REJECT Korean encoding not allowed by this server
/^Subject: =?Windows-1251?/     REJECT Russian encoding not allowed by this server
/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server
/^Subject: ADV:/        REJECT Advertisements not accepted by this server

If you are familiar with regular expressions then you may add your own. Once you make any changes to your header_access file don't forget to get Postfix to reload its configuration with the folllowing command:

postfix reload

My Running Config

Here is the contents of my header_checks file: (Note, each should be on their own line)

/^Received:/ HOLD
/^Subject: =?big5?/     REJECT Chinese encoding not accepted by this server
/^Subject: =?EUC-KR?/   REJECT Korean encoding not allowed by this server
/^Subject: ADV:/        REJECT Advertisements not accepted by this server
/^Subject: =?Windows-1251?/     REJECT Russian encoding not allowed by this server
/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server
/^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/   REJECT Language not accepted by this server as it is probably spam
/[^[:print:]]{8}/       REJECT Sorry, ascii characters only permitted by this server
/^From:.*\@.*\.cn/      REJECT Sorry, Chinese mail not allowed here
/^From:.*\@.*\.kr/      REJECT Sorry, Korean mail not allowed here
/^From:.*\@.*\.tr/      REJECT Sorry, Turkish mail not allowed here
/^From:.*\@.*\.ru/      REJECT Sorry, Russian mail not allowed here
/^From:.*\@.*\.ro/      REJECT Sorry, Romanian mail not allowed here
/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum|Thunder Server|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam
/^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCool Blastoise|MailerGear|Advanced Mass Sender|SpireMail|MailWorkZ|UltimDBMail|Mabry|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam.
/^(To|From|Cc|Reply-To):.*@optonline/   REJECT Sorry, your message is probably spam