Postfix Header Checks

From RSWiki
Revision as of 10:58, 27 February 2017 by Robert (talk | contribs) (→‎Adding our header checks)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Postfix Header Checks

If like almost everyone who administers a mail server you find yourself receiving lots of spam, there are a few tricks to stop some of them dead in their tracks if you are using Postfix as your MTA. The simple way to do this is to block them by the messages regional encoding in the subject line. Most of the spam that I receive originates from China, Korea and countries that use the Cyrillic alphabet so it is these that we will block.

At this point I should note that this is not a substitute for having some good spam filters in place to begin with. In my case I use this method to compliment spamassassin and mailscanner as both of these were ineffective with mail from mailing lists.

Also there are two methods of checking headers on Postfix. The first is by using regular expressions and the second is by using Perl Compatible Regular Expressions (PCRE). This document describes regular expressions only!

I am assuming the configuration files for your Postfix installation are in /etc/postfix.

Ensure Postfix is configured to use header checks

First up under /etc/postfix ensure that you have a file called header_checks. If not create it.

Next we want to ensure Postfix is configured to use this file so you do this from a command line by entering the following:

postconf -e "header_checks = regexp:/etc/postfix/header_checks"

Adding our header checks

In the file header_checks we can add our regular expressions. For example to block Chinese encoding you would have the following line:

/^Subject: =?big5?/     REJECT Chinese encoding not accepted by this server

The REJECT in the above example means that your Postfix will send a rejection message with the message Chinese encoding not accepted by this server to the originating MTA. If you would rather reject them outright without sending a non delivery report change REJECT to DISCARD.

Here are some more examples that are pretty self explanatory:

/^Subject: =?EUC-KR?/   REJECT Korean encoding not allowed by this server
/^Subject: =?Windows-1251?/     REJECT Russian encoding not allowed by this server
/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server
/^Subject: ADV:/        REJECT Advertisements not accepted by this server

If you are familiar with regular expressions then you may add your own. Once you make any changes to your header_access file don't forget to get Postfix to reload its configuration with the folllowing command:

postfix reload

My Running Config

Here is the contents of my header_checks file: (Note, each should be on their own line)

/^Received:/ HOLD
/^Subject: =?big5?/     REJECT Chinese encoding not accepted by this server
/^Subject: =?EUC-KR?/   REJECT Korean encoding not allowed by this server
/^Subject: ADV:/        REJECT Advertisements not accepted by this server
/^Subject: =?Windows-1251?/     REJECT Russian encoding not allowed by this server
/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server
/^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/   REJECT Language not accepted by this server as it is probably spam
/[^[:print:]]{8}/       REJECT Sorry, ascii characters only permitted by this server
/^From:.*\@.*\.cn/      REJECT Sorry, Chinese mail not allowed here
/^From:.*\@.*\.kr/      REJECT Sorry, Korean mail not allowed here
/^From:.*\@.*\.tr/      REJECT Sorry, Turkish mail not allowed here
/^From:.*\@.*\.ru/      REJECT Sorry, Russian mail not allowed here
/^From:.*\@.*\.ro/      REJECT Sorry, Romanian mail not allowed here
/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum|Thunder Server|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam
/^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCool Blastoise|MailerGear|Advanced Mass Sender|SpireMail|MailWorkZ|UltimDBMail|Mabry|Lite)\b/ REJECT No mass mailers allowed. You are probably sending spam.
/^(To|From|Cc|Reply-To):.*@optonline/   REJECT Sorry, your message is probably spam