 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Sep-2007 | Next-Thread | Next-Msg |
| Subject: | Re: spammers tacking on headers how to block? |
| Group: | Postfix-users |
| From: | mouss |
| Date: | 19 Sep 2007 |
> Hello all,
>
> I have had a real good success with postfix + spamassassin for a spam tagging gateway, but a spammer is getting crafty and tacking on headers in the email. I was wondering if anyone can see a easy of blocking these types of emails.
>
do you mean the Received with "mx.freenet.de"? you cannot block this
with header_checks because there is no way to check only the first
received header, and even if it was possible, there is no way to compare
its text to the client or to the helo hostname.
you can use something like this (please understand it before using it.
use at your own risk anyway).
smtpd_recipient_restrictions =
...
check_helo_access pcre:/etc/postfix/dynlike
smtpd_restriction_classes =
...
policy_aggressive
policy_aggressive =
reject_unknown_helo_hostname
reject_rbl_client bl.spamcop.net
== dynlike:
/[^a-z]{9}/ policy_aggressive
endif
The rationale is that "nobody" would helo with a name that contains 9
consecutive non alphanumeric characters, so collateral damage should be
limited.
or you could just use spamcop globally and configure rbl_reply_maps so
that the reject code for spamcops is a 4xx. Then check your logs and see
fi some IPs should be whitelisted. spamcop seems to be safer than it
once was. but it's your server, so make your own judgement.
| Prev-Msg | Prev-Thread | Postfix-users | Sep-2007 | Next-Thread | Next-Msg |