| Linode Forum https://forum.linode.com/ |
|
| Postfix email address block not working (wrong address used) https://forum.linode.com/viewtopic.php?f=11&t=11069 |
Page 1 of 1 |
| Author: | dee4 [ Sat May 24, 2014 11:01 am ] |
| Post subject: | Postfix email address block not working (wrong address used) |
I'm trying to block email addresses in Postfix. I'm using the standard sender_access method. Sometimes this works. But most often, the problem is that the "From:" email address I see in my regular mail client (from the guy I want to ban) is not the email address that Postfix sees and uses. So Postfix is using some other address that is buried in the email's header, unique for each email. Here is how one of them looks (modified slightly for privacy purposes): Code: bounce-use=M=26666899993=echo4=3FFEADB10BDBB3008673506FD3441770 [at] returnpath.idiotdomain.com How to tackle this? |
|
| Author: | Vance [ Sun May 25, 2014 3:21 am ] |
| Post subject: | Re: Postfix email address block not working (wrong address u |
The check_sender_access controls only apply to the envelope sender (MAIL FROM) address given at the start of the SMTP transaction, not the one specified in the "From: " header. If returnpath.idiotdomain.com is consistent, you should be able to simply put that hostname in the access file with a REJECT action; you don't have to specify a full user@domain address. (Or you could use .idiotdomain.com, depending on circumstances.) It's possible to do content filtering on the "From: " header, but this is trickier to set up. |
|
| Author: | dee4 [ Mon May 26, 2014 10:56 am ] |
| Post subject: | Re: Postfix email address block not working (wrong address u |
Vance wrote: The check_sender_access controls only apply to the envelope sender (MAIL FROM) address given at the start of the SMTP transaction, not the one specified in the "From: " header. If returnpath.idiotdomain.com is consistent, you should be able to simply put that hostname in the access file with a REJECT action; you don't have to specify a full user@domain address. (Or you could use .idiotdomain.com, depending on circumstances.) It's possible to do content filtering on the "From: " header, but this is trickier to set up. I should probably have used whateverdomain.com instead of idiotdomain.com to indicate that perhaps someone legitimate could use that same domain in the future. Anyway, you claim that the header stuff is "trickier to set up". Are you sure? This website http://mattshaw.org/news/how-to-filter-mail-with-postfix-header_checks/ has some simple instructions for it. What do you think about this? He is doing it in a pretty simple way, but is there any reason not to do this? I copy-paste his instructions here for future reference: Quote: #main.cf
header_checks = regexp:/etc/postfix/header_checks #/etc/postfix/header_checks /^From: "spammer/ REJECT /^To: bob@here.com/ REDIRECT bob@there.com /^Subject:.*viagra/ DISCARD List of actions: http://www.postfix.org/header_checks.5.html |
|
| Author: | Vance [ Tue May 27, 2014 1:09 am ] |
| Post subject: | Re: Postfix email address block not working (wrong address u |
Well, there are limitations. To briefly summarize those that may apply to your situation: 1. The filter doesn't decode RFC 2047-encoded headers, so your regular expression would need to account for this if it's a possibility. 2. The header check applies no matter who the recipient is, so you can't exclude the spammy From: address for some of your users but not others. 3. If you use a large number of rules, system performance can suffer to the point where the mail queues get backed up. Plus one that isn't listed there... 4. A poorly-constructed regular expression may reject legitimate mail. To describe #1, the following two header lines are equivalent: Code: From: spammer@whateverdomain.com Your nemesis could also change the format of his From: address, like so: Code: From: <spammer@whateverdomain.com> These are all legitimate formats for the From: header. If this person is using a consistent format, and you aren't going to be adding a bunch of rules, I don't think you'd have a problem with doing something like the below. Code: /^From: .*spammer@whateverdomain\.com/ REJECT Keep in mind the cautions above. For example, that rule would also reject someone who (probably unlikely) is using the address Code: From: "I hate spammer@whateverdomain.com" <notaspammer@anotherdomain.com> So "tricky" maybe isn't the right word, but there are possible hitches. |
|
| Author: | hoopycat [ Tue May 27, 2014 6:28 am ] |
| Post subject: | Re: Postfix email address block not working (wrong address u |
Using something that's designed for the task, e.g. procmail or Sieve is probably going to be better overall for this task. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|