Global check_header with negative lookahead for TLD

Discussion in 'Suggest HOWTO' started by drewborg, Oct 22, 2017.

  1. drewborg

    drewborg New Member

    I find it very time consuming to consider 1573 TLD when configuring global filters to block an entire TLD. I'm sure someone will flame me for this, but I only ever expect to receive messages from the most common TLD's. Anyone else can ask to have their TLD added to my allow list as far as I am concerned. To achieve this in a single filter I installed postfix-pcre ( apt-get install postfix-pcre ). Edit the main.cf ( /etc/postfix/main.cf ) and configre check_headers to use pcre: instead of regexp:. In ISPConfig I created a header filter with a negative lookahead to ensure the "From" address is coming from an allowed TLD.
    /.*From:\s.+?<[email protected]+?\.(?!com>|net>|org>|edu>|gov>|mil>)(.+?>)/​
    Altering the filter is as simple as adding or removing ####>| in the negative lookahead
    e.g.) to add .ca
    .*From:\s.+?<[email protected]+?\.(?!ca>|com>|net>|org>|edu>|gov>|mil>)(.+?>)​
    I know that the "From" address can be forged, but my assumption is the check_host() function to validate the domain and SPF will reject a forged sender relay to begin with.
     

Share This Page