Postfix Guides and header checks

Discussion in 'Tips/Tricks/Mods' started by concept21, Jan 8, 2017.

  1. concept21

    concept21 Member

    I find this guide very helpful:
    https://posluns.com/guides/
    and especially this header check file to filter malicious and spam mails:
    http://www.posluns.com/files/header_checks

    Just replace your empty header_checks file with it. It is not complete but you know how to start using the Postfix header_checks file to filter spammers and malware. :eek:

    And the new ISPConfig 3.1.1 is beautiful. Thank you all the contributors. :D
     
    till likes this.
  2. concept21

    concept21 Member

    Add these few lines on the beginning of your file /etc/postfix/header_checks . Spam emails will become past tense. :D


    # Nasty Spammers
    /^X-cloudmark-spam: .*/ HOLD Nasty Spammers

    # Social Sites Spammer
    /^Received: .* \(unknown \[/ HOLD Nasty China Spammers
     
  3. sjau

    sjau Local Meanie Moderator

    Better to add the header checks through the ISPC admin interface. Also I wrote a little php scripts that add email aliases to ispc as well as writing spam rules to it easily....
     
  4. Jesse Norell

    Jesse Norell Well-Known Member

    That puts full trust for false-positives in everyone else's cloudmark/spamassassin install; an alternative would be to bump your spamassassin score based on the presence of that header with a rule like (add to /etc/spamassassin/local.cf):
    Code:
    header LOCAL_HEADER_CLOUDMARK_SPAM  exists:X-cloudmark-spam
    describe LOCAL_HEADER_CLOUDMARK_SPAM Cloudmark identified spam.
    score LOCAL_HEADER_CLOUDMARK_SPAM 2.1
    

    This will reject mail that has ever passed through a server which doesn't have full forward/reverse dns setup - expect many false positives here. A similar smtpd_client_restrictions restriction which tests only the connecting server's forward/reverse dns is reject_unknown_client_hostname (http://www.postfix.org/postconf.5.html#smtpd_client_restrictions). Some places do use that; we don't, as the number of complaints from customers not receiving legit email is just too high, but it might work for other environments.
     
  5. concept21

    concept21 Member

    I find this new header of a spam mail today. What is your opinion? Shall we blacklist this header? :rolleyes:
    X-IronPort-Anti-Spam-Filtered: true
     
  6. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    I don't think, that header-checks are a good idea to prevent spam. If a "good" mail has one of your bad-headers, you can not process the mail futhermore. You can run amavis as a content_proxy (instead of content_filter) to reject spam-mails during the smtp-connection.
     
  7. vk3heg

    vk3heg Member

    The header: X-IronPort-Anti-Spam-Filtered:
    is from a spam filter system. My home isp uses it, and all emails have that header even when they are not spam.
     

Share This Page