Postfix Config

The vast majority of spam that gets delivered to my inbox is from emails that the header received by domain does not match the same domain as the reply to address. Is there a way in Postfix, or maybe in a sieve rule, to reject these?

Here's the header of one spam email I got today.

Received: from allureagency.com.br (unknown [116.204.181.101])

But the reply address is from this domain: 24HrGutterReplacementaFWczOYfp.com

 

Have you checked the good e-mails your server receives, how many of those have this same not matching received from and reply address?
I'm sure RSPAMD could filter by that criteria, but I do not know how. It has configuration

Code:

REPLYTO_DN_EQ_FROM_DN    Reply-To display name matches From

which looks promising.

 

I checked the config file for Postfix...and I did NOT have SORBS in the RBL blacklist. That list seems to add IP's pretty quickly. I had SORBS in the ISPConfig settings, but I must have had something wrong, as the email in the example was in 95% of the RBL blacklists that I looked at.
I've added it to Postfix, and will report back if this reduces delivered clearly SPAM emails.

Thanks!

 

I'd say 99% of the spam that gets into my mailbox is of this type:

Received: from 000bcc00.glucoinsta.cam (unknown [107.179.46.44]) ------- (UNKNOWN followed by IP address)


Where a legitimate email will have:

Received: from mtaout-62034-ewr.dynect.net (mtaout-62034-ewr.dynect.net [208.76.62.34]) ------- (REVERSE DNS followed by IP)


Can I move all UNKNOWN to the Junk folder automatically? If so, how? Not sure if it's the best method, but I've added this sieve rule:

elseif header :contains "(unknown ["
{
fileinto "Junk";
}

 

I don't want to reject...I want it in JUNK.

The syntax I had was wrong though...I think this is working:


elsif header :contains "Received" "(unknown ["
{
fileinto "Junk";
}