Hi All. I am running ISPCONFIG version 3.1.15p3 on an old Centos release 6.10 (Final) machine which has been running for years. Recently, we have been receiving a lot of spam, so I have started adding some content filters. Specifically, we are receiving spam with subject "Smart Hemp Gummies - voted #1 hemp product in RSA", so I added a header filter with REGEX "/Smart Hemp Gummies/" with a DISCARD action. Postfix is configured with pcre regular expressions. To test if this worked, I sent myself an email from my gmail account with a subject of "Smart Hemp Gummies", and it got delivered to my mailbox. Looking at the postfix logs, I see the email being delivered without seemingly passing through the filter check. The following line is in my main.cf: Code: header_checks = regexp:/etc/postfix/header_checks I see the filters being added to /etc/postfix/header_checks file as well as in the mail_content_filter database table. I have tried other content filter regular expressions like "/^Subject:.*Smart Hemp Gummies/", but still no success. Any suggestions / help please. Kind Regards. Shaun
Thats a really old version of ISPConfig you are using, and you should really consider updating. You can debug the rules with the postmap command like so: Code: postmap -q - regexp:/etc/postfix/header_checks < /tmp/sample_header.txt Just place a file with a header you want to test in /tmp/sample_header.txt and run the command.
I think we need to update the OS as well. We are looking at it Thanks for the userful info. The result is: Code: [root@hv1 test]# postmap -q - regexp:/etc/postfix/header_checks < gummies.eml Received: from localhost (unknown [127.0.0.1]) IGNORE Subject: Smart Hemp Gummies - voted #1 hemp product in RSA DISCARD This tells me that the syntax is correct and it correctly identifying the email header, but only from the command line. I tested it again from my gmail account, and it simply passed through and got delivered. Any idea?
Did you do a reload of the postfix service after editing the file? There also is "receive_override_option" which maybe a cause, but that depends on your config. Check out the docs for the After Queue Filter at http://www.postfix.org/FILTER_README.html
I did not think to reload as I am doing it through ISPCONFIG. But I restarted postfix and tried again, it still gets delivered. But your link regarding FILTER_README might have put me on the right track. We use amavis for antivirus / anti spam filtering, and here is a snippet from main.cf: Code: content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings Does this mean that postfix bypasses the standard content filtering and just passes everything to amavis? If so, it implies that the "Global Filters" in ISPCONFIG have no effect when using amavis. Do you know if this is true?
I just wanted to make sure that it worked for the debugging. It should work just fine as till already confirmed. I have no other idea than to enable postfix verbose logging and see if there is something usefull in the logs. However be aware that verbose logging can be a mess on huge mailservers.
I have tested this on another installation of ISPConfig version 3.1.15p3 but on Centos 7. Here it works 100%. I have compared the postfix configuration specifically regarding content_filter, header_checks and receive_override_options. They are exactly the same. I am stumped.
