ISPConfig3 Content-Filter

Discussion in 'General' started by x-myrza, Feb 24, 2023.

  1. x-myrza

    x-myrza New Member

    How can I add a content filter to block by username?
    For example:
    1. my domain name (
    From: "" <any address@any>
    2. my address ([email protected])
    From: "[email protected]" <any address@any>
    Thank you!
    Last edited: Oct 6, 2023
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If you want to block sending, there is setting "disable sending" in the mailbox settings.
    If you want to block receiving e-mails by sender, this is explained in ISPConfig Manual, page 187.
  3. x-myrza

    x-myrza New Member

    Thanks for your reply! But the problem is not with my domain, but with the username(false username and domain, phishing, spam)
    "any address@any"
  4. pyte

    pyte Well-Known Member HowtoForge Supporter

    There are multiple ways to block messages that are spoofed.
    You could implement it with "smtpd_sender_restrictions" and add them manually to the list to block them. Or implement SPF for the domain in question so it will fail when the origin IP is not listed in the record. Or use rspamd to filter out and block the message.
  5. x-myrza

    x-myrza New Member

    smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/,
    check_sender_access regexp:/etc/postfix/,
    check_sender_access regexp:/etc/postfix/
    v=spf1 a mx ip4:my_ip_address ~all
    Installed sieve. Sieve does not block by sender name.
  6. x-myrza

    x-myrza New Member

    Hello everyone!
    Help me how to block spammers with such messages.

    Return-Path: <[email protected]>
    Delivered-To: [email protected]
    Received: from
        by (Dovecot) with LMTP id rYPiCg1SHmVFEwAADoV8fQ
        for <[email protected]>; Thu, 05 Oct 2023 11:05:01 +0500
    Received: from localhost (localhost [])
        by (Postfix) with ESMTP id 428DEE83FD8
        for <[email protected]>; Thu,  5 Oct 2023 11:05:01 +0500 (+05)
    X-Envelope-To: <[email protected]>
    X-Envelope-To-Blocked: <[email protected]>
    X-Quarantine-ID: <zvK3INt056HR>
    X-Amavis-Alert: BANNED, message contains
    X-Spam-Flag: NO
    X-Spam-Score: 0
    X-Spam-Status: No, score=x tag=x tag2=x kill=x tests=[] autolearn=unavailable
    Received: from ([])
        by localhost ( []) (amavisd-new, port 10024)
        with LMTP id zvK3INt056HR for <[email protected]>;
        Thu,  5 Oct 2023 11:05:01 +0500 (+05)
    Received: from (unknown [])
        by (Postfix) with ESMTP id 5730DE83F90
        for <[email protected]>; Thu,  5 Oct 2023 11:04:53 +0500 (+05)
    From: [email protected],
        [email protected],
        [email protected], "Ltd <financierocvc"
    To: [email protected]
    Subject: ORDER-09865
    Date: 5 Oct 2023 06:04:46 +0200
    Message-ID: <[email protected]>
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    This is a multi-part message in MIME format.
    Content-Type: text/html
    Content-Transfer-Encoding: quoted-printable
    <meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
    <body style=3D"margin: 0.4em;">Good morning.<br><br><br><br>I request you t=
    o give price and delivery information for the<br><br>following product spec=
    ified in the attached <br><br><br><br><br><br>Thanks and Best Regards,<br><=
    br><br><br>Ari Colak Arteks Ltd.<br><br>Purchase Coordinator<br><br>NOOR MO=
    HAMMED HS<p><a href=3D"mailto:[email protected]">financierocvc@gmail.=
    com</a></p><p>7 Moustafa Refaat, Blocco 1135,</p><p>Sheraton Buildings, Hel=
    Content-Type: application/pdf; name="98765445780.pdf"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="98765445780.pdf"
    Content-Type: application/octet-stream; name="SALESINVOICE0989-98656890.pdf.z"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="SALESINVOICE0989-98656890.pdf.z"
    Last edited: Oct 7, 2023
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Use a content filter and/or train rspamd (if you use it) with this email (upload it as spam)
    ahrasis likes this.

Share This Page