ISPConfig3 Content-Filter

Discussion in 'General' started by x-myrza, Feb 24, 2023.

  1. x-myrza

    x-myrza New Member

    Hello,
    How can I add a content filter to block by username?
    For example:
    1. my domain name (mydomain.com)
    From: "mydomain.com" <any address@any domain.com>
    2. my address ([email protected])
    From: "[email protected]" <any address@any domain.com>
    Thank you!
     
    Last edited: Oct 6, 2023
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If you want to block sending, there is setting "disable sending" in the mailbox settings.
    If you want to block receiving e-mails by sender, this is explained in ISPConfig Manual, page 187.
     
  3. x-myrza

    x-myrza New Member

    Thanks for your reply! But the problem is not with my domain, but with the username(false username and domain, phishing, spam)
    "any address@any domain.com"
     
  4. pyte

    pyte Well-Known Member HowtoForge Supporter

    There are multiple ways to block messages that are spoofed.
    You could implement it with "smtpd_sender_restrictions" and add them manually to the list to block them. Or implement SPF for the domain in question so it will fail when the origin IP is not listed in the record. Or use rspamd to filter out and block the message.
     
  5. x-myrza

    x-myrza New Member

    smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf,
    check_sender_access regexp:/etc/postfix/tag_as_originating.re,
    reject_authenticated_sender_login_mismatch,
    permit_mynetworks,
    reject_sender_login_mismatch,
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_unlisted_sender,
    reject_unknown_sender_domain,
    reject_unauth_destination,
    check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    v=spf1 a mx ip4:my_ip_address ~all
    Installed sieve. Sieve does not block by sender name.
     
  6. x-myrza

    x-myrza New Member

    Hello everyone!
    Help me how to block spammers with such messages.


    Code:
    Return-Path: <[email protected]>
    Delivered-To: [email protected]
    Received: from mymailserver.mydomain.org
        by mymailserver.mydomain.org (Dovecot) with LMTP id rYPiCg1SHmVFEwAADoV8fQ
        for <[email protected]>; Thu, 05 Oct 2023 11:05:01 +0500
    Received: from localhost (localhost [127.0.0.1])
        by mymailserver.mydomain.org (Postfix) with ESMTP id 428DEE83FD8
        for <[email protected]>; Thu,  5 Oct 2023 11:05:01 +0500 (+05)
    X-Envelope-To: <[email protected]>
    X-Envelope-To-Blocked: <[email protected]>
    X-Quarantine-ID: <zvK3INt056HR>
    X-Amavis-Alert: BANNED, message contains
        .exe,.exe-ms,SALESINVOICE0989-98656890.exe
    X-Spam-Flag: NO
    X-Spam-Score: 0
    X-Spam-Level:
    X-Spam-Status: No, score=x tag=x tag2=x kill=x tests=[] autolearn=unavailable
    Received: from mymailserver.mydomain.org ([127.0.0.1])
        by localhost (mymailserver.mydomain.org [127.0.0.1]) (amavisd-new, port 10024)
        with LMTP id zvK3INt056HR for <[email protected]>;
        Thu,  5 Oct 2023 11:05:01 +0500 (+05)
    Received: from hosted-by.rootlayer.net (unknown [45.137.22.136])
        by mymailserver.mydomain.org (Postfix) with ESMTP id 5730DE83F90
        for <[email protected]>; Thu,  5 Oct 2023 11:04:53 +0500 (+05)
    From: [email protected],
        [email protected],
        [email protected], "Ltd <financierocvc"@gmail.com
    To: [email protected]
    Subject: ORDER-09865
    Date: 5 Oct 2023 06:04:46 +0200
    Message-ID: <[email protected]>
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0012_CB7D5AC3.8296AE1D"
    
    This is a multi-part message in MIME format.
    
    ------=_NextPart_000_0012_CB7D5AC3.8296AE1D
    Content-Type: text/html
    Content-Transfer-Encoding: quoted-printable
    
    <!DOCTYPE HTML>
    
    <html><head><title></title>
    <meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
    </head>
    <body style=3D"margin: 0.4em;">Good morning.<br><br><br><br>I request you t=
    o give price and delivery information for the<br><br>following product spec=
    ified in the attached <br><br><br><br><br><br>Thanks and Best Regards,<br><=
    br><br><br>Ari Colak Arteks Ltd.<br><br>Purchase Coordinator<br><br>NOOR MO=
    HAMMED HS<p><a href=3D"mailto:[email protected]">financierocvc@gmail.=
    com</a></p><p>7 Moustafa Refaat, Blocco 1135,</p><p>Sheraton Buildings, Hel=
    iopolis,</p></body></html>
    ------=_NextPart_000_0012_CB7D5AC3.8296AE1D
    Content-Type: application/pdf; name="98765445780.pdf"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="98765445780.pdf"
    
    JVBERi0xLjcKCjQgMCBvYmoKPDwKL0ZpbHRlciAvRmxhdGVEZWNvZGUKL0xlbmd0aCA4OAo+
    PgpzdHJlYW0KeJwz0DM3NQACBQM9AwNUhi6mnIWJoZ6lkYGBiYlCci5XIZchTAKTUZTOhWlk
    
    
    ------=_NextPart_000_0012_CB7D5AC3.8296AE1D
    Content-Type: application/octet-stream; name="SALESINVOICE0989-98656890.pdf.z"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="SALESINVOICE0989-98656890.pdf.z"
    
    UEsDBBQAAAAIANA5RVfrGl/OG4kEAC8bBQAdAAAAU0FMRVNJTlZPSUNFMDk4OS05ODY1Njg5
    MC5leGXsvXt8FFWaN376kqRJOlQDCUYBCRIV5SKaRIlNtAOpAEpDhybdMAIaIW2nDYRJqhAd
    ogmVKE3Rysy47+qsuwMTnQ/uOCuzLwM4IiYEk+A1XAZxZJagjFbb6ETF0EhI/b7Pqe6A+87u
    
    
    ------=_NextPart_000_0012_CB7D5AC3.8296AE1D--
    
     
    Last edited: Oct 7, 2023
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Use a content filter and/or train rspamd (if you use it) with this email (upload it as spam)
     
    ahrasis likes this.

Share This Page