Postfix Guides and header checks

Discussion in 'Tips/Tricks/Mods' started by concept21, Jan 8, 2017.

  1. concept21

    concept21 Active Member

    I find this guide very helpful:
    and especially this header check file to filter malicious and spam mails:

    Just replace your empty header_checks file with it. It is not complete but you know how to start using the Postfix header_checks file to filter spammers and malware. :eek:

    And the new ISPConfig 3.1.1 is beautiful. Thank you all the contributors. :D
    till likes this.
  2. concept21

    concept21 Active Member

    Add these few lines on the beginning of your file /etc/postfix/header_checks . Spam emails will become past tense. :D

    # Nasty Spammers
    /^X-cloudmark-spam: .*/ HOLD Nasty Spammers

    # Social Sites Spammer
    /^Received: .* \(unknown \[/ HOLD Nasty China Spammers
  3. sjau

    sjau Local Meanie Moderator

    Better to add the header checks through the ISPC admin interface. Also I wrote a little php scripts that add email aliases to ispc as well as writing spam rules to it easily....
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    That puts full trust for false-positives in everyone else's cloudmark/spamassassin install; an alternative would be to bump your spamassassin score based on the presence of that header with a rule like (add to /etc/spamassassin/
    header LOCAL_HEADER_CLOUDMARK_SPAM  exists:X-cloudmark-spam
    describe LOCAL_HEADER_CLOUDMARK_SPAM Cloudmark identified spam.

    This will reject mail that has ever passed through a server which doesn't have full forward/reverse dns setup - expect many false positives here. A similar smtpd_client_restrictions restriction which tests only the connecting server's forward/reverse dns is reject_unknown_client_hostname ( Some places do use that; we don't, as the number of complaints from customers not receiving legit email is just too high, but it might work for other environments.
  5. concept21

    concept21 Active Member

    I find this new header of a spam mail today. What is your opinion? Shall we blacklist this header? :rolleyes:
    X-IronPort-Anti-Spam-Filtered: true
  6. florian030

    florian030 Well-Known Member HowtoForge Supporter

    I don't think, that header-checks are a good idea to prevent spam. If a "good" mail has one of your bad-headers, you can not process the mail futhermore. You can run amavis as a content_proxy (instead of content_filter) to reject spam-mails during the smtp-connection.
  7. vk3heg

    vk3heg Member

    The header: X-IronPort-Anti-Spam-Filtered:
    is from a spam filter system. My home isp uses it, and all emails have that header even when they are not spam.

Share This Page