Postfix Guides and header checks

Discussion in 'Tips/Tricks/Mods' started by concept21, Jan 8, 2017.

  1. concept21

    concept21 Active Member

    I find this guide very helpful:
    https://posluns.com/guides/
    and especially this header check file to filter malicious and spam mails:
    http://www.posluns.com/files/header_checks

    Just replace your empty header_checks file with it. It is not complete but you know how to start using the Postfix header_checks file to filter spammers and malware. :eek:

    And the new ISPConfig 3.1.1 is beautiful. Thank you all the contributors. :D
     
    till likes this.
  2. concept21

    concept21 Active Member

    Add these few lines on the beginning of your file /etc/postfix/header_checks . Spam emails will become past tense. :D


    # Nasty Spammers
    /^X-cloudmark-spam: .*/ HOLD Nasty Spammers

    # Social Sites Spammer
    /^Received: .* \(unknown \[/ HOLD Nasty China Spammers
     
  3. sjau

    sjau Local Meanie Moderator

    Better to add the header checks through the ISPC admin interface. Also I wrote a little php scripts that add email aliases to ispc as well as writing spam rules to it easily....
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    That puts full trust for false-positives in everyone else's cloudmark/spamassassin install; an alternative would be to bump your spamassassin score based on the presence of that header with a rule like (add to /etc/spamassassin/local.cf):
    Code:
    header LOCAL_HEADER_CLOUDMARK_SPAM  exists:X-cloudmark-spam
    describe LOCAL_HEADER_CLOUDMARK_SPAM Cloudmark identified spam.
    score LOCAL_HEADER_CLOUDMARK_SPAM 2.1
    

    This will reject mail that has ever passed through a server which doesn't have full forward/reverse dns setup - expect many false positives here. A similar smtpd_client_restrictions restriction which tests only the connecting server's forward/reverse dns is reject_unknown_client_hostname (http://www.postfix.org/postconf.5.html#smtpd_client_restrictions). Some places do use that; we don't, as the number of complaints from customers not receiving legit email is just too high, but it might work for other environments.
     
  5. concept21

    concept21 Active Member

    I find this new header of a spam mail today. What is your opinion? Shall we blacklist this header? :rolleyes:
    X-IronPort-Anti-Spam-Filtered: true
     
  6. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    I don't think, that header-checks are a good idea to prevent spam. If a "good" mail has one of your bad-headers, you can not process the mail futhermore. You can run amavis as a content_proxy (instead of content_filter) to reject spam-mails during the smtp-connection.
     
  7. vk3heg

    vk3heg Member

    The header: X-IronPort-Anti-Spam-Filtered:
    is from a spam filter system. My home isp uses it, and all emails have that header even when they are not spam.
     

Share This Page