I find this guide very helpful: https://posluns.com/guides/ and especially this header check file to filter malicious and spam mails: http://www.posluns.com/files/header_checks Just replace your empty header_checks file with it. It is not complete but you know how to start using the Postfix header_checks file to filter spammers and malware. And the new ISPConfig 3.1.1 is beautiful. Thank you all the contributors.
Add these few lines on the beginning of your file /etc/postfix/header_checks . Spam emails will become past tense. # Nasty Spammers /^X-cloudmark-spam: .*/ HOLD Nasty Spammers # Social Sites Spammer /^Received: .* \(unknown \[/ HOLD Nasty China Spammers
Better to add the header checks through the ISPC admin interface. Also I wrote a little php scripts that add email aliases to ispc as well as writing spam rules to it easily....
That puts full trust for false-positives in everyone else's cloudmark/spamassassin install; an alternative would be to bump your spamassassin score based on the presence of that header with a rule like (add to /etc/spamassassin/local.cf): Code: header LOCAL_HEADER_CLOUDMARK_SPAM exists:X-cloudmark-spam describe LOCAL_HEADER_CLOUDMARK_SPAM Cloudmark identified spam. score LOCAL_HEADER_CLOUDMARK_SPAM 2.1 This will reject mail that has ever passed through a server which doesn't have full forward/reverse dns setup - expect many false positives here. A similar smtpd_client_restrictions restriction which tests only the connecting server's forward/reverse dns is reject_unknown_client_hostname (http://www.postfix.org/postconf.5.html#smtpd_client_restrictions). Some places do use that; we don't, as the number of complaints from customers not receiving legit email is just too high, but it might work for other environments.
I find this new header of a spam mail today. What is your opinion? Shall we blacklist this header? X-IronPort-Anti-Spam-Filtered: true
I don't think, that header-checks are a good idea to prevent spam. If a "good" mail has one of your bad-headers, you can not process the mail futhermore. You can run amavis as a content_proxy (instead of content_filter) to reject spam-mails during the smtp-connection.
The header: X-IronPort-Anti-Spam-Filtered: is from a spam filter system. My home isp uses it, and all emails have that header even when they are not spam.
