On Sat, Aug 03, 2024 at 10:54:46AM -0400, John Thorvald Wodder II via
Postfix-users wrote:
> > maybe this header_checks example works :
> > /^(To|From|Cc|Reply-To):.*@stupidspammers\.example/ DISCARD
> > postmap /etc/postfix/header_checks
> > and in main.cf :
> > header_checks = regexp:/etc/postfix/header_checks
> > postfix reload
> > should work..
>
> I'll consider this solution.
The proposed "solution" is clumsy at best.
- One should not try to index "regexp" tables via postmap(1).
- One should use "pcre" instead of "regexp" whenever available.
- Headers are easily spoofed, and are optional (may be missing)
- The proposed header_checks pattern is fragile.
- It is best to avoid parsing RFC822 addresses with regular
expressions, the syntax is difficult to get right.
Somewhat closer (PCRE) would be:
if /^From:/
# Rough check that "example" is the last domain part label
/@spammer\.example\s*([>,(]|$)
endif
but the same spammer can choose many other domains, or not include a
"From:" header at all. Despite your reluctance to filter by IP address,
that (plus message content scoring) really is the best indication of
whether a message is or isn't spam. Individual headers are low-quality
signals.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
