On Wed, May 05, 2010 at 07:00:37PM +0200, Laurent CARON wrote:
> Hi,
>
> I'm basically trying to protect my users from the following:
>
> Spam
> - Sent from accounts hosted on freemail providers (yahoo, ...)
> - Originating from AfriNIC ranges
> - Tergetted at several dozen of users
>
> The headers look like this:
> Received: from [41.207.213.162] by web1104.biz.mail.sk1.yahoo.com via HTTP;
> Tue, 04 May 2010 14:44:20 PDT
>
>
> It is fairly trivial to block suck things via a header access map
>
> if
> /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/
> /\b(41\.\d+\.\d+\.\d+)\b/ REJECT regional junk 001 #Africa
> endif
>
> Some of my users receive a few legitimate emails from Africa.
You could try this in /etc/postfis/header_checks
if
/^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/
if
!/^(X-Original-)?To:[...@]*(africanspamlover1|africanspamlover2|etc..)@/
/\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1
/\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2
.. and all other rules ...
endif
endif
(the indent is purely for clarity. Not sure postfix accepts it.)
--
http://www.cruisefish.net
