On 5/5/2010 1:10 PM, Louis-David Mitterrand wrote: > On Wed, May 05, 2010 at 07:00:37PM +0200, Laurent CARON wrote: > >> Hi, >> >> I'm basically trying to protect my users from the following: >> >> Spam >> - Sent from accounts hosted on freemail providers (yahoo, ...) >> - Originating from AfriNIC ranges >> - Tergetted at several dozen of users >> >> The headers look like this: >> Received: from [41.207.213.162] by web1104.biz.mail.sk1.yahoo.com via HTTP; >> Tue, 04 May 2010 14:44:20 PDT >> >> >> It is fairly trivial to block suck things via a header access map >> >> if >> /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ >> /\b(41\.\d+\.\d+\.\d+)\b/ REJECT regional junk 001 #Africa >> endif >> >> Some of my users receive a few legitimate emails from Africa. >> > You could try this in /etc/postfis/header_checks > > if > /^(Received|X-((Origin(ating)?|Client|MDRemote|Sender)-?IP|(Client|Remote_)Addr|PHP-Script)):/ > if > !/^(X-Original-)?To:[...@]*(africanspamlover1|africanspamlover2|etc..)@/ > /\b(41\.1(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 1 > /\b(41\.3(6\d|7[0-5])\.\d+\.\d+)\b/ REJECT african spam rule 2 > .. and all other rules ... > endif > endif > >
This will not work. Postfix analyzes headers one at a time. You cannot check multiple headers at once in header_checks. You need a milter or other filter to do that.
