Hello,
I've recently been getting spam that has the first received header filled in
with multiple users. This is an example.
Received: from 79.14.233.16 (account <user1@domain>,
<user2@domain>,
<user3@domain>,
<user4@domain>,
<user5@domain>,
<user6@domain>,
<user7@domain>,
<user8@domain>,
<user9@domain>,
<user10@domain>,
<user11@domain>,
<user12@domain>,
<user13@domain>,
<user14@domain>,
<user15@domain>,
<user16@domain>,
<user17@domain>,
<user18@domain>,
<user19@domain>,
<user20@domain> HELO domain)
by domain (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 107437582 for <user1@domain>; Mon, 11 Apr 2011 10:19:10
+0100
My first idea for handling these messages is writing a filter in header_checks
using regexp. Is this the best approach to take using Postfix 2.4.3?
Below are my main.cf settings that I think are relevant.
Jose
header_checks = regexp:/etc/postfix/header_checks
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_sender_restrictions =
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
check_helo_access hash:/etc/postfix/helo_access,
permit
smtpd_client_restrictions =
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_client_access hash:/etc/postfix/client_access,
check_sender_access hash:/etc/postfix/sender_access,
check_recipient_access hash:/etc/postfix/recipient_access,
reject_rbl_client zen.spamhaus.org,
permit
/etc/postfix/helo_access
domain REJECT fraudulent identity
mailserver.domain REJECT fraudulent identity
mailserver.ip_addr REJECT fraudulent identity
.......................................................
Jose Hales-Garcia
UCLA Department of Statistics
jose.halesgar...@stat.ucla.edu
