Re: Filtering spam with a partial pattern

Wed, 18 May 2011 06:50:01 -0700 

On 5/18/2011 8:06 AM, Lima Union wrote:

Hi all! i'm seeing a huge quantity of spam during this week (~156K
messages) all from an smtp addresses that begins with '0-', like:

from=<0...@cancer.org>
from=<0-1z3ize-...@bxbmail.de>
from=<0...@carnival.com>
from=<0-gentil...@aditi.com>
from=<0-happy-1...@msf.biglobe.ne.jp>
from=<0-downl...@soundviewmortgage.com>

I tried to reject them by writing a simple rule in my
smtpd_sender_checks by simply appending 0- at the beginning of a new
line but for some reason it isn't matching the pattern, finally
getting rejected by my RBL provider. Anyway I want to avoid doing RBL
checks for this case, any ideas why my rule isn't working? any
suggetions on how to write a filter for this pattern?


Add to your smtpd_sender_checks.regexp file:

/^0-/  REJECT invalid sender address



  -- Noel Jones




TIA!

PS: some more info:

$ /usr/sbin/postconf -m
btree
cidr
environ
hash
internal
ldap
nis
proxy
regexp
static
tcp
unix

$ /usr/sbin/postconf mail_version
mail_version = 2.7.3

smtpd_recipient_restrictions =
         permit_mynetworks,
         reject_invalid_helo_hostname,
         reject_non_fqdn_helo_hostname,
#       warn_if_reject reject_unknown_helo_hostname,
         reject_non_fqdn_sender,
         reject_non_fqdn_recipient,
#       reject_unknown_sender_domain,
#       reject_unknown_recipient_domain,
         reject_unauth_destination,
         check_client_access hash:$config_directory/maps/smtpd_client_checks,
         check_helo_access hash:$config_directory/maps/smtpd_helo_checks,
         check_sender_access hash:$config_directory/maps/smtpd_sender_checks,
         check_sender_access
regexp:$config_directory/maps/smtpd_sender_checks.regexp,
         check_recipient_access
hash:$config_directory/maps/smtpd_recipient_checks,
         reject_non_fqdn_hostname,
         reject_unverified_recipient,
         reject_rbl_client zen.spamhaus.org,
         reject_rbl_client b.barracudacentral.org,
         reject_rbl_client psbl.surriel.com,
         reject_rbl_client bl.spamcop.net,
         reject_rhsbl_client rhsbl.sorbs.net,
         check_sender_access hash:$config_directory/maps/forged_domain_senders,
         check_policy_service inet:127.0.0.1:10023,
         permit

smtpd_data_restrictions =
         warn_if_reject reject_unauth_pipelining,
         permit

Reply via email to