On 08 Aug 2014, at 14:53, Andre Luiz Paiz <andre.p...@iqm.unicamp.br> wrote:
> I was trying to use check_sender_access as sugested here in the forum to > avoid this type of SPAMs. But it is not working. > check_sender_access works more like a blacklist and the spammers are ready > for that. It is not working because you are confusing the envelope from with the 'From:' header. The 'check_sender_access' restriction works for the envelope only, not on the headers, and the headers are basically untrustworthy and easily forged. > Notice that the message was sent from > from=www-d...@109.red-81-45-22.staticip.rima-tde.net > to=webmas...@iqm.unicamp.br [snip] > Inside the message, the FROM contains webmaster@mydomain... > Is there a way to create rules like check_sender_access but based on the > header inside the mail message instead of the server connection? > I cannot block messages with SPF, because here we have a lot of false > positives. SPF does not work because, like 'check_sender_access', it does only work on the envelope, not the headers. For basic header checks, you can use 'header_checks'; http://www.postfix.org/header_checks.5.html I suspect that what you really need is better blacklisting, though. There's generally no need to accept anything from generic hostnames such as '109.red-81-45-22.staticip.rima-tde.net', for example. Are you running postscreen? Using blacklists? Mvg, Joni
