Hi, spot on: I did have indeed the override_options set not to do any header_body_checks. I just removed the option which should hopefully fix my problem.
Many thanks again. I didn’t think of this.
Best regards
Sebastian
> Am 31.01.2016 um 14:44 schrieb wilfried.es...@essignetz.de:
>
> Hi,
>
> do you use amavis in before or after queue mode?
>
> If before, you should possibly look to your master.cf, to the lines
> who get the mail from amavis back. Do you have somthing like
>
> -o receive_override_options=no_header_body_checks
> or
> -o header_checks=
> there ?
>
> Willi
>
>
> Am 31.01.2016 um 11:56 schrieb Sebastian Wolfgarten:
>> Hi,
>>
>> I have a problem with a PCRE-based rule in header_checks which
>> seems to be ignored and I can’t understand why this is the case.
>> Hopefully you guys have an idea on how to fix this :-)
>>
>> So here is my setup: I am using Postfix 2.11.7 on FreeBSD 10 and as
>> I am being bombarded with emails from certain hosts in France (and
>> I have no idea why). These hosts are always following this format:
>>
>> letter e 1-2 digit number hostname .fr
>>
>> Here are some samples from today:
>>
>> e16.sodipoc.fr e38.info-essentiel.fr e42.1jour1news.fr
>>
>> I have defined a rule in SpamAssassin which successfully marks the
>> related spam accordingly (works like a charm):
>>
>> header French_Spam ALL =~ / e\d{1,2}\.\S+\.fr /i score French_Spam
>> 4.8
>>
>> Now I am trying not to mark the unsolicited emails anymore but
>> block them entirely. As such I have defined the following rule in
>> header_checks based on the rule that I have defined in
>> SpamAssassin:
>>
>> /e\d{1,2}\.\S+\.fr/i REJECT French Spam
>>
>> I reloaded Postfix (postmap is not necessary for PCRE files, or?)
>> but still I have received three spam mails today. Still the rule
>> seems okay from my perspective - here is a test of the rule with
>> three hosts I have received spam from today:
>>
>> $ postmap -q "e16.sodipoc.fr" pcre:/etc/postfix/header_checks
>> REJECT French Spam
>>
>> $ postmap -q "e38.info-essentiel.fr"
>> pcre:/etc/postfix/header_checks REJECT French Spam
>>
>> $ postmap -q "e42.1jour1news.fr" pcre:/etc/postfix/header_checks
>> REJECT French Spam
>>
>> Any idea why this is happening?
>>
>> Here an extract of the headers of one of the emails received today
>> (note: The message was marked as spam by Postfix but I manually
>> removed all the related headers and information not to end up in
>> your spam filters):
>>
>> Return-Path: <bou...@e42.1jour1news.fr> Delivered-To:
>> sebast...@wolfgarten.com Received: from waldfest (localhost
>> [127.0.0.1]) by waldfest.wolfgarten.com (Postfix) with ESMTP id
>> 4154D704B9 for <sebast...@wolfgarten.com>; Sun, 31 Jan 2016
>> 11:06:58 +0100 (CET) X-Quarantine-ID: <xg91jhFD9UJP> Received: from
>> waldfest.wolfgarten.com ([127.0.0.1]) by waldfest
>> (waldfest.wolfgarten.com [127.0.0.1]) (amavisd-new, port 10024)
>> with LMTP id xg91jhFD9UJP for <sebast...@wolfgarten.com>; Sun, 31
>> Jan 2016 11:06:44 +0100 (CET) X-Greylist: delayed 300 seconds by
>> postgrey-1.36 at waldfest; Sun, 31 Jan 2016 11:06:44 CET Received:
>> from e42.1jour1news.fr (e42.1jour1news.fr [62.210.13.102]) by
>> waldfest.wolfgarten.com (Postfix) with ESMTP id A6750704AC for
>> <sebast...@wolfgarten.com>; Sun, 31 Jan 2016 11:06:44 +0100 (CET)
>> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key;
>> d=e42.1jour1news.fr;
>> h=List-Unsubscribe:Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type;
>> i=s...@e42.1jour1news.fr; bh=zQj93n30egRyo2hFB5OnJZSylLw=;
>> b=FSLGriDlKRcl/NXBkxXU7ANj7JEO3+ltGllwY3hZu2bXxjJLXjFbz+fTZljB2BHbYMaKFmZxd6cF
>>
>>
> 6OhoV689FNZPqC1SBUt7rA2qMTRP0gqpuCGkMqTZ9KaSObrSNlZgCsxnsOuLWt7zrjF1OHL6jT8C
>> y0Nre8XUjO0vR+d2Jbs= DomainKey-Signature: a=rsa-sha1; c=nofws;
>> q=dns; s=key; d=e42.1jour1news.fr;
>> b=Y4c0lfDPkQ4YaimLaY4exKzB9WpnZVLpQ+HP7976BIB5gFzWEIF+n9wYB7afXxThUNNWaomOHcJs
>>
>>
> LxgAMqLl9nmkNLI6FRS0zn3cC/Pq8wUoUxdhyity3JWxiTo3q12ZP2/UxsYaOcWccB03Ch8VsB2u
>> 9dhJQsHlnHCxcvj2Grs=; List-Unsubscribe:
>> <http://link.lilinews.fr/t/u/mT2NTvqG3IQSUL1gyO7Px8zP42vuolnECda87eT2bELfB63CFJolSx2R-d9wMmfhSsIzs-RQFBJ7mGmt1RffM79Wt7YeSHwsbbVWTpjRwEE>
>>
>>
> Message-ID: <1454234504.tinkiwinkilalapo56addb880b...@link.lilinews.fr>
>> Date: Sun, 31 Jan 2016 11:01:44 +0100 Subject:
>> =?UTF-8?Q?15=E2=82=AC?= offerts sur la nouvelle collection
>>
>> Finally, here is Postfix config:
>>
>> alias_maps =
>> hash:/etc/aliases,mysql:/etc/postfix/mysql_virtual_alias_maps.cf
>> body_checks =
>> pcre:/etc/postfix/body_checks,pcre:/etc/postfix/bad_urls
>> canonical_maps = regexp:/etc/postfix/rewrite command_directory =
>> /usr/sbin config_directory = /etc/postfix content_filter =
>> amavisfeed:[127.0.0.1]:10024 daemon_directory =
>> /usr/libexec/postfix data_directory = /var/db/postfix
>> debug_peer_level = 2 debugger_command =
>> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
>> $daemon_directory/$process_name $process_id & sleep 5
>> default_destination_concurrency_limit = 20
>> dovecot_destination_recipient_limit = 1 header_checks =
>> pcre:/etc/postfix/header_checks html_directory =
>> /usr/share/doc/postfix in_flow_delay = 1s inet_interfaces = all
>> inet_protocols = ipv4 local_destination_concurrency_limit = 2
>> mail_owner = postfix mail_spool_directory = /var/mail
>> mailbox_size_limit = 0 mailq_path = /usr/bin/mailq
>> manpage_directory = /usr/share/man message_size_limit = 0
>> milter_default_action = accept milter_protocol = 2
>> mlmmj_destination_recipient_limit = 1 mydestination = $myhostname,
>> sms.wolfgarten.com mydomain = wolfgarten.com myhostname =
>> waldfest.wolfgarten.com mynetworks = ***REMOVED*** mynetworks_style
>> = host myorigin = $myhostname newaliases_path =
>> /usr/bin/newaliases non_smtpd_milters = $smtpd_milters
>> propagate_unmatched_extensions = virtual queue_directory =
>> /var/spool/postfix readme_directory = /usr/share/doc/postfix
>> receive_override_options = no_address_mappings recipient_delimiter
>> = + sample_directory = /etc/postfix sendmail_path =
>> /usr/sbin/sendmail setgid_group = maildrop smtpd_banner =
>> $myhostname ESMTP smtpd_helo_required = yes smtpd_milters =
>> inet:127.0.0.1:8891 smtpd_recipient_restrictions =
>> permit_mynetworks, reject_non_fqdn_sender,
>> reject_non_fqdn_recipient, permit_sasl_authenticated,
>> reject_unauth_destination, reject_unauth_pipelining,
>> reject_invalid_hostname, reject_unknown_sender_domain,
>> check_sender_access hash:/etc/postfix/sender_access,
>> check_client_access cidr:/etc/postfix/access-client,
>> reject_rbl_client b.barracudacentral.org, reject_rbl_client
>> sbl-xbl.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net,
>> reject_rbl_client bl.spamcop.net, reject_rbl_client
>> cbl.abuseat.org, reject_rbl_client truncate.gbudb.net,
>> reject_rbl_client dul.dnsbl.sorbs.net, check_policy_service
>> inet:127.0.0.1:10023 smtpd_reject_unlisted_sender = yes
>> smtpd_relay_restrictions = permit_mynetworks,
>> permit_sasl_authenticated, reject_unauth_destination
>> smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth
>> smtpd_sasl_type = dovecot smtpd_sender_restrictions =
>> check_sender_access hash:/etc/postfix/sender_access,
>> permit_sasl_authenticated, permit_mynetworks,
>> reject_unauth_destination, reject_non_fqdn_recipient,
>> reject_unknown_recipient_domain, reject_unknown_sender_domain,
>> reject_non_fqdn_sender soft_bounce = no transport_maps =
>> regexp:/etc/postfix/transport,hash:/var/spool/mlmmj/transport
>> unknown_local_recipient_reject_code = 550 virtual_alias_maps =
>> hash:/etc/postfix/virtual,hash:/var/spool/mlmmj/virtual,mysql:/etc/postfix/mysql_virtual_alias_maps.cf
>>
>>
> virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf
>> virtual_mailbox_maps =
>> mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport
>> = dovecot
>>
>> Thank you.
>>
>> Best regards Sebastian
>>
>
signature.asc
Description: Message signed with OpenPGP using GPGMail
