Hello,
I've got two issues. The first is I'm blocking file attachments in the
mime_headers file below. I'd like to allow those attachments but only
for hosts within the domain, so for example us...@example.com can send
us...@example.com a word document.
The second issue is I'm running virtual users out of a mysql database.
I'd like to ensure that each virtual user's mailbox is no larger than
250MB in size. I'm not sure if the settings below allow this?
Thanks.
Dave.
header_checks = pcre:/usr/local/etc/postfix/header_checks,
regexp:/usr/local/etc/postfix/phish419.regexp
mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks
# Virtual mailbox domains
virtual_mailbox_domains =
proxy:mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps =
proxy:mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps =
proxy:mysql:/usr/local/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:999
virtual_gid_maps = static:999
virtual_minimum_uid = 999
# Increase the virtual mailbox limit from 51 mb to 250 mb
virtual_mailbox_limit = 262144000
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
message_size_limit = 52428800
mailbox_size_limit = 52428800
header_checks:
# Reject spam from compromised accounts/hosts
/HELO User/ DISCARD Compromised
host or account spam
/helo=User/ DISCARD Compromised
host or account spam
/Received: from User / DISCARD
Compromised host or account spam
/List-Id: <mfuom.yahoogroups.com>/ REJECT Spam
/Received: from 41(\.\d{1,3}){3}/ DISCARD Likely 419 spam
injection
#/Recieved: from .*\[41(\.\d{1,3}){3}\]/ DISCARD Likely 419
spam injection
/Received: from .*[\[ ]41(\.\d{1,3}){3}[\]\)]/ DISCARD Likely 419
spam injection
#/Received: from .*(\[| )41(\.\d{1,3}){3}(\]|\))/ DISCARD Likely 419
spam injection
/Received: from .*82\.128\.[0-9]{1,3}\.[0-9]{1,3}]/ DISCARD Likely 419
spam injection
/Received: from .*\[202\.190\.[0-9]{1,3}\.[0-9]{1,3}]/ DISCARD Likely
419 spam injection
/Received: from .*aa([0-9]{1,3})msr\.fastwebnet\.it.*/ DISCARD Scam
/Received: from .*ebuy.*/ DISCARD Scam
/Received: from .*farm\.tech\.int\.digex\.com.*/ DISCARD Spam
/Received: from .*cloud-ips\.com/ DISCARD Cloud spam
/Received: from .*213\.134\.6\.29/ REJECT Spam
/Received: from .*ec-messenger\.com/ REJECT Spam
/Received: from .*63\.147\.29\.[0-9]{1,3}/ REJECT Spam source
/Received: from .*hostgator\.com/ DISCARD Likely Spam
/Received: from .*.aweber\.com/ DISCARD Likely spam
/X-Original-IP: .*\[41(\.\d{1,3}){3}\]/ DISCARD Likely 419 spam
injection
/X-Originating-IP: .*\[41(\.\d{1,3}){3}\]/ DISCARD Likely 419
spam injection
/X-OriginatingIP: .*\[41(\.\d{1,3}){3}\]/ DISCARD Likely 419 spam
injection
/X-OriginatingIP: 41\./ DISCARD Likely 419 spam
injection
/X-Originating-IP: .*\[81(\.\d{1,3}){3}\]/ DISCARD Likely
419 spam injection
/X-Originating-IP: .*\[123(\.\d{1,3}){3}\]/ DISCARD Likely scam
/X-Originating-IP: .*124\.13\.[0-9]{1,3}\.[0-9]{1,3}/ DISCARD Likely scam
/X-Originating-IP: .*74\.115\.[0-7]\.[0-9]{1,3}/ DISCARD Likely scam
/X-Originating-IP: .*125\.45\.[0-9]{1,3\.[0-9]{1,3}/ DISCARD Likely spam
/X-OriginatingIP: .*82\.128\.[0-9]{1,3}\.[0-9]{1,3}]/ DISCARD Likely Phish
/X-Originating-IP: .*82\.128\.[0-9]{1,3}\.[0-9]{1,3}]/ DISCARD Likely Phish
/X-Originating-Email: \[carmel...@hotmail.com\]/ DISCARD Nitwit
/From: .*Noel Butler.*/ DISCARD Noel Butler
nitwit
/From: .*noel\.butler@ausics\.net.*/ DISCARD Noel Butler
nitwit
/X-Envelope-Sender: noel\.butler@ausics\.net/ DISCARD Noel
Butler nitwit
/From: .*Nick Edwards.*/ DISCARD Nick
Edwards nitwit
/From: .*nick\.z\.edwards@gmail\.com.*/ DISCARD Nick Edwards
nitwit
/From: .*Wells Fargo.*/ REJECT Probable phish
/From: .*chase online.*/ REJECT Probable phish
/From: .*money.*/ DISCARD Scam
/From: Carmel <carmel_ny@hotmail\.com>/ DISCARD Nitwit
/From: .*mail.ru/ DISCARD Likely Russian
spam
/From: .*lee@yun\.yagibdah\.de/ DISCARD Nitwit
/From: .*yahoogroups\.com/ REJECT Spam
/X-Barracuda-Connect: UNKNOWN/ DISCARD rDNS
required here
/X-Mailer: SmartSend\.2\./ DISCARD Scam
/Return-Path: .*hotmail\.it.*/ DISCARD Likely spam
/Return-Path: .*asda\.com/ REJECT Spam
/Return-Path: .*emaili...@chase.online.com.*/ REJECT Probable phish
/Return-Path: .*wellsfa...@wellsconnect.com.*/ REJECT Probable phish
/Subject:.*western union.*/ DISCARD Scam
/Subject:.*magnum 4d.*/ DISCARD Scam
/Subject:.*winning formula.*/ DISCARD Scam
/Subject:.*your mailbox.*/ DISCARD Scam
/Subject:.*my will.*/ DISCARD probable phish
/Subject:.*chase.*online.*/ DISCARD probable phish
/Subject:.*won.*\$\d.*/ DISCARD probable phish
/Subject:.*win(ner|ing|ning|nning).*/ DISCARD
probable phish
/Subject:.*beneficiary.*/ DISCARD probable phish
/Subject:.*free money.*/ DISCARD probable phish
/Subject:.*loan.*/ DISCARD probable phish
/Subject:.*grant award.*/ DISCARD probable phish
/Subject:.*d(egree|iploma).*/ REJECT Spam
/From:.*payment center.*/ DISCARD Scam
/From: .*@eBuy.*/ DISCARD Scam
/From: .*Radio Tron.*/ DISCARD Spam
/Message-ID: .*squirrel@mail\.t-k\.ru.*/ DISCARD Scam
/Message-ID: .*webmail\.activ8\.net\.au.*/ DISCARD Scam
/Reply-to: .*msnzone\.cn.*/ DISCARD Scam
/Reply-To: .*@eBuy.*/ DISCARD Scam
/Reply-to: .*western.unit11@btinternet\.com.*/ DISCARD Scam
/Reply-to: d\.financialloan1@qualityservice\.com/ DISCARD Loan Spam
/Reply-To: ronaldfinson...@yahoo.co.jp/ REJECT Phish
# Fierce spammer
/From: Fierce/ DISCARD Go away spammer
# encoded subject line
/^Subject: =\?.{6,12}\?/ PREPEND
X-Encoded-Subject: true
/^Received:/ IGNORE
/^User-Agent:/ IGNORE
/^X-Mailer:/ IGNORE
/^X-Originating-IP:/ IGNORE
/^x-cr-[a-z]*:/ IGNORE
/^Thread-Index:/ IGNORE
mime_header_checks:
/filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\"?$/
REJECT For security reasons we reject attachments of this type
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(lnk|asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))"?\s*$/
REJECT Attachment type not allowed. File "$2" has the unacceptable
extension "$3"
