Re: Block email based on reply field

Wed, 18 Dec 2019 10:12:26 -0800 

[ I'm on the list, there's no need to Cc: me directly]

On Wed, Dec 18, 2019 at 01:36:17AM -0800, li...@lazygranch.com wrote:

> Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> 
> >   header-checks.pcre:
> >     if /^Reply-To:/
> >     # Adjust to exactly match the observed header
> >     # Includes rule id in reject message
> >     /[:\s<]spammer@example\.net[>\s]/       REJECT 5.7.1 Access denied R0001
> >     /^/                                     DUNNO no more Reply-To rules
> >     endif

Note the "Adjust to exactly match ..."

> 1) I don't understand this line:
> pcre = pcre:${config_directory}/

This is just defines a convenient shorthand.  You can then use ${pcre} instead
of "pcre:${config_directory}/" each time you specify a PCRE table.

> header_checks = pcre:/etc/postfix/header_checks.pcre

This uses the expansion rather than the shorthand.

> 4) Here is the entry to reject the reply-to:
> 
> if /^Reply-To:/
> /[:\s<]damnspammer\.org[>\s]/ REJECT
> endif

This has no localpart, so won't match the Reply-To:

> That was a shortened version from Viktor's suggestion. Howver I had
> also used:
> 
> if /^Reply-To:/
> # Adjust to exactly match the observed header
> # Includes rule id in reject message
> /[:\s<]reply@mysecuritycamera\.org[>\s]/       REJECT 5.7.1 Access denied 
> R0001
> /^/                                    DUNNO no more Reply-To rules
> endif

See below.

> Received: from trump.damnspammer.org (ec.compute.amazonaws.com [1.2.3.4])
>  by www.mydomain.com (Postfix) with ESMTP id 5C82C6F591
>  for <m...@mydomain.com>; Tue, 17 Dec 2019 22:35:52 +0000 (UTC)
> Subject: "oxygen flow" fruits for better garden performance
> Reply-To: re...@damnspammer.org
> To: m...@mydomain.com

In the above "Reply-To" the address has no surrounding "<>" and is not followed
by anything.  Therefore, the PCRE match needs to be made a bit more flexible,
allowing for the domain part to not have anything after it at all:

    if /^Reply-To:/
    /[:\s<]reply@mysecuritycamera\.org([>\s]|$)/    REJECT 5.7.1 Access denied 
R0001
    /^/                                             DUNNO no more Reply-To rules
    endif

To test (this uses the "bash" <(...) inline file syntax):

    $ postmap -q 'Reply-To: re...@mysecuritycamera.org' pcre:<(
          printf 'if /^Reply-To:/\n%s %s\n/^/ %s\n%s\n' \
            '/[:\s<]reply@mysecuritycamera\.org([>\s]|$)/' \
            'REJECT 5.7.1 Access denied R0001' \
            'DUNNO no more Reply-To rules' \
            'endif'
        )

-- 
    Viktor.

Reply via email to