On Wed, 18 Dec 2019 13:10:50 -0500
Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> [ I'm on the list, there's no need to Cc: me directly]
>
> On Wed, Dec 18, 2019 at 01:36:17AM -0800, li...@lazygranch.com wrote:
>
> > Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> >
> > > header-checks.pcre:
> > > if /^Reply-To:/
> > > # Adjust to exactly match the observed header
> > > # Includes rule id in reject message
> > > /[:\s<]spammer@example\.net[>\s]/ REJECT 5.7.1 Access
> > > denied R0001 /^/ DUNNO no
> > > more Reply-To rules endif
>
> Note the "Adjust to exactly match ..."
>
> > 1) I don't understand this line:
> > pcre = pcre:${config_directory}/
>
> This is just defines a convenient shorthand. You can then use
> ${pcre} instead of "pcre:${config_directory}/" each time you specify
> a PCRE table.
>
> > header_checks = pcre:/etc/postfix/header_checks.pcre
>
> This uses the expansion rather than the shorthand.
>
> > 4) Here is the entry to reject the reply-to:
> >
> > if /^Reply-To:/
> > /[:\s<]damnspammer\.org[>\s]/ REJECT
> > endif
>
> This has no localpart, so won't match the Reply-To:
>
> > That was a shortened version from Viktor's suggestion. Howver I had
> > also used:
> >
> > if /^Reply-To:/
> > # Adjust to exactly match the observed header
> > # Includes rule id in reject message
> > /[:\s<]reply@mysecuritycamera\.org[>\s]/ REJECT 5.7.1 Access
> > denied R0001 /^/ DUNNO no more
> > Reply-To rules endif
>
> See below.
>
> > Received: from trump.damnspammer.org (ec.compute.amazonaws.com
> > [1.2.3.4]) by www.mydomain.com (Postfix) with ESMTP id 5C82C6F591
> > for <m...@mydomain.com>; Tue, 17 Dec 2019 22:35:52 +0000 (UTC)
> > Subject: "oxygen flow" fruits for better garden performance
> > Reply-To: re...@damnspammer.org
> > To: m...@mydomain.com
>
> In the above "Reply-To" the address has no surrounding "<>" and is
> not followed by anything. Therefore, the PCRE match needs to be made
> a bit more flexible, allowing for the domain part to not have
> anything after it at all:
>
> if /^Reply-To:/
> /[:\s<]reply@mysecuritycamera\.org([>\s]|$)/ REJECT 5.7.1
> Access denied R0001 /^/
> DUNNO no more Reply-To rules endif
>
> To test (this uses the "bash" <(...) inline file syntax):
>
> $ postmap -q 'Reply-To: re...@mysecuritycamera.org' pcre:<(
> printf 'if /^Reply-To:/\n%s %s\n/^/ %s\n%s\n' \
> '/[:\s<]reply@mysecuritycamera\.org([>\s]|$)/' \
> 'REJECT 5.7.1 Access denied R0001' \
> 'DUNNO no more Reply-To rules' \
> 'endif'
> )
>
Well that was weird. Having a lot of faith in your code, I assumed the
cut and paste from email was putting in an invisible character. I kept
getting complaints about an unknow option. I just ended up typing the 4
lines myself. Seems to me you search for the ":" twice, so I need to
study PCRE some more. I got the white space search and end of line
check.
Given the invisible character issue via cut and paste, I
wrote a very small script and just fed the test string right to postfix.
(postmap -q "string" file)
I think is should just discard rather than reject, though reject is
more polite.
Thanks again. Now to wait for the spammer to er um offer me
pills to supercharge my begonia. It won't be a long wait.
