Hi,
thanks for your replies. I took a second look at that spam wave and noticed that the scheme 1. Return-Path: <MAILER-DAEMON> 2. Empty From Field might not actually be true. The From field often contains something, but no FQDN. Postfix rejected the spam correctly when pointed at Azure account IDs in the Received line. So header checks do apply before "Bounce message. Skip". @Nick A check for a valid FQDN in From is in smtpd_sender_restrictions. At the point where it got to bounce message, SPF was skipped. Would OpenDMARC then still work? @John It is a Plesk machine. Spamassassin has many implications there. I might install it again, but will have to check that all the user mailboxes do not get altered. Also I am trying to secure it via postfix only and reject what is unwanted and discard what should be unknown. Works out pretty good so far. A permanent field of work, of course. Greets, Ludi Von: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> Im Auftrag von John Schmerold Gesendet: Montag, 28. Dezember 2020 03:29 An: Nick Tait <n...@tait.net.nz>; postfix-users@postfix.org Betreff: Re: Controlling MS Azure Cloud Spam On 12/27/2020 3:15 PM, Nick Tait wrote: Hi Ludi. One option might be to add OpenDMARC to your implementation? The reason for mentioning this is because in addition to checking DMARC policies, OpenDMARC also has an option to reject any message that doesn't have the mandatory headers according to RFC 5322: RequiredHeaders (Boolean) If set, the filter will ensure the header of the message conforms to the basic header field count restrictions laid out in RFC5322, Section 3.6. Messages failing this test are rejected without further processing. A From: field from which no domain name could be extracted will also be rejected. If I understand the RFC correctly this includes the Date and From headers. Nick. On 26/12/20 6:58 am, ludic...@gmail.com <mailto:ludic...@gmail.com> wrote: Hi, I am seeing a wave of MS Azure Cloud Spam these days. Many of these mails come with a header: 1. Return-Path: <MAILER-DAEMON> 2. Empty From Field They than pass the greylisting filter (and all others it seems) with "Bounce message. Skip." Is there a way to influence this behaviour? Postfix on debian stretch / no Spamassassin. Greets, Ludi You don't say why no Spam-assassin, assuming you're not philosophically opposed to SA, I recommend you add it to the mix. Proxmox Mail Gateway & MailScanner.info are good implementations
