Re: spam from own email address
On Tue, 23 Apr 2019 at 18:35, Bill Cole < postfixlists-070...@billmail.scconsult.com> wrote: > On 23 Apr 2019, at 11:46, John Peach wrote: > > > On 4/23/19 11:39 AM, Paul wrote: > >> Yes I agree with Kevin here, the best solution to this problem is an > >> spf record set to reject mail from any ip that’s not in your > >> allowed list of ips for your domain. Forging a from address is very > >> easy and is one of the main purposes of why spf was created. > > > > There is no need to go to those lengths - assuming that all your own > > email is being submitted over port 587, include -o > > receive_override_options=no_header_body_checks in the master.cf entry > > for submission and use a PCRE header checks file for port 25. > > > > /^From:.*\@example\.com/REJECT > > > > So you don't want to accept messages you or anyone else in your domain > posts to a mailing list such as this one? > I'm quite happy with this in principle (though my actual regex is a little more complicated), but I am only maintaining a few domains for use within our organisation, and I am the only person using mailing lists. Most mailing lists (but not this one, alas, AFAIK) offer a setting to turn off resending of one's own postings back to oneself.
Re: spam from own email address
On 23/04/2019 18:34, Bill Cole wrote:
On 23 Apr 2019, at 11:46, John Peach wrote:
On 4/23/19 11:39 AM, Paul wrote:
Yes I agree with Kevin here, the best solution to this problem is an
spf record set to reject mail from any ip that’s not in your allowed
list of ips for your domain. Forging a from address is very easy and
is one of the main purposes of why spf was created.
There is no need to go to those lengths - assuming that all your own
email is being submitted over port 587, include -o
receive_override_options=no_header_body_checks in the master.cf entry
for submission and use a PCRE header checks file for port 25.
/^From:.*\@example\.com/REJECT
So you don't want to accept messages you or anyone else in your domain
posts to a mailing list such as this one?
Seems risky...
I hadn't thought of that, so thanks Bill for pointing it out.
To the top of my pcre header_checks file, I have added ;
/^List-ID:.*Postfix users /OK
I think this is destined to fail though???
header_checks.5' states :
'Each message header or message body line is compared against a
list of patterns.'
Because "From:" will come before "List-Id:" in the message body, a
"From:" containing my domain should match a REJECT line before an OK
from List-ID.
However, further down header_checks.5 under 'Table search Order' it says:
' When a pattern is found that matches the input line, the
corresponding action is executed and then the next input line is
inspected.'
So if the action is executed, goodbye message, but if header checks
continues to check the following lines it will find an OK by List-Id.
I suspect that I will not receive a copy this message, but don't know
for sure. One way to find out {SEND}.
Best wishes,
Mick.
Re: spam from own email address
On 23/04/2019 18:34, Bill Cole wrote: On 23 Apr 2019, at 11:46, John Peach wrote: On 4/23/19 11:39 AM, Paul wrote: Yes I agree with Kevin here, the best solution to this problem is an spf record set to reject mail from any ip that’s not in your allowed list of ips for your domain. Forging a from address is very easy and is one of the main purposes of why spf was created. There is no need to go to those lengths - assuming that all your own email is being submitted over port 587, include -o receive_override_options=no_header_body_checks in the master.cf entry for submission and use a PCRE header checks file for port 25. /^From:.*\@example\.com/REJECT So you don't want to accept messages you or anyone else in your domain posts to a mailing list such as this one? Seems risky... As per B. Reino's suggestion of header check white list, is there any reason the following main.cf config should not be used ? header_checks = pcre:/etc/postfix/header_checks_pass pcre:/etc/postfix/header_checks_fail Best wishes, Mick.
Re: spam from own email address
On 24 Apr 2019, at 16:04, Mick wrote: On 23/04/2019 18:34, Bill Cole wrote: On 23 Apr 2019, at 11:46, John Peach wrote: On 4/23/19 11:39 AM, Paul wrote: Yes I agree with Kevin here, the best solution to this problem is an spf record set to reject mail from any ip that’s not in your allowed list of ips for your domain. Forging a from address is very easy and is one of the main purposes of why spf was created. There is no need to go to those lengths - assuming that all your own email is being submitted over port 587, include -o receive_override_options=no_header_body_checks in the master.cf entry for submission and use a PCRE header checks file for port 25. /^From:.*\@example\.com/REJECT So you don't want to accept messages you or anyone else in your domain posts to a mailing list such as this one? Seems risky... As per B. Reino's suggestion of header check white list, is there any reason the following main.cf config should not be used ? header_checks = pcre:/etc/postfix/header_checks_pass pcre:/etc/postfix/header_checks_fail Yes: it is a generally bad idea to use header_checks to whitelist anything. For the details on why, see the documentation in the header_checks man page and BUILTIN_FILTER_README. If you want *GOOD* filtering, use a milter or SMTP proxy filter. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole
Re: spam from own email address
On 24/04/2019 21:51, Bill Cole wrote: On 24 Apr 2019, at 16:04, Mick wrote: On 23/04/2019 18:34, Bill Cole wrote: On 23 Apr 2019, at 11:46, John Peach wrote: On 4/23/19 11:39 AM, Paul wrote: Yes I agree with Kevin here, the best solution to this problem is an spf record set to reject mail from any ip that’s not in your allowed list of ips for your domain. Forging a from address is very easy and is one of the main purposes of why spf was created. There is no need to go to those lengths - assuming that all your own email is being submitted over port 587, include -o receive_override_options=no_header_body_checks in the master.cf entry for submission and use a PCRE header checks file for port 25. /^From:.*\@example\.com/REJECT So you don't want to accept messages you or anyone else in your domain posts to a mailing list such as this one? Seems risky... As per B. Reino's suggestion of header check white list, is there any reason the following main.cf config should not be used ? header_checks = pcre:/etc/postfix/header_checks_pass pcre:/etc/postfix/header_checks_fail Yes: it is a generally bad idea to use header_checks to whitelist anything. Thanks Bill. For the details on why, see the documentation in the header_checks man page and BUILTIN_FILTER_README. If you want *GOOD* filtering, use a milter or SMTP proxy filter. I thought header checks were carried out after all the other smtp restrictions had passed therefore I didn't see the harm in an 'OK' for a message header at this stage. That's why it's good to ask. I will the remove the white list and have thorough read to weigh up the cons and pros before deciding what to do next. The purpose of my white list was to avoid Postfix-users List-Id: (and other lists) being kicked out due to the sender using my domain in the from field, but it failed and my last message was rejected in any case. If there is a simple pre-queue filter to be had that could block forged message header From:, but allow when selected list IDs come knocking, I'd give it a try. I did try Amavis and Spamassassin, but they brought my limited resource VPS to its knees with 98% memory usage. Thanks again, Mick.
sieve commands
Hi, Am trying to setup some server side rules using sieve. It seems to work for junk/spamassassin. My question is, using the fileinto command...and I want to send it into a subdirectory, would I use a . or a /? fileinto: "admin.postfix"; or fileinto: "admin/postfix"; assuming there is a folder in my mailbox named admin, and subdirectories within it. Thanks.
Re: sieve commands
Just some follow up. fileinto: "INBOX.admin.postfix"; stop; not sure if the 'INBOX' part is required? -Original Message- From: Esteban L Reply-to: este...@little-beak.com To: Postfix users Subject: sieve commands Date: Thu, 25 Apr 2019 00:27:03 +0200 Hi, Am trying to setup some server side rules using sieve. It seems to work for junk/spamassassin. My question is, using the fileinto command...and I want to send it into a subdirectory, would I use a . or a /? fileinto: "admin.postfix"; or fileinto: "admin/postfix"; assuming there is a folder in my mailbox named admin, and subdirectories within it. Thanks.
Re: sieve commands
On 24 Apr 2019, at 18:27, Esteban L wrote: Hi, Am trying to setup some server side rules using sieve. Postfix does not have any support for Sieve. Whatever Sieve implementation you are using probably has its own support channels. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole
Re: sieve commands
Thanks for the info Mr. Cole. I will find another the answer through an other avenue. -Original Message- From: Bill Cole Reply-to: "Postfix users" To: Postfix users Subject: Re: sieve commands Date: Wed, 24 Apr 2019 19:00:56 -0400 On 24 Apr 2019, at 18:27, Esteban L wrote: > Hi, > > Am trying to setup some server side rules using sieve. Postfix does not have any support for Sieve. Whatever Sieve implementation you are using probably has its own support channels.
Re: spam from own email address
Mick: > I thought header checks were carried out after all the other smtp > restrictions had passed therefore I didn't see the harm in an 'OK' for a > message header at this stage. Correct, but the OK action applies only to that header, not the message. The Postfix 3.2 PASS action applies to the message, but remains unused when a REJECT pattern is matched earlier. Wietse
Re: spam from own email address
On 25/04/2019 00:21, Wietse Venema wrote: Mick: I thought header checks were carried out after all the other smtp restrictions had passed therefore I didn't see the harm in an 'OK' for a message header at this stage. Correct, but the OK action applies only to that header, not the message. Thanks Wietse, that makes sense now. I think you're saying : Regardless of whether the first file (white list) matched an OK from List-Id:, the second file (black list) would still be checked. As the 'OK' only applied the List-Id: header, if the second header checks file matches a reject pattern other than List-ID, message will be rejected. The Postfix 3.2 PASS action applies to the message, but remains unused when a REJECT pattern is matched earlier. PASS is something I shall look forward to in the next couple of years. For now I'm on 3.1.9 (Debian stable). I don't suppose there's a way to read the status List-Id (possibly matched and OK'd in the first pass - white list) while reading the From in the second pass (black list)? I think not, but asking just to rule it out. Thanks for your explanation as to how it works. Best wishes, Mick. Wietse
