Re: postfix header check question
Hi! Thank you for the examples. But the solution is this not working. I wrote this to the header_checks: /^From: (.*)mailer-dae...@fmfwd00.freemail.hu(.*)$/ REJECT message /^Received: (.*)fmfwd00.freemail.hu(.*)$/ REJECT message Still NDR-s are passing through. Header examples from NDR: Received: from fmfwd00.freemail.hu (195.228.245.78) by DB5EUR02FT025.mail.protection.outlook.com (10.13.58.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.13 via Frontend Transport; Thu, 16 Feb 2023 10:05:29 + Received: by fmfwd00.freemail.hu (Postfix) id 138B5E23C; Thu, 16 Feb 2023 11:05:29 +0100 (CET) Date: Thu, 16 Feb 2023 11:05:29 +0100 (CET) From: mailer-dae...@fmfwd00.freemail.hu (Mail Delivery System) Subject: Undelivered Mail Returned to Sender Why is this still not matching? Thanks. On Tue, Feb 14, 2023 at 10:12 AM Juan Carlos Rey Anaya wrote: > Here are some examples to detect Subject headers: Hope it is useful. > > if /^Subject: / > /Professor Positions - Faculty Positions in Higher Education/ REJECT > subject rejected > /Dear Friend,/REJECT subject rejected > /The closest thing to flying a REAL plane!/REJECT subject rejected > /Your Last Chance/REJECT subject rejected > /wqFIYXN0YSAtMzAlIGVuIHR1cyBjb21wcmFzISBDb24gYWRpZGFzIGVuYW3Ds3JhdGUgZGVsIGRlcG9ydGU=/ > > REJECT subject rejected > endif > > >
Re: postfix header check question
Hello > Hi! > Thank you for the examples. But the solution is this not working. I wrote this > to the header_checks: > /^From: (.*)mailer-dae...@fmfwd00.freemail.hu(.*)$/ REJECT message > /^Received: (.*)fmfwd00.freemail.hu(.*)$/ REJECT message > Still NDR-s are passing through. Header examples from NDR: Add \ before each "."... Eg : /^Received: (.*)fmfwd00\.freemail\.hu(.*)$/ REJECT message Regards /Xavier
Re: Blocking TLDs
On 2/8/2023 1:13 PM, James Pifer wrote:
On 2/8/2023 1:02 PM, Jaroslaw Rafa wrote:
Dnia 8.02.2023 o godz. 12:55:58 James Pifer pisze:
I would prefer to quarantine rather than reject, if I can figure out
how to do that. I would at least be able to look through them
periodically and see if something is legit.
I suddenly started getting these (.store,.shop, etc) a could days
ago. They are all coming from this block of addresses:
107.182.131.0.
So definitely a better idea is to block these IP addresses.
Good suggestion. I have modified accordingly (I think). ;-)
Thanks
So I've had this setup in my main.cf for a couple weeks now. For the
most part it has been working great, but every so often things get
through. Over night I had 5 emails get through from .shop, but they were
from a different network than I was receiving before. Now I'm wondering
if my "check_sender_access inline" is working at all.
Anyone see anything wrong with it or have other suggestions?
smtpd_recipient_restrictions =
check_client_access inline:{
{ 107.182.131 = REJECT This mail server rejects mail
from the 107.182.131.0 network }
}
check_sender_access inline:{
{ .store = REJECT This mail server rejects
messages from the .store domain }
{ .shop = REJECT This mail server rejects
messages from the .shop domain }
{ .tk = REJECT This mail server rejects
messages from the .tk domain }
{ .beauty = REJECT This mail server rejects
messages from the .beauty domain }
}
Example of one that got through:
Feb 16 07:48:41 server2 postfix/smtpd[612125]: connect from
subjectqualify.shop[31.210.23.54]
Feb 16 07:48:41 server2 postfix/smtpd[612125]: discarding EHLO keywords:
CHUNKING
Feb 16 07:48:41 server2 postfix/smtpd[612125]: BBC37406EE01:
client=subjectqualify.shop[31.210.23.54]
Feb 16 07:48:42 server2 postfix/cleanup[612129]: BBC37406EE01:
message-id=
Feb 16 07:48:42 server2 postfix/qmgr[602363]: BBC37406EE01:
from=, size=7508, nrcpt=1 (queue
active)
Feb 16 07:48:51 server2 postfix/relay/smtp[612130]: BBC37406EE01:
to=, relay=192.168.1.8[192.168.1.8]:25, delay=9.9,
delays=1/0.02/5.6/3.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
55693E081CFC)
Feb 16 07:48:51 server2 postfix/qmgr[602363]: BBC37406EE01: removed
Feb 16 07:48:57 server2 postfix/smtpd[612125]: disconnect from
subjectqualify.shop[31.210.23.54] ehlo=1 mail=1 rcpt=1 data=1 quit=1
commands=5
Thanks
Re: Blocking TLDs
On Thu, Feb 16, 2023 at 08:23:00AM -0500, James Pifer wrote:
> Anyone see anything wrong with it or have other suggestions?
>
> smtpd_recipient_restrictions =
> check_client_access inline:{
> { 107.182.131 = REJECT This mail server rejects mail
> from the 107.182.131.0 network }
> }
> check_sender_access inline:{
> { .store = REJECT This mail server rejects messages
> from the .store domain }
> { .shop = REJECT This mail server rejects messages
> from the .shop domain }
> { .tk = REJECT This mail server rejects messages
> from the .tk domain }
> { .beauty = REJECT This mail server rejects messages
> from the .beauty domain }
> }
Don't forget set an empty:
parent_domain_matches_subdomains =
--
Viktor.
Re: postfix header check question
Spam Petya: > Hi! > Thank you for the examples. But the solution is this not working. I wrote > this to the header_checks: > /^From: (.*)mailer-dae...@fmfwd00.freemail.hu(.*)$/ REJECT message > /^Received: (.*)fmfwd00.freemail.hu(.*)$/ REJECT message > > Still NDR-s are passing through. Header examples from NDR: > > From: mailer-dae...@fmfwd00.freemail.hu (Mail Delivery System) Your regular expression matches this just fine: $ cat /path/to/file /^From: (.*)mailer-dae...@fmfwd00.freemail.hu(.*)$/ REJECT message $ postmap -q - regexp:/path/to/file <
Re: Blocking TLDs
On 2/16/2023 9:21 AM, Viktor Dukhovni wrote:
On Thu, Feb 16, 2023 at 08:23:00AM -0500, James Pifer wrote:
Anyone see anything wrong with it or have other suggestions?
smtpd_recipient_restrictions =
check_client_access inline:{
{ 107.182.131 = REJECT This mail server rejects mail
from the 107.182.131.0 network }
}
check_sender_access inline:{
{ .store = REJECT This mail server rejects messages
from the .store domain }
{ .shop = REJECT This mail server rejects messages
from the .shop domain }
{ .tk = REJECT This mail server rejects messages
from the .tk domain }
{ .beauty = REJECT This mail server rejects messages
from the .beauty domain }
}
Don't forget set an empty:
parent_domain_matches_subdomains =
Where should that go exactly?
Re: Blocking TLDs
James Pifer: > On 2/16/2023 9:21 AM, Viktor Dukhovni wrote: > > Don't forget set an empty: > > > > parent_domain_matches_subdomains = > > > > Where should that go exactly? In main.cf. Wietse
Re: Blocking TLDs
On 2/16/2023 9:56 AM, Wietse Venema wrote: James Pifer: On 2/16/2023 9:21 AM, Viktor Dukhovni wrote: Don't forget set an empty: parent_domain_matches_subdomains = Where should that go exactly? In main.cf. Wietse I should have been more specific. Where in main.cf should it go? Does it matter?
Re: Blocking TLDs
James Pifer: > On 2/16/2023 9:56 AM, Wietse Venema wrote: > > James Pifer: > >> On 2/16/2023 9:21 AM, Viktor Dukhovni wrote: > >>> Don't forget set an empty: > >>> > >>> parent_domain_matches_subdomains = > >>> > >> Where should that go exactly? > > In main.cf. > > > > Wietse > > I should have been more specific. Where in main.cf should it go? Does it > matter? Before or after smtpd_recipient_restrictions Wietse
Re: different treatment for different From: domains
Wietse Venema wrote on 2/10/23 08:24: D. R. Evans: I have a postfix setup that, for a long time, has done exactly what I want. But now I have to change something and I have no idea how to make this particular change: E-mail from several domains are sourced on my network. Now I need to treat e-mail with the From: line u...@domain1.com differently from e-mail with the From: line otheru...@domain2.com Until now, both those From: lines have been treated the same -- some processing, then mostly sent to a relayhost, with some specific destinations handled via the transport map; but now I need to send all e-mails with the second From: line to a different relayhost from the one that handles the first From: line. There are two features that support sender-dependent routing: sender_dependent_relayhost_maps This looks up a relayhost value that depends on sender. Like relayhost, this uses default_transport. It is seached with the envelope sender address and @domain. sender_dependent_default_transport_maps This overrides transport and destination. It is seached with the envelope sender address and @domain. In most cases, sender_dependent_relayhost_maps will do the job. In a (failed) attempt to get this working, I have added the following to main.cf: sender_dependent_relayhost_maps=hash:/etc/postfix/relayhost_maps I have created the following /etc/postfix/relayhost_maps file: @arrl.net [smtp.pobox.com]:587 I have done the usual postmap /etc/postfix/relayhost_maps and postfix reload but when I try to send an e-mail from my address n...@arrl.net it is still not routed to smtp.pobox.com, but to the server designated on the normal relayhost= line in the main.cf file. Please, what am I doing wrong? The documentation seems pretty sparse in this area, but my interpretation of what I can find is that the changes I have made should work. Thank you for your patience. Doc Evans -- Web: http://enginehousebooks.com/drevans
Re: different treatment for different From: domains
On Thu, Feb 16, 2023 at 11:33:43AM -0700, D. R. Evans wrote: > In a (failed) attempt to get this working, I have added the following to > main.cf: > > sender_dependent_relayhost_maps=hash:/etc/postfix/relayhost_maps Note, this affects recipients that would be routed to the *default* transport and nexthop. > @arrl.net [smtp.pobox.com]:587 > > I have done the usual > > but when I try to send an e-mail from my address n...@arrl.net it is still > not > routed to smtp.pobox.com, but to the server designated on the normal > relayhost= line in the main.cf file. What sort of recipient address did you choose? Is the recipient in the default address class (not local, virtual mailbox, or relay)? Is there a transport table entry for the recipient domain? ... -- Viktor.
