Loading ...
Sorry, an error occurred while loading the content.

How to alter message bodies heading to a specific domain?

Expand Messages
  • Scott Harrison
    Hello, I would like to append some text to all mail from my servers to hotmail.com addresses. This should apply to addresses that are explicit
    Message 1 of 15 , Nov 30, 2006
    • 0 Attachment
      Hello,

      I would like to append some text to all mail from my servers to hotmail.com addresses.  This should apply to addresses that are explicit (foo@...) and alias expansions (list@... which expands to foo@..., bar@..., baz@...), and only be applied to hotmail.com addresses.

      I have looked at the FILTER readme and believe I should basically set up a simple shell script filter using those instructions, and make a "filter" entry in my master.cf file for it.  And since I want it only to apply to hotmail.com addresses instead of changing the main.cf entry for smtp to use a content filter should I make a transport map that has something like the following in it:

      hotmail.com filter:dummy

      Is this the correct way to handle this, or is there something else I should be doing?  I am worried that an infinite loop could occur using the transport scenario since I would imagine injecting the mail from the script would cause the transport to be used once again.

      TIA,

      -- 
      ·𐑕𐑒𐑪𐑑 ·𐑣𐑺𐑦𐑕𐑩𐑯 Scott Harrison



    • Noel Jones
      ... This will be a pain, hope it s important. You will need to do this with a transport_maps entry, the FILTER action can t act on expanded aliases. The
      Message 2 of 15 , Nov 30, 2006
      • 0 Attachment
        At 06:19 PM 11/30/2006, Scott Harrison wrote:
        >Hello,
        >
        >I would like to append some text to all mail
        >from my servers to hotmail.com addresses. This
        >should apply to addresses that are explicit
        >(<mailto:foo@...>foo@...) and
        >alias expansions
        >(<mailto:list@...>list@...
        >which expands to
        ><mailto:foo@...>foo@...,
        ><mailto:bar@...>bar@...,
        ><mailto:baz@...>baz@...), and
        >only be applied to hotmail.com addresses.

        This will be a pain, hope it's important.
        You will need to do this with a transport_maps
        entry, the FILTER action can't act on expanded
        aliases. The filter script will then have to
        deliver to a second instance of postfix so you
        don't have a transport loop.

        # transport
        hotmail.com hotfilter:dummy

        # master.cf
        # sample entry, yours may end up looking a little
        different, man 8 pipe
        hotfilter unix - n n - - pipe
        flags=q user=filter argv=/path/to/filter.sh
        -f ${sender} -- ${recipient}

        The filter.sh script is expected to mangle the
        mail and deliver it to another instance of
        postfix for final delivery. The script must use
        the sender and recipient(s) as specified on the
        command line, it cannot make delivery decisions
        based on existing headers in the mail. Note this
        must deliver to a full separate postfix instance,
        not just a listener defined in master.cf.

        --
        Noel Jones
      • Carlos Eduardo R. L. de Miranda
        Hello, Our server is receiving lots of spam messages from servers with Russian domain. I would like to block every message from Russian domains. Postfix 2.3.3
        Message 3 of 15 , Nov 30, 2006
        • 0 Attachment
          Hello,

          Our server is receiving lots of spam messages from servers with Russian
          domain.
          I would like to block every message from Russian domains.

          Postfix 2.3.3 - Fedora Core 6

          main.cf
          smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender,
          reject_non_fqdn_sender, reject_unknown_sender_domain

          sender file:
          /.*@*\.ru$/ REJECT text message

          Command: postmap /etc/postfix/sender
          Service postfix reload

          It is no working. The *.ru domains are accepted and delivered to user.
          Adding "reject" ending the smtpd_sender_restrictions, is not working either.
          Every message is rejected regardless it origin.

          Any help will be appreciated.

          Thank you all,
          Carlos




          _____

          avast! Antivirus <http://www.avast.com> : Outbound message clean.


          Virus Database (VPS): 0652-4, 30/11/2006
          Tested on: 1/12/2006 03:20:57
          avast! - copyright (c) 2000-2006 ALWIL Software.
        • Tony Earnshaw
          ... The above is wrong and obviously won t block anything from anyone. Do you see why? Look again! This will work (tested with pcretest): /^.+@.+ .ru$/ ...
          Message 4 of 15 , Dec 1, 2006
          • 0 Attachment
            Carlos Eduardo R. L. de Miranda wrote:

            > Our server is receiving lots of spam messages from servers with Russian
            > domain.
            > I would like to block every message from Russian domains.
            >
            > Postfix 2.3.3 - Fedora Core 6
            >
            > main.cf
            > smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender,
            > reject_non_fqdn_sender, reject_unknown_sender_domain
            >
            > sender file:
            > /.*@*\.ru$/ REJECT text message

            The above is wrong and obviously won't block anything from anyone. Do
            you see why? Look again!

            This will work (tested with pcretest):
            /^.+@.+\.ru$/

            > Command: postmap /etc/postfix/sender
            > Service postfix reload

            This is a PCRE regexp, don't postmap regexp maps.

            What you're proposing to do is fundamentally flawed. A lot of
            Israeli/French/US/BR/you name it bots send spam with .ru tlds in the
            envelope sender data and a lot of Russian bots and spammers send with
            non-Russian tlds. The only possible way to target Russian spammers
            (which this site actively does) is to note the IP number of EACH and
            EVERY spam message that comes in, go to a good whois database (we use
            http://lacnic.net/cgi-bin/lacnic/whois?lg=EN because it's very fast and
            caches all data from RIPE, APNIC, AFRINIC - everywhere) and block IP
            ranges. It'll take you months to build up a good database, but slowly it
            will begin to work and give you much pleasure. An alternative is to
            download a list of all netblocks allocated to Russia from some source (I
            wouldn't know which) and block all of those. But I'd never do that, I
            only block subnets that have actively sent spam to this site - and I
            have multitudes more blocked subnets from other countries than Russia.

            > It is no working. The *.ru domains are accepted and delivered to user.

            Because you're not blocking them. Don't go this way, anyway ...

            > Adding "reject" ending the smtpd_sender_restrictions, is not working either.
            > Every message is rejected regardless it origin.

            --Tonni

            --
            Tonni Earnshaw
            tonni @ barlaeus.nl
          • Tony Earnshaw
            ... It s your choice ... ... No no - rejecting won t get you blocklisted, there s no backscatter. I do suggest that you use the many other ways Postfix gives
            Message 5 of 15 , Dec 1, 2006
            • 0 Attachment
              Carlos Eduardo R. L. de Miranda wrote:

              > Thank you Tonni for all your information. I know that my approach is not the
              > best but it is what I can do in no time and stop most of the spam that we
              > are getting every hour.

              It's your choice ...

              > Another question:
              > Using REJECT is generating lots of traffic replaing the rejection to the
              > sender and soon we will be RBLed. How can I avoid the server replay? I tried
              > DISCARD and it didn't work.

              No no - rejecting won't get you blocklisted, there's no backscatter.

              I do suggest that you use the many other ways Postfix gives you of
              stopping spam, though, before it ever gets to your filter.

              --Tonni

              --
              Tonni Earnshaw
              tonni @ barlaeus.nl
            • Carlos Eduardo R. L. de Miranda
              Thank you Tonni for all your information. I know that my approach is not the best but it is what I can do in no time and stop most of the spam that we are
              Message 6 of 15 , Dec 1, 2006
              • 0 Attachment
                Thank you Tonni for all your information. I know that my approach is not the
                best but it is what I can do in no time and stop most of the spam that we
                are getting every hour.

                Another question:
                Using REJECT is generating lots of traffic replaing the rejection to the
                sender and soon we will be RBLed. How can I avoid the server replay? I tried
                DISCARD and it didn't work.

                Thank you,
                Carlos

                > -----Mensagem original-----
                > De: owner-postfix-users@... [mailto:owner-postfix-
                > users@...] Em nome de Tony Earnshaw
                > Enviada em: sexta-feira, 1 de dezembro de 2006 06:20
                > Cc: postfix-users@...
                > Assunto: Re: smtpd_sender_restrictions
                >
                > Carlos Eduardo R. L. de Miranda wrote:
                >
                > > Our server is receiving lots of spam messages from servers with Russian
                > > domain.
                > > I would like to block every message from Russian domains.
                > >
                > > Postfix 2.3.3 - Fedora Core 6
                > >
                > > main.cf
                > > smtpd_sender_restrictions = check_sender_access
                > hash:/etc/postfix/sender,
                > > reject_non_fqdn_sender, reject_unknown_sender_domain
                > >
                > > sender file:
                > > /.*@*\.ru$/ REJECT text message
                >
                > The above is wrong and obviously won't block anything from anyone. Do
                > you see why? Look again!
                >
                > This will work (tested with pcretest):
                > /^.+@.+\.ru$/
                >
                > > Command: postmap /etc/postfix/sender
                > > Service postfix reload
                >
                > This is a PCRE regexp, don't postmap regexp maps.
                >
                > What you're proposing to do is fundamentally flawed. A lot of
                > Israeli/French/US/BR/you name it bots send spam with .ru tlds in the
                > envelope sender data and a lot of Russian bots and spammers send with
                > non-Russian tlds. The only possible way to target Russian spammers
                > (which this site actively does) is to note the IP number of EACH and
                > EVERY spam message that comes in, go to a good whois database (we use
                > http://lacnic.net/cgi-bin/lacnic/whois?lg=EN because it's very fast and
                > caches all data from RIPE, APNIC, AFRINIC - everywhere) and block IP
                > ranges. It'll take you months to build up a good database, but slowly it
                > will begin to work and give you much pleasure. An alternative is to
                > download a list of all netblocks allocated to Russia from some source (I
                > wouldn't know which) and block all of those. But I'd never do that, I
                > only block subnets that have actively sent spam to this site - and I
                > have multitudes more blocked subnets from other countries than Russia.
                >
                > > It is no working. The *.ru domains are accepted and delivered to user.
                >
                > Because you're not blocking them. Don't go this way, anyway ...
                >
                > > Adding "reject" ending the smtpd_sender_restrictions, is not working
                > either.
                > > Every message is rejected regardless it origin.
                >
                > --Tonni
                >
                > --
                > Tonni Earnshaw
                > tonni @ barlaeus.nl




                _____

                avast! Antivirus <http://www.avast.com> : Outbound message clean.


                Virus Database (VPS): 0652-5, 01/12/2006
                Tested on: 1/12/2006 09:03:42
                avast! - copyright (c) 2000-2006 ALWIL Software.
              • Carlos Eduardo R. L. de Miranda
                Could you give me directions to those many other ways Postfix gives you of ... Thank you, Carlos ... _____ avast! Antivirus : Outbound
                Message 7 of 15 , Dec 1, 2006
                • 0 Attachment
                  Could you give me directions to those " many other ways Postfix gives you of
                  > stopping spam, though, before it ever gets to your filter"?

                  Thank you,
                  Carlos

                  > > Using REJECT is generating lots of traffic replaing the rejection to the
                  > > sender and soon we will be RBLed. How can I avoid the server replay? I
                  > tried
                  > > DISCARD and it didn't work.
                  >
                  > No no - rejecting won't get you blocklisted, there's no backscatter.
                  >
                  > I do suggest that you use the many other ways Postfix gives you of
                  > stopping spam, though, before it ever gets to your filter.
                  >
                  > --Tonni
                  >
                  > --
                  > Tonni Earnshaw
                  > tonni @ barlaeus.nl




                  _____

                  avast! Antivirus <http://www.avast.com> : Outbound message clean.


                  Virus Database (VPS): 0652-5, 01/12/2006
                  Tested on: 1/12/2006 09:54:18
                  avast! - copyright (c) 2000-2006 ALWIL Software.
                • Tony Earnshaw
                  ... Really, this has been discussed almost daily for the time I ve subscribed (years). I ll sum up some of them: client restrictions, helo restrictions, sender
                  Message 8 of 15 , Dec 1, 2006
                  • 0 Attachment
                    Carlos Eduardo R. L. de Miranda wrote:

                    > Could you give me directions to those " many other ways Postfix gives you of
                    >> stopping spam, though, before it ever gets to your filter"?

                    Really, this has been discussed almost daily for the time I've
                    subscribed (years). I'll sum up some of them:
                    client restrictions, helo restrictions, sender restrictions, recipient
                    restrictions, rbl restrictions, policy daemons and milters.

                    Read this, though it's getting a little long in the tooth and you should
                    only use it as a collection of examples:

                    http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

                    Google for Postfix and (anti) UCE ...

                    BTW my MUA (Thunderbird 1.5.0.8) keeps breaking your MS Outlook 11
                    thread, I don't know why ...

                    --Tonni

                    --
                    Tonni Earnshaw
                    tonni @ barlaeus.nl
                  • Jorey Bump
                    ... If you must block by country, use an RBL: http://countries.nerd.dk/ However, I find such RBLs more useful in a scoring system. Here s what I do in my
                    Message 9 of 15 , Dec 1, 2006
                    • 0 Attachment
                      Carlos Eduardo R. L. de Miranda wrote:

                      > Our server is receiving lots of spam messages from servers with Russian
                      > domain.
                      > I would like to block every message from Russian domains.

                      If you must block by country, use an RBL:

                      http://countries.nerd.dk/

                      However, I find such RBLs more useful in a scoring system. Here's what I
                      do in my SpamAssassin local.cf (watch the wrap):

                      # first discover country code of origin using a TXT lookup
                      header RCVD_COUNTRIES eval:check_rbl_txt('nerd-zz',
                      'zz.countries.nerd.dk.')
                      describe RCVD_COUNTRIES Received from countries.nerd.dk
                      tflags RCVD_COUNTRIES net
                      # All countries get a point by default
                      score RCVD_COUNTRIES 1.0

                      # now do a subtest based on the resulting lookup
                      # adjust score apropriately for your user base

                      # Remove the penalty for my own country, the source of most of my mail
                      header RCVD_VIA_US eval:check_rbl_sub('nerd-zz', 'us')
                      describe RCVD_VIA_US Received from United States
                      tflags RCVD_VIA_US net
                      score RCVD_VIA_US -1.0

                      # Remove the penalty for other countries I'm likely to correspond with
                      header RCVD_VIA_CANADA eval:check_rbl_sub('nerd-zz', 'ca')
                      describe RCVD_VIA_CANADA Received from Canada
                      tflags RCVD_VIA_CANADA net
                      score RCVD_VIA_CANADA -1.0

                      # Add additional points for countries that are common sources of spam
                      header RCVD_VIA_RUSSIA eval:check_rbl_sub('nerd-zz', 'ru')
                      describe RCVD_VIA_RUSSIA Received from Russia
                      tflags RCVD_VIA_RUSSIA net
                      score RCVD_VIA_RUSSIA 1.0

                      header RCVD_VIA_NIGERIA eval:check_rbl_sub('nerd-zz', 'ng')
                      describe RCVD_VIA_NIGERIA Received from Nigeria
                      tflags RCVD_VIA_NIGERIA net
                      score RCVD_VIA_NIGERIA 3.0


                      I stick with SpamAssassin's default required_score of 5.0 before a
                      message is marked spam. Note that I don't assign scores that will
                      automatically mark a message as spam (and SpamAssassin scores are not
                      merely additive, negative points are also assigned by some rules). While
                      I do believe that the country of origin can be an indicator of
                      *potential* spamminess, I try to choose weights that will put the score
                      over the top only when combined with other reliable indicators. Also,
                      the situation is constantly improving in some countries, so you
                      shouldn't just set and forget this.

                      Be sure to consider your user base. I have clients whose focus is
                      entirely international, so obviously I do not employ this technique on
                      their sites.
                    • mouss
                      ... Note that /^.+... is almost equivalent to /.+... assuming one doesn t accept nonfqnd addresses, /ru$/ would block more than the posted expression. or if
                      Message 10 of 15 , Dec 1, 2006
                      • 0 Attachment
                        Tony Earnshaw wrote:
                        > Carlos Eduardo R. L. de Miranda wrote:
                        >
                        >> Our server is receiving lots of spam messages from servers with Russian
                        >> domain.
                        >> I would like to block every message from Russian domains.
                        >>
                        >> Postfix 2.3.3 - Fedora Core 6
                        >>
                        >> main.cf
                        >> smtpd_sender_restrictions = check_sender_access
                        >> hash:/etc/postfix/sender,
                        >> reject_non_fqdn_sender, reject_unknown_sender_domain
                        >>
                        >> sender file:
                        >> /.*@*\.ru$/ REJECT text message
                        >
                        > The above is wrong and obviously won't block anything from anyone. Do
                        > you see why? Look again!
                        >
                        > This will work (tested with pcretest):
                        > /^.+@.+\.ru$/

                        Note that
                        /^.+...
                        is almost equivalent to
                        /.+...

                        assuming one doesn't accept nonfqnd addresses,
                        /ru$/
                        would block more than the posted expression. or if you think there will
                        be a tld ending in ru other than .ru, then
                        /.\ru$/


                        but as you say, the sender tld won't help much... OP may want a geo
                        DNSBL such as blackholes.us (Is this still maintained?).
                      • mouss
                        ... Instead of querying a DNSBL: loadplugin Mail::SpamAssassin::Plugin::RelayCountry header COUNTRY_US X-Relay-Countries=~/ bUS b/ describe COUNTRY_US Relayed
                        Message 11 of 15 , Dec 1, 2006
                        • 0 Attachment
                          Jorey Bump wrote:
                          > Carlos Eduardo R. L. de Miranda wrote:
                          >
                          >> Our server is receiving lots of spam messages from servers with Russian
                          >> domain.
                          >> I would like to block every message from Russian domains.
                          >
                          > If you must block by country, use an RBL:
                          >
                          > http://countries.nerd.dk/
                          >
                          > However, I find such RBLs more useful in a scoring system. Here's what
                          > I do in my SpamAssassin local.cf (watch the wrap):
                          >
                          > # first discover country code of origin using a TXT lookup
                          > header RCVD_COUNTRIES eval:check_rbl_txt('nerd-zz',
                          > 'zz.countries.nerd.dk.')
                          > describe RCVD_COUNTRIES Received from countries.nerd.dk
                          > tflags RCVD_COUNTRIES net
                          > # All countries get a point by default
                          > score RCVD_COUNTRIES 1.0

                          Instead of querying a DNSBL:


                          loadplugin Mail::SpamAssassin::Plugin::RelayCountry

                          header COUNTRY_US X-Relay-Countries=~/\bUS\b/
                          describe COUNTRY_US Relayed via United States
                          score COUNTRY_US 0.01
                        • Sheldon T. Hall
                          Quoth mouss ... ... Simpler still, and requiring less horsepower ... get the country IP assignments from http://completewhois.com in a form suitable for use
                          Message 12 of 15 , Dec 1, 2006
                          • 0 Attachment
                            Quoth mouss ...
                            > Jorey Bump wrote:
                            > > Carlos Eduardo R. L. de Miranda wrote:
                            > >
                            > >> Our server is receiving lots of spam messages from servers
                            > >> with Russian domain.
                            > >> I would like to block every message from Russian domains.
                            > >
                            > > If you must block by country, use an RBL:
                            > >
                            > > http://countries.nerd.dk/
                            > >
                            > > However, I find such RBLs more useful in a scoring system.
                            > > Here's what
                            > > I do in my SpamAssassin local.cf (watch the wrap):
                            > >
                            > > # first discover country code of origin using a TXT lookup
                            > > header RCVD_COUNTRIES eval:check_rbl_txt('nerd-zz',
                            > > 'zz.countries.nerd.dk.')
                            > > describe RCVD_COUNTRIES Received from countries.nerd.dk
                            > > tflags RCVD_COUNTRIES net
                            > > # All countries get a point by default
                            > > score RCVD_COUNTRIES 1.0
                            >
                            > Instead of querying a DNSBL:
                            >
                            >
                            > loadplugin Mail::SpamAssassin::Plugin::RelayCountry
                            >
                            > header COUNTRY_US X-Relay-Countries=~/\bUS\b/
                            > describe COUNTRY_US Relayed via United States
                            > score COUNTRY_US 0.01

                            Simpler still, and requiring less horsepower ... get the country IP
                            assignments from http://completewhois.com in a form suitable for use with
                            your firewall, and block port 25 (or everthing) to packets coming from those
                            address blocks. This isn't perfect, but if applied selectively, it really,
                            really cuts down on the crap.

                            I don't see a lot of spam delivered by servers at Russian domains, although
                            I see a lot of spam with forged Russian "from" addresses.

                            -Shel
                          • mouss
                            ... His mail has two Message-Id headers. Message-ID: ... Message-ID: broken
                            Message 13 of 15 , Dec 2, 2006
                            • 0 Attachment
                              Tony Earnshaw wrote:
                              >
                              >
                              > BTW my MUA (Thunderbird 1.5.0.8) keeps breaking your MS Outlook 11
                              > thread, I don't know why ...

                              His mail has two Message-Id headers.

                              Message-ID: <BAY110-DAV4BED20C8242739035454BBADA0@...>
                              ...
                              Message-ID: <004401c71547$d0829ab0$7400a8c0@ws1>

                              broken setup...
                            • Curtis Doty
                              ... Received: from .* by BAY110-DAV4.phx.gbl with DAV; Indeed, the offending relay appears to have been MSN/Hotmail using WebDAV for email submission. ../C
                              Message 14 of 15 , Dec 3, 2006
                              • 0 Attachment
                                1:47am mouss said:

                                > Tony Earnshaw wrote:
                                > >
                                > >
                                > > BTW my MUA (Thunderbird 1.5.0.8) keeps breaking your MS Outlook 11 thread, I
                                > > don't know why ...
                                >
                                > His mail has two Message-Id headers.
                                >
                                > Message-ID: <BAY110-DAV4BED20C8242739035454BBADA0@...>
                                > ...
                                > Message-ID: <004401c71547$d0829ab0$7400a8c0@ws1>
                                >
                                > broken setup...
                                >

                                Received: from .* by BAY110-DAV4.phx.gbl with DAV;

                                Indeed, the offending relay appears to have been MSN/Hotmail using WebDAV
                                for email submission.

                                ../C
                              • R.L. Nevot
                                Hi all ... Lots of responses, but there s something I cannot see. If you are using regular expressions, you must use regexp: or pcre: type maps for regular
                                Message 15 of 15 , Dec 3, 2006
                                • 0 Attachment
                                  Hi all

                                  2006/12/1, Carlos Eduardo R. L. de Miranda <cerlm@...>:
                                  smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender,
                                          reject_non_fqdn_sender, reject_unknown_sender_domain

                                  sender file:
                                  /.*@*\.ru$/     REJECT text message

                                  Command: postmap /etc/postfix/sender
                                           Service postfix reload

                                  It is no working. The *.ru domains are accepted and delivered to user.


                                  Lots of responses, but there's something I cannot see. If you are using regular expressions, you must use regexp: or pcre: type maps for regular expressions to be evaluated. If you use HASH, afaik it wouldn't work.

                                  Regards
                                Your message has been successfully submitted and would be delivered to recipients shortly.