Loading ...
Sorry, an error occurred while loading the content.

Failing header_checks

Expand Messages
  • Bryan Irvine
    I m getting spam that s got obviously fake From: addresses. It s obvious they are fake because they are using my real hostname. I tried writing a regexp but
    Message 1 of 7 , Feb 28, 2008
    • 0 Attachment
      I'm getting spam that's got obviously fake From: addresses. It's
      obvious they are fake because they are using my real hostname.

      I tried writing a regexp but it doesn't work. I can make an email
      with an address such as madeup@... and it still delivers.

      in main.cf I've put
      header_checks = regexp:/etc/postfix/header_checks


      and in header_checks:
      /^From: *mx2\.mydomain\.com/ reject my hostname as the from

      -Bryan
    • Noel Jones
      ... Your regexp is wrong. * means zero or more of the proceeding character, use .* when you mean zero or more of anything. /^From: .*@mx2 .example .com/
      Message 2 of 7 , Feb 28, 2008
      • 0 Attachment
        Bryan Irvine wrote:
        > I'm getting spam that's got obviously fake From: addresses. It's
        > obvious they are fake because they are using my real hostname.
        >
        > I tried writing a regexp but it doesn't work. I can make an email
        > with an address such as madeup@... and it still delivers.
        >
        > in main.cf I've put
        > header_checks = regexp:/etc/postfix/header_checks
        >
        >
        > and in header_checks:
        > /^From: *mx2\.mydomain\.com/ reject my hostname as the from
        >
        > -Bryan

        Your regexp is wrong. "*" means zero or more of the
        proceeding character, use ".*" when you mean zero or more of
        anything.

        /^From: .*@mx2\.example\.com/ REJECT invalid From: address

        This is probably better done in a check_sender_access map.


        --
        Noel Jones
      • Bryan Irvine
        ... This didn t work either. ... This is already pointed to a sql query, but the table appears to be missing. :-/ -Bryan
        Message 3 of 7 , Feb 28, 2008
        • 0 Attachment
          On Thu, Feb 28, 2008 at 10:07 AM, Noel Jones <njones@...> wrote:
          >
          > Bryan Irvine wrote:
          > > I'm getting spam that's got obviously fake From: addresses. It's
          > > obvious they are fake because they are using my real hostname.
          > >
          > > I tried writing a regexp but it doesn't work. I can make an email
          > > with an address such as madeup@... and it still delivers.
          > >
          > > in main.cf I've put
          > > header_checks = regexp:/etc/postfix/header_checks
          > >
          > >
          > > and in header_checks:
          > > /^From: *mx2\.mydomain\.com/ reject my hostname as the from
          > >
          > > -Bryan
          >
          > Your regexp is wrong. "*" means zero or more of the
          > proceeding character, use ".*" when you mean zero or more of
          > anything.
          >
          > /^From: .*@mx2\.example\.com/ REJECT invalid From: address

          This didn't work either.

          > This is probably better done in a check_sender_access map.

          This is already pointed to a sql query, but the table appears to be
          missing. :-/

          -Bryan
        • Noel Jones
          ... Then show *exactly* what you are trying to match. ... So make a hash table containing the invalid sender. # main.cf smtpd_sender_restrictions =
          Message 4 of 7 , Feb 28, 2008
          • 0 Attachment
            Bryan Irvine wrote:
            > On Thu, Feb 28, 2008 at 10:07 AM, Noel Jones <njones@...> wrote:
            >> Bryan Irvine wrote:
            >> > I'm getting spam that's got obviously fake From: addresses. It's
            >> > obvious they are fake because they are using my real hostname.
            >> >
            >> > I tried writing a regexp but it doesn't work. I can make an email
            >> > with an address such as madeup@... and it still delivers.
            >> >
            >> > in main.cf I've put
            >> > header_checks = regexp:/etc/postfix/header_checks
            >> >
            >> >
            >> > and in header_checks:
            >> > /^From: *mx2\.mydomain\.com/ reject my hostname as the from
            >> >
            >> > -Bryan
            >>
            >> Your regexp is wrong. "*" means zero or more of the
            >> proceeding character, use ".*" when you mean zero or more of
            >> anything.
            >>
            >> /^From: .*@mx2\.example\.com/ REJECT invalid From: address
            >
            > This didn't work either.

            Then show *exactly* what you are trying to match.


            >
            >> This is probably better done in a check_sender_access map.
            >
            > This is already pointed to a sql query, but the table appears to be
            > missing. :-/

            So make a hash table containing the invalid sender.
            # main.cf
            smtpd_sender_restrictions =
            check_sender_access hash:/etc/postfix/senders

            # senders
            mx2.example.com REJECT invalid sender address

            then run "postmap sender" and "postfix reload"


            --
            Noel Jones
          • Magnus Bäck
            On Thursday, February 28, 2008 at 19:00 CET, ... The * character is not a wildcard character in regular expressions. It means zero, one, or more occurences of
            Message 5 of 7 , Feb 28, 2008
            • 0 Attachment
              On Thursday, February 28, 2008 at 19:00 CET,
              Bryan Irvine <sparctacus@...> wrote:

              > I'm getting spam that's got obviously fake From: addresses. It's
              > obvious they are fake because they are using my real hostname.
              >
              > I tried writing a regexp but it doesn't work. I can make an email
              > with an address such as madeup@... and it still delivers.
              >
              > in main.cf I've put
              > header_checks = regexp:/etc/postfix/header_checks
              >
              >
              > and in header_checks:
              > /^From: *mx2\.mydomain\.com/ reject my hostname as the from

              The * character is not a wildcard character in regular expressions. It
              means "zero, one, or more occurences of the previous token". You
              want this instead:

              /^From: .*@mx2\.mydomain\.com/ reject my hostname as the from

              Are you sure you shouldn't be using check_sender_access instead?

              --
              Magnus Bäck
              magnus@...
            • Bryan Irvine
              ... from the header of the messages: From: LasVegasVacations@mx2.sitecrafting.com my current regexp: /^From: .*mx2 .sitecrafting .com*/ REJECT invalid From:
              Message 6 of 7 , Feb 29, 2008
              • 0 Attachment
                On Thu, Feb 28, 2008 at 10:57 AM, Noel Jones <njones@...> wrote:
                > Bryan Irvine wrote:
                > > On Thu, Feb 28, 2008 at 10:07 AM, Noel Jones <njones@...> wrote:
                > >> Bryan Irvine wrote:
                > >> > I'm getting spam that's got obviously fake From: addresses. It's
                > >> > obvious they are fake because they are using my real hostname.
                > >> >
                > >> > I tried writing a regexp but it doesn't work. I can make an email
                > >> > with an address such as madeup@... and it still delivers.
                > >> >
                > >> > in main.cf I've put
                > >> > header_checks = regexp:/etc/postfix/header_checks
                > >> >
                > >> >
                > >> > and in header_checks:
                > >> > /^From: *mx2\.mydomain\.com/ reject my hostname as the from
                > >> >
                > >> > -Bryan
                > >>
                > >> Your regexp is wrong. "*" means zero or more of the
                > >> proceeding character, use ".*" when you mean zero or more of
                > >> anything.
                > >>
                > >> /^From: .*@mx2\.example\.com/ REJECT invalid From: address
                > >
                > > This didn't work either.
                >
                > Then show *exactly* what you are trying to match.

                from the header of the messages:
                From: LasVegasVacations@...

                my current regexp:
                /^From: .*mx2\.sitecrafting\.com*/ REJECT invalid From: address

                postconf -n:
                alias_database = hash:/etc/aliases
                alias_maps = hash:/etc/aliases
                append_dot_mydomain = yes
                biff = no
                broken_sasl_auth_clients = yes
                config_directory = /etc/postfix
                content_filter = smtp-amavis:[127.0.0.1]:10024
                header_checks = regexp:/etc/postfix/header_checks
                mailbox_command = procmail -a "$EXTENSION"
                mailbox_size_limit = 0
                message_size_limit = 15360000
                mydestination = localhost
                mydomain = sitecrafting.com
                myhostname = mx2.sitecrafting.com
                mynetworks = 127.0.0.0/8, 209.147.120.160/27, 209.147.127.160/27
                myorigin = /etc/mailname
                recipient_delimiter = +
                relay_domains = hash:/etc/postfix/relay_domains
                relayhost =
                smtpd_banner = $myhostname ESMTP $mail_name
                smtpd_client_restrictions = check_client_access
                mysql:/etc/postfix/mysql-access_client.cf
                permit_sasl_authenticated permit_mynetworks
                reject_non_fqdn_hostname reject_rbl_client zen.spamhaus.org
                reject_rbl_client bl.spamcop.net reject_unauth_pipelining
                smtpd_helo_required = yes
                smtpd_recipient_restrictions = check_recipient_access
                mysql:/etc/postfix/mysql-access_recipient.cf permit_mynetworks
                permit_sasl_authenticated reject_unauth_destination
                check_client_access hash:/etc/postfix/client_access
                smtpd_sasl_auth_enable = yes
                smtpd_sender_restrictions = check_sender_access
                mysql:/etc/postfix/mysql-access_sender.cf permit_mynetworks
                permit_sasl_authenticated reject_non_fqdn_hostname
                reject_non_fqdn_sender reject_unknown_sender_domain
                reject_rhsbl_sender zen.spamhaus.org
                smtpd_tls_cert_file = /etc/apache2/ssl/mx2.crt
                smtpd_tls_key_file = /etc/apache2/ssl/mx2.key
                smtpd_use_tls = yes
                transport_maps = hash:/etc/postfix/transports
                virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf
                mysql:/etc/postfix/mysql-virtual_email2email.cf
                virtual_gid_maps = static:1003
                virtual_mailbox_base = /srv/vmail
                virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
                virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
                virtual_uid_maps = static:1003




                > >> This is probably better done in a check_sender_access map.
                > >
                > > This is already pointed to a sql query, but the table appears to be
                > > missing. :-/
                >
                > So make a hash table containing the invalid sender.
                > # main.cf
                > smtpd_sender_restrictions =
                > check_sender_access hash:/etc/postfix/senders
                >
                > # senders
                > mx2.example.com REJECT invalid sender address
                >
                > then run "postmap sender" and "postfix reload"

                I didn't make this system so I'd rather not touch things that connect to SQL.

                -Bryan
              • Noel Jones
                ... Your regexp is sub-optimal, ie. com*/ at the end of the expression matches zero or more m s, so you would match sitecrafting.co and sitecrafting.commmmmm
                Message 7 of 7 , Feb 29, 2008
                • 0 Attachment
                  Bryan Irvine wrote:
                  > On Thu, Feb 28, 2008 at 10:57 AM, Noel Jones <njones@...> wrote:
                  >> Bryan Irvine wrote:
                  >> > On Thu, Feb 28, 2008 at 10:07 AM, Noel Jones <njones@...> wrote:
                  >> >> Bryan Irvine wrote:
                  >> >> > I'm getting spam that's got obviously fake From: addresses. It's
                  >> >> > obvious they are fake because they are using my real hostname.
                  >> >> >
                  >> >> > I tried writing a regexp but it doesn't work. I can make an email
                  >> >> > with an address such as madeup@... and it still delivers.
                  >> >> >
                  >> >> > in main.cf I've put
                  >> >> > header_checks = regexp:/etc/postfix/header_checks
                  >> >> >
                  >> >> >
                  >> >> > and in header_checks:
                  >> >> > /^From: *mx2\.mydomain\.com/ reject my hostname as the from
                  >> >> >
                  >> >> > -Bryan
                  >> >>
                  >> >> Your regexp is wrong. "*" means zero or more of the
                  >> >> proceeding character, use ".*" when you mean zero or more of
                  >> >> anything.
                  >> >>
                  >> >> /^From: .*@mx2\.example\.com/ REJECT invalid From: address
                  >> >
                  >> > This didn't work either.
                  >>
                  >> Then show *exactly* what you are trying to match.
                  >
                  > from the header of the messages:
                  > From: LasVegasVacations@...
                  >
                  > my current regexp:
                  > /^From: .*mx2\.sitecrafting\.com*/ REJECT invalid From: address

                  Your regexp is sub-optimal, ie. com*/ at the end of the
                  expression matches zero or more m's, so you would match
                  sitecrafting.co and sitecrafting.commmmmm
                  But that doesn't really matter in this case. The problem is
                  that the original email is arriving with an unqualified
                  address in the From: header and postfix is adding @myorigin.
                  If you have postfix version 2.2 or newer, add to main.cf
                  remote_header_rewrite_domain = domain.invalid

                  If you have an older postfix, try the following lines. This
                  will remove invalid From: headers so they don't look like they
                  came from your domain. It's unwise to reject such mail
                  because some legit mail arrives this way.

                  IF /^From:/
                  IF !/<>/
                  IF !/^From:[[:space:]]*$/
                  /^[^@]+$/ IGNORE no "@" in From: header
                  /@[^.]+$/ IGNORE unqualified address in From: header
                  /<[^>]*$/ IGNORE unbalanced "<>" in From: header
                  ENDIF
                  ENDIF
                  ENDIF

                  Also see:
                  http://www.postfix.org/ADDRESS_REWRITING_README.html#william

                  >>
                  >> So make a hash table containing the invalid sender.
                  >> # main.cf
                  >> smtpd_sender_restrictions =
                  >> check_sender_access hash:/etc/postfix/senders
                  >>
                  >> # senders
                  >> mx2.example.com REJECT invalid sender address
                  >>
                  >> then run "postmap sender" and "postfix reload"
                  >
                  > I didn't make this system so I'd rather not touch things that connect to SQL.
                  >
                  > -Bryan

                  The above doesn't affect SQL, only adds an additional hash
                  lookup table. If you already have a smtpd_sender_restrictions
                  section, just add another check_sender_access line to it.

                  --
                  Noel Jones
                Your message has been successfully submitted and would be delivered to recipients shortly.