Loading ...
Sorry, an error occurred while loading the content.

Re: Failing header_checks

Expand Messages
  • Noel Jones
    ... Your regexp is sub-optimal, ie. com*/ at the end of the expression matches zero or more m s, so you would match sitecrafting.co and sitecrafting.commmmmm
    Message 1 of 7 , Feb 29, 2008
    • 0 Attachment
      Bryan Irvine wrote:
      > On Thu, Feb 28, 2008 at 10:57 AM, Noel Jones <njones@...> wrote:
      >> Bryan Irvine wrote:
      >> > On Thu, Feb 28, 2008 at 10:07 AM, Noel Jones <njones@...> wrote:
      >> >> Bryan Irvine wrote:
      >> >> > I'm getting spam that's got obviously fake From: addresses. It's
      >> >> > obvious they are fake because they are using my real hostname.
      >> >> >
      >> >> > I tried writing a regexp but it doesn't work. I can make an email
      >> >> > with an address such as madeup@... and it still delivers.
      >> >> >
      >> >> > in main.cf I've put
      >> >> > header_checks = regexp:/etc/postfix/header_checks
      >> >> >
      >> >> >
      >> >> > and in header_checks:
      >> >> > /^From: *mx2\.mydomain\.com/ reject my hostname as the from
      >> >> >
      >> >> > -Bryan
      >> >>
      >> >> Your regexp is wrong. "*" means zero or more of the
      >> >> proceeding character, use ".*" when you mean zero or more of
      >> >> anything.
      >> >>
      >> >> /^From: .*@mx2\.example\.com/ REJECT invalid From: address
      >> >
      >> > This didn't work either.
      >>
      >> Then show *exactly* what you are trying to match.
      >
      > from the header of the messages:
      > From: LasVegasVacations@...
      >
      > my current regexp:
      > /^From: .*mx2\.sitecrafting\.com*/ REJECT invalid From: address

      Your regexp is sub-optimal, ie. com*/ at the end of the
      expression matches zero or more m's, so you would match
      sitecrafting.co and sitecrafting.commmmmm
      But that doesn't really matter in this case. The problem is
      that the original email is arriving with an unqualified
      address in the From: header and postfix is adding @myorigin.
      If you have postfix version 2.2 or newer, add to main.cf
      remote_header_rewrite_domain = domain.invalid

      If you have an older postfix, try the following lines. This
      will remove invalid From: headers so they don't look like they
      came from your domain. It's unwise to reject such mail
      because some legit mail arrives this way.

      IF /^From:/
      IF !/<>/
      IF !/^From:[[:space:]]*$/
      /^[^@]+$/ IGNORE no "@" in From: header
      /@[^.]+$/ IGNORE unqualified address in From: header
      /<[^>]*$/ IGNORE unbalanced "<>" in From: header
      ENDIF
      ENDIF
      ENDIF

      Also see:
      http://www.postfix.org/ADDRESS_REWRITING_README.html#william

      >>
      >> So make a hash table containing the invalid sender.
      >> # main.cf
      >> smtpd_sender_restrictions =
      >> check_sender_access hash:/etc/postfix/senders
      >>
      >> # senders
      >> mx2.example.com REJECT invalid sender address
      >>
      >> then run "postmap sender" and "postfix reload"
      >
      > I didn't make this system so I'd rather not touch things that connect to SQL.
      >
      > -Bryan

      The above doesn't affect SQL, only adds an additional hash
      lookup table. If you already have a smtpd_sender_restrictions
      section, just add another check_sender_access line to it.

      --
      Noel Jones
    Your message has been successfully submitted and would be delivered to recipients shortly.