Loading ...
Sorry, an error occurred while loading the content.

header_checks to reject domain

Expand Messages
  • LuKreme
    I tired to post this, but evidently having the word beginning with u and ending with d in the first line of the messages might be a problem, so I am trying to
    Message 1 of 5 , Mar 6, 2013
    • 0 Attachment
      I tired to post this, but evidently having the word beginning with u and ending with d in the first line of the messages might be a problem, so I am trying to post again with that word NOT in the first line. Or the first paragraph.

      Nope. That did not work. Evidently the word is not allowed to appear in any way in any message posted to the list.

      The bad word begins with u and then is followed by n, s, u, b, an archaic word meaning a person who is employed in writing, and then a final d.

      u, n, s, u, b,
      scribe
      d

      I [bad word] from a mailing list but the company continues to send emails, so I was considering adding them to my header_checks.pcre file

      /^Received:.*cinemark\.com / REJECT You refuse to respect [badword-d] requests, welcome to the blacklist.

      But I thought, before I do this, I better double check that this is the best way to do this.

      I am running postfix-2.7.0.1 which I cannot update until I update FreeBSD (it's on the schedule for the end of this month to move to freeBSD-9.1 and postfix 2.10)

      --
      'Now what?' it said. IT'S UP TO YOU. IT'S ALWAYS UP TO YOU. --Maskerade
    • /dev/rob0
      ... Cute. :) ... Almost surely not. You probably want a check_client_access restriction to reject all mail from that[those] IP address[es]. Even a
      Message 2 of 5 , Mar 6, 2013
      • 0 Attachment
        On Wed, Mar 06, 2013 at 11:52:35AM -0700, LuKreme wrote:
        > The bad word begins with u and then is followed by n, s, u, b, an
        > archaic word meaning a person who is employed in writing, and then
        > a final d.
        >
        > u, n, s, u, b,
        > scribe
        > d

        Cute. :)

        > I [bad word] from a mailing list but the company continues to send
        > emails, so I was considering adding them to my header_checks.pcre
        > file
        >
        > /^Received:.*cinemark\.com /
        > REJECT You refuse to respect [badword-d] requests, welcome to
        > the blacklist.
        >
        > But I thought, before I do this, I better double check that this is
        > the best way to do this.

        Almost surely not. You probably want a check_client_access
        restriction to reject all mail from that[those] IP address[es]. Even
        a check_sender_access would be better.

        A good rule of thumb: never do something in the message content if
        you can accomplish the same thing with the envelope. Another one:
        header_checks(5) are rarely useful.

        > I am running postfix-2.7.0.1 which I cannot update until I update
        > FreeBSD (it's on the schedule for the end of this month to move to
        > freeBSD-9.1 and postfix 2.10)
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      • LuKreme
        /dev/rob0 opined on Wednesday 06-Mar-2013@17:26:02 ... I have no way of knowing all the IPs, they use some remailer service, and I don not want to block the
        Message 3 of 5 , Mar 6, 2013
        • 0 Attachment
          /dev/rob0 opined on Wednesday 06-Mar-2013@17:26:02
          > On Wed, Mar 06, 2013 at 11:52:35AM -0700, LuKreme wrote:
          >> The bad word begins with u and then is followed by n, s, u, b, an
          >> archaic word meaning a person who is employed in writing, and then
          >> a final d.
          >>
          >> u, n, s, u, b,
          >> scribe
          >> d
          >
          > Cute. :)
          >
          >> I [bad word] from a mailing list but the company continues to send
          >> emails, so I was considering adding them to my header_checks.pcre
          >> file
          >>
          >> /^Received:.*cinemark\.com /
          >> REJECT You refuse to respect [badword-d] requests, welcome to
          >> the blacklist.
          >>
          >> But I thought, before I do this, I better double check that this is
          >> the best way to do this.
          >
          > Almost surely not. You probably want a check_client_access
          > restriction to reject all mail from that[those] IP address[es]. Even
          > a check_sender_access would be better.

          I have no way of knowing all the IPs, they use some remailer service, and I don not want to block the remailer because they are not the problem.

          > A good rule of thumb: never do something in the message content if
          > you can accomplish the same thing with the envelope. Another one:
          > header_checks(5) are rarely useful.

          I find the date checks useful (to reject messages with future/past dates).


          --
          There's a race of men that don't fit in, A race that can't stay still So
          they break the hearts of kith and kin, And they roam the world at will.
        • Noel Jones
          ... You don t reject based on the IP, you use the client hostname, very likely the same name you re rejecting in your header check. Or use a
          Message 4 of 5 , Mar 6, 2013
          • 0 Attachment
            On 3/6/2013 7:22 PM, LuKreme wrote:
            > /dev/rob0 opined on Wednesday 06-Mar-2013@17:26:02
            >> On Wed, Mar 06, 2013 at 11:52:35AM -0700, LuKreme wrote:
            >>> The bad word begins with u and then is followed by n, s, u, b, an
            >>> archaic word meaning a person who is employed in writing, and then
            >>> a final d.
            >>>
            >>> u, n, s, u, b,
            >>> scribe
            >>> d
            >>
            >> Cute. :)
            >>
            >>> I [bad word] from a mailing list but the company continues to send
            >>> emails, so I was considering adding them to my header_checks.pcre
            >>> file
            >>>
            >>> /^Received:.*cinemark\.com /
            >>> REJECT You refuse to respect [badword-d] requests, welcome to
            >>> the blacklist.
            >>>
            >>> But I thought, before I do this, I better double check that this is
            >>> the best way to do this.
            >>
            >> Almost surely not. You probably want a check_client_access
            >> restriction to reject all mail from that[those] IP address[es]. Even
            >> a check_sender_access would be better.
            >
            > I have no way of knowing all the IPs, they use some remailer service, and I don not want to block the remailer because they are not the problem.
            >

            You don't reject based on the IP, you use the client hostname, very
            likely the same name you're rejecting in your header check.

            Or use a check_sender_access map with the envelope sender address.

            Most remailers use a client or envelope sender name something like
            foo.remailer.com where foo is a unique identifier for that customer,
            allowing you to reject mail from a specific business without
            blacklisting the whole remailer.

            Anyway, if your request isn't honored then it's fair to hold the
            remailer accountable too.


            And it's bad form to ask if there's a better way to do something and
            then argue with the correct answer.


            >> A good rule of thumb: never do something in the message content if
            >> you can accomplish the same thing with the envelope. Another one:
            >> header_checks(5) are rarely useful.
            >
            > I find the date checks useful (to reject messages with future/past dates).


            I used to do that too. Didn't catch much extra spam, but I did
            discover that my coworkers correspond with a surprising number of
            folks who can't set their PC to the right year. Maybe you'll have
            better results.




            -- Noel Jones
          • LuKreme
            Noel Jones opined on Wednesday 06-Mar-2013@20:32:34 ... Ah, that will work. ... Or that. ... Or that as well. ... Well, yes, but when the answer was ‘block
            Message 5 of 5 , Mar 7, 2013
            • 0 Attachment
              Noel Jones opined on Wednesday 06-Mar-2013@20:32:34
              > On 3/6/2013 7:22 PM, LuKreme wrote:
              >> /dev/rob0 opined on Wednesday 06-Mar-2013@17:26:02
              >>
              >> I have no way of knowing all the IPs, they use some remailer service, and I don not want to block the remailer because they are not the problem.
              >>
              >
              > You don't reject based on the IP, you use the client hostname, very
              > likely the same name you're rejecting in your header check.

              Ah, that will work.

              > Or use a check_sender_access map with the envelope sender address.

              Or that.

              > Most remailers use a client or envelope sender name something like
              > foo.remailer.com where foo is a unique identifier for that customer,
              > allowing you to reject mail from a specific business without
              > blacklisting the whole remailer.

              Or that as well.

              > And it's bad form to ask if there's a better way to do something and
              > then argue with the correct answer.
              >
              Well, yes, but when the answer was ‘block based on IPs” that wasn’t going to work for me, even if it was the correct answer.

              Thanks to both of you.

              >> I find the date checks useful (to reject messages with future/past dates).
              >
              > I used to do that too. Didn't catch much extra spam, but I did
              > discover that my coworkers correspond with a surprising number of
              > folks who can't set their PC to the right year. Maybe you'll have
              > better results.

              Been doing it for years. Used to catch a fair amount of spam, but looking at the logs it hasn’t triggered once in 90 days, so I can probably remove it.


              >
              >
              >
              >
              > -- Noel Jones

              --
              Oh never resist an impulse, Sabrina. Especially if it's terrible.
            Your message has been successfully submitted and would be delivered to recipients shortly.