Loading ...
Sorry, an error occurred while loading the content.
 

filtering return-path :

Expand Messages
  • Frank Bonnet
    Hello We are hardly spammed by numerous sources , the FIRST line of each email is like the following Return-Path: The left part of the
    Message 1 of 8 , May 3, 2013
      Hello

      We are hardly spammed by numerous sources , the FIRST line of each email
      is like the following

      Return-Path: <coronaryj@...>

      The left part of the address is constantly changed but the right is always @...

      I would like to discard all that spam, help greatly appreciated

      Thanks by advance
       
    • Noel Jones
      ... The Return-Path: header is added by postfix during delivery, and is equal to the envelope sender address. It s not clear that all @google.com senders are
      Message 2 of 8 , May 3, 2013
        On 5/3/2013 4:01 AM, Frank Bonnet wrote:
        > Hello
        >
        > We are hardly spammed by numerous sources , the FIRST line of each email
        > is like the following
        >
        > Return-Path: <coronaryj@...>
        >
        > The left part of the address is constantly changed but the right is
        > always @...
        >
        > I would like to discard all that spam, help greatly appreciated
        >
        > Thanks by advance
        >


        The Return-Path: header is added by postfix during delivery, and is
        equal to the envelope sender address.

        It's not clear that all @... senders are spam, so there may
        be legit mail caught in the trap. Use with caution.

        You can probably reject most of the spam using a few common and
        relatively safe rules. I would suggest something like this:

        # main.cf
        smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        # next line is considered quite safe
        reject_unknown_reverse_client_hostname
        # next line is safe for most sites
        check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre
        # zen is considered a very safe and effective RBL
        reject_rbl_client zen.spamhaus.org
        # next line rejects all @... senders. May reject legit mail.
        check_sender_access pcre:/etc/postfix/sender.pcre

        ## sender.pcre file contents:
        /@google\.com$/ REJECT suspicious @... sender address
        # while you're at it, reject the current .pw tld spam storm
        /\.pw$/ REJECT ".pw" domains not accepted here

        The fqrdns.pcre file can be downloaded here:
        http://www.hardwarefreak.com/fqrdns.pcre

        If you're uncomfortable with any of the above suggestions, you can
        safely try them out by prepending warn_if_reject, which will log a
        reject_warning:, but not reject the message. Like this:
        warn_if_reject reject_rbl_client zen.spamhaus.org


        The above settings require postfix 2.6 or newer, with pcre support.



        -- Noel Jones
      • Wolfgang Zeikat
        ... Shouldn t the @ be escaped: @ wolfgang
        Message 3 of 8 , May 3, 2013
          In an older episode, on 2013-05-03 16:30, Noel Jones wrote:

          > ## sender.pcre file contents:
          > /@google\.com$/ REJECT suspicious @... sender address

          Shouldn't the @ be escaped: \@

          wolfgang

          > # while you're at it, reject the current .pw tld spam storm
          > /\.pw$/ REJECT ".pw" domains not accepted here
        • Noel Jones
          ... No. This isn t perl. -- Noel Jones
          Message 4 of 8 , May 3, 2013
            On 5/3/2013 9:34 AM, Wolfgang Zeikat wrote:
            > In an older episode, on 2013-05-03 16:30, Noel Jones wrote:
            >
            >> ## sender.pcre file contents:
            >> /@google\.com$/ REJECT suspicious @... sender address
            >
            > Shouldn't the @ be escaped: \@

            No. This isn't perl.



            -- Noel Jones


            >
            > wolfgang
            >
            >> # while you're at it, reject the current .pw tld spam storm
            >> /\.pw$/ REJECT ".pw" domains not accepted here
            >
          • Frank Bonnet
            answer to myself :-) I finally decided to use a body_checks map it works well as the message is always the same CYBERDROID Inc. ... answer to myself :-) I
            Message 5 of 8 , May 3, 2013
              answer to myself :-)

              I finally decided to use a body_checks map

              it works well as the message is always the same

              CYBERDROID Inc.



              Le 03/05/2013 11:01, Frank Bonnet a écrit :
              Hello

              We are hardly spammed by numerous sources , the FIRST line of each email
              is like the following

              Return-Path: <coronaryj@...>

              The left part of the address is constantly changed but the right is always @...

              I would like to discard all that spam, help greatly appreciated

              Thanks by advance



            • Benny Pedersen
              ... reply to you now here ... is it only google.com in body ?, not return-path ? but if its body, why not learn how to create an clamav signature now ? ... --
              Message 6 of 8 , May 3, 2013
                Frank Bonnet skrev den 2013-05-03 21:32:
                > answer to myself :-)

                reply to you now here

                > I finally decided to use a body_checks map

                is it only google.com in body ?, not return-path ?

                but if its body, why not learn how to create an clamav signature now ?
                :)

                --
                senders that put my email into body content will deliver it to my own
                trashcan, so if you like to get reply, dont do it
              • Benny Pedersen
                ... http://dmarcian.com/spf-survey/google.com no need to hard-reject it, are there legit google spam anywhere ? -- senders that put my email into body content
                Message 7 of 8 , May 4, 2013
                  Noel Jones skrev den 2013-05-03 16:30:

                  > ## sender.pcre file contents:
                  > /@google\.com$/ REJECT suspicious @... sender address

                  http://dmarcian.com/spf-survey/google.com

                  no need to hard-reject it, are there legit google spam anywhere ?

                  --
                  senders that put my email into body content will deliver it to my own
                  trashcan, so if you like to get reply, dont do it
                • Benny Pedersen
                  ... have you seen google.com spam where it gets spf pass ? -- senders that put my email into body content will deliver it to my own trashcan, so if you like to
                  Message 8 of 8 , May 4, 2013
                    Noel Jones skrev den 2013-05-03 16:36:

                    > No. This isn't perl.

                    have you seen google.com spam where it gets spf pass ?

                    --
                    senders that put my email into body content will deliver it to my own
                    trashcan, so if you like to get reply, dont do it
                  Your message has been successfully submitted and would be delivered to recipients shortly.