Loading ...
Sorry, an error occurred while loading the content.

if endif

Expand Messages
  • <gle@...>
    Wietse, Thank you for adding if-endif to header and body checks. A report on About.com states that in 2010 there were about 294 billion emails sent per day,
    Message 1 of 2 , Oct 12, 2013
    • 0 Attachment

      Wietse,

       

      Thank you for adding if-endif to header and body checks. A report on About.com states that in 2010 there were about 294 billion emails sent per day, 90% of which were spam. With numbers like that, trying to go through and blacklist individual IP addresses or users is a waste of time. Spam through here had become such a nightmare that a few years back I informed all my clients that I was done hosting email. I kept the accounts for the Mrs. and myself active, but there continued to be so much spam and gray mail that we quit checking our accounts.

       

      Recently I've had a couple of hard drives crash on the servers. So in the process of replacing the hard drives and reinstalling PostFix, I stumbled across your if-endif conditional. Experimenting with it, I've been able to close the door to world wide access to my email accounts and only allow certain users by placing whitelisted conditions up front, and blocking everyone else. The REJECT action includes instructions how to bypass the filter:

       

      if /\w+/

       

      /lan-server-1/      OK

      /lan-server-2/      OK

      /lan-server-3/      OK

       

      /debian/            OK

      /dovecot/           OK

      /fvwm/              OK

      /mybank/            OK

      /myemployer/        OK

      /postfix/           OK

       

       

      if /^Subject/

       

      !/\[Key Word\]/     REJECT "UNAUTHORIZED MAIL. To bypass the spam filter, include the following anywhere in the Subject line: [Key Word]"

       

      endif

       

      endif

       

      If I understand correctly, without the if-endif conditional, the only way to exit header_checks before reaching the end of the file is if a REJECT action is matched. There's no way for me to say "This email is from my wife, so accept the email and exit header_checks immediately":

       

      /my.wife@.../  ACCEPT

       

      But with the if-endif conditional, I can use it to dump out of the check if a "white listed" condition is met.

       

      Glen

       

       

       

    • Wietse Venema
      ... According to http://www.postfix.org/CONTENT_INSPECTION_README.html, header_checks and body_checks implement light-weight content inspection. If you have a
      Message 2 of 2 , Oct 13, 2013
      • 0 Attachment
        gle@...:
        > If I understand correctly, without the if-endif conditional, the only way to
        > exit header_checks before reaching the end of the file is if a REJECT action
        > is matched. There's no way for me to say "This email is from my wife, so
        > accept the email and exit header_checks immediately":

        According to http://www.postfix.org/CONTENT_INSPECTION_README.html,
        header_checks and body_checks implement light-weight content
        inspection. If you have a spam problem, use a real content filter.

        Most header_checks and body_checks actions say "do X and inspect
        the next input line". Only a few actions are "final", including
        DISCARD and REJECT.

        Also as documented, if-endif have line scope, not message scope.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.