Postfix header check to reject certain senders

Glenn Steen glenn.steen at gmail.com
Tue Jul 17 14:05:14 IST 2007


On 17/07/07, Gareth <list-mailscanner at linguaphone.com> wrote:
> On Tue, 2007-07-17 at 12:55, Glenn Steen wrote:
> > On 17/07/07, Gareth <list-mailscanner at linguaphone.com> wrote:
> > > A bit off topic but you are normally a friendly bunch :)
> > >
> > > I am trying to get postfix () to reject mail from certain senders rather
> > > than accept and then delete it in mailscanner.
> > >
> > > One such mail has the following in the headers:-
> > > From: root at adsl.linguaphone.com
> > > To: root at adsl.linguaphone.com
> > > Subject: adsl.linguaphone.com security run output
> > >
> > > I have my postfix header checks set to use regexp matching and the file
> > > contains :-
> > >
> > > /^From:.*\@adsl\.linguaphone\,com/                      REJECT Sender
> > > address blacklisted.
> > > /^Received:/ HOLD
> > >
> > > The problem is that the mail I am trying to block is not being rejected.
> > > All mail is being put in the hold queue and Mailscanner working
> > > correctly so header checks are working.
> > > Have I done something wrong with the syntax?
> > >
> > Look at rejecting the _envelope_ sender instead. That From: is
> > probably spoofed to high heaven:-).
> >
> > Also, this should be done in the access map instead.
> > ... Then again, I'm on vacation, so the brain might be sligtly turned
> > off (more than usual, that is:-).
>
> ok I added :-
> smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
>
> then added the following line to the access file :-
> adsl.linguaphone.com                      REJECT Sender address
> blacklisted.
>
> I then used postmap and restarted postfix but the mail is still being
> accepted. I configured a copy of outlook with that email address for
> testing purposes.
>
> Any ideas?
>
Ok, might be your (postfix, implicit) trust rules taking effect before
the access rule (permit_mynetworks ...). See to it that the client
machine isn't part of that trust.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list