Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Reject mails where "from" is the same as "to"

Status
Not open for further replies.
mcax

mcax

ISP
Oct 4, 2010
2
ES
Hi,

I'm recieving thousands of spams where the "From" is the same as the "To".

I would like to reject it with the header_checks and the regular expressions but i don't get it.

I have tried:

if !/^To:.*@test\.com/
/^From:.*@test\.com/ REJECT
endif

But it doesn't work, I need some help!
 
Sort by date Sort by votes
According to what I have read, one of the limitations, with header checks is that they can only be read one line at a time. Consequently, combining information on the sender and recipient may be difficult to achieve.

Are you trying to use the regex in the smtp_sender_restrictions, or the smtp_recipient_restrictions? One option might be to deliver the message to a pipe process, filter it with your regex expression that returns an error code to reject the message and resubmits it back to the SMTP queue if it is clear. In order to do this you would need to create the two (new) process in master.cf and on the second smtp tell it to bypass your content filter checks.

Are you using any other sort of content filtering such as spamassassin or dspam?
 
Upvote 0 Downvote
Thanks for your reply.

I'm using spamassasin, I read that it coud just read one line at the same time.

The problem is that the mail is very simple and it doesn't seem to be spam, we have done sa-learn with around 10000 mail spams and nothing.

I have thought in resending the mail to another postfix process but i cannot modify all the system.


 
Upvote 0 Downvote
There is a really good chance that the spam client is using something that is invalid or non-standard that you can tell Postfix to trigger on. The trick is figuring out what that something is.

I would suggest looking through the smtpd_recipient_restrictions, smtpd_helo_restrictions, smtpd_client_restrictions, etc and compare what the tag restrictions with what you are seeing in the full message headers. The TO and FROM envelop information is easily spoofed. The actual header data is more difficult. For example, reject if the sender is using an invalid or not fully qualified host name, doesn't have an mx record or something along those lines.

When you start, you will probably want to use the warn-if setting that will log that "if" this setting were active, the message would be rejected and see if you get false positive hits on your valid traffic.

Here is a link to a (big) list of configuration parameters. Maybe something will jump out at you:
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Simon.M
  • Locked
  • Question
Received emails from remote IP addresses and store them in a folder for processing
Replies
0
Views
596
Simon.M
Simon.M
Dolly singh
  • Locked
  • Question
Mails sent successfully but not received neither in inbox, promotion and spam folder
Replies
0
Views
465
Dolly singh
Dolly singh
BJZeak
  • Locked
  • Question
Looking to understand the feasibility of creating a SEND only POSTFIX solution for an IOT (pi) ctrlr
Replies
0
Views
485
BJZeak
BJZeak
litchi
  • Locked
  • Question
SMTP issue need urgent help
Replies
0
Views
500
litchi
litchi
mondji
  • Locked
  • Question
Postfix smarthost: limit the number of message to recipient by time interval
Replies
0
Views
497
mondji
mondji

Part and Inventory Search

Sponsor

Back
Top