Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] Postfix/How do I reject mail From: sender
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3477

PostPosted: Fri Nov 08, 2024 8:35 pm    Post subject: [solved] Postfix/How do I reject mail From: sender Reply with quote

Long story short I want to make postfix reject incoming mail immediately rather than accept the transfer, filter, and then send a bounce to a possibly spoofed address.
This one is _almost_ there:
Code:
smtpd_relay_restrictions = check_sender_access mysql:/etc/postfix/mysql-blacklist.cf

Almost, because this directive executes my query using the envelope FROM rather than the headers' From:.
Envelope from and header's from don't have to match. In case of the particular entity which prompted me to look into this, they don't, because spam comes from a 3rd party service authorized by the domain owner.

I don't really mind the nuclear option of blacklisting the entire mailing service, but not being able to aim properly is a shame, so give me a hint.
_________________
Make Computing Fun Again


Last edited by szatox on Sun Nov 10, 2024 12:14 pm; edited 1 time in total
Back to top
View user's profile Send private message
grknight
Retired Dev
Retired Dev


Joined: 20 Feb 2015
Posts: 1960

PostPosted: Fri Nov 08, 2024 9:12 pm    Post subject: Reply with quote

man 5 header_checks but be warned. This is not as easy as it appears.

A From header is not required to be a valid message. The From header may be SMTPUTF8 encoded.

Also, header checks examine all headers one at a time and each will reexamine the lookup for an action.
It really should be a pcre: or regexp: table type for speed. You can use anything of course, but traditional databases may bog down mail processing.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3477

PostPosted: Fri Nov 08, 2024 10:02 pm    Post subject: Reply with quote

Thanks, looks promising indeed.
I'm not too worried about performance there, I don't have that many emails. Still, it is worth a note.

Can SMTPUTF8 mangle pure ASCII addresses? I'll be fine as long as the input is predictable, but having multiple possible forms of the same value would really be a problem.
_________________
Make Computing Fun Again
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3477

PostPosted: Sun Nov 10, 2024 12:10 pm    Post subject: Reply with quote

I came up with this:

Code:
query = WITH RECURSIVE
 rxp AS (SELECT REGEXP_REPLACE('%s', 'From: *(.*<(.*)>.*)?','\\2') as sender WHERE '%s' LIKE 'From:%%'),
 list AS ( SELECT sender FROM rxp UNION SELECT REGEXP_REPLACE( sender , '[^@.]*[@.](.*)', '\\1') FROM list  )
 SELECT 'REJECT Sender banned for: SPAM' FROM header_blacklist WHERE header_blacklist.sender IN ( SELECT sender FROM list ) AND header_blacklist.active = TRUE;

Looks complicated, but it's only going to touch a few rows from a single, indexed table, and only when processing the From: header; otherwise it calculates an empty set so there's nothing to look up in the table.
I've been considering turning it into a stored function, to let the query optimizer do its part too, but then again I already have a bunch of plaintext bindings and they are easier to modify should I need to do that, while performance is not a problem I have to worry about.

That initial regexp, the one extracting email address is really wild though. I'm not even sure it should work, but I had a crazy idea to extract a substring which may or may not be surrounded by text to ignore, and it does in fact work for both formats:
From: sender@address
From: sender name <sender@address>
_________________
Make Computing Fun Again
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum