View previous topic :: View next topic |
Author |
Message |
szatox Advocate
Joined: 27 Aug 2013 Posts: 3477
|
Posted: Fri Nov 08, 2024 8:35 pm Post subject: [solved] Postfix/How do I reject mail From: sender |
|
|
Long story short I want to make postfix reject incoming mail immediately rather than accept the transfer, filter, and then send a bounce to a possibly spoofed address.
This one is _almost_ there:
Code: | smtpd_relay_restrictions = check_sender_access mysql:/etc/postfix/mysql-blacklist.cf |
Almost, because this directive executes my query using the envelope FROM rather than the headers' From:.
Envelope from and header's from don't have to match. In case of the particular entity which prompted me to look into this, they don't, because spam comes from a 3rd party service authorized by the domain owner.
I don't really mind the nuclear option of blacklisting the entire mailing service, but not being able to aim properly is a shame, so give me a hint. _________________ Make Computing Fun Again
Last edited by szatox on Sun Nov 10, 2024 12:14 pm; edited 1 time in total |
|
Back to top |
|
|
grknight Retired Dev
Joined: 20 Feb 2015 Posts: 1990
|
Posted: Fri Nov 08, 2024 9:12 pm Post subject: |
|
|
man 5 header_checks but be warned. This is not as easy as it appears.
A From header is not required to be a valid message. The From header may be SMTPUTF8 encoded.
Also, header checks examine all headers one at a time and each will reexamine the lookup for an action.
It really should be a pcre: or regexp: table type for speed. You can use anything of course, but traditional databases may bog down mail processing. |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3477
|
Posted: Fri Nov 08, 2024 10:02 pm Post subject: |
|
|
Thanks, looks promising indeed.
I'm not too worried about performance there, I don't have that many emails. Still, it is worth a note.
Can SMTPUTF8 mangle pure ASCII addresses? I'll be fine as long as the input is predictable, but having multiple possible forms of the same value would really be a problem. _________________ Make Computing Fun Again |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3477
|
Posted: Sun Nov 10, 2024 12:10 pm Post subject: |
|
|
I came up with this:
Code: | query = WITH RECURSIVE
rxp AS (SELECT REGEXP_REPLACE('%s', 'From: *(.*<(.*)>.*)?','\\2') as sender WHERE '%s' LIKE 'From:%%'),
list AS ( SELECT sender FROM rxp UNION SELECT REGEXP_REPLACE( sender , '[^@.]*[@.](.*)', '\\1') FROM list )
SELECT 'REJECT Sender banned for: SPAM' FROM header_blacklist WHERE header_blacklist.sender IN ( SELECT sender FROM list ) AND header_blacklist.active = TRUE;
|
Looks complicated, but it's only going to touch a few rows from a single, indexed table, and only when processing the From: header; otherwise it calculates an empty set so there's nothing to look up in the table.
I've been considering turning it into a stored function, to let the query optimizer do its part too, but then again I already have a bunch of plaintext bindings and they are easier to modify should I need to do that, while performance is not a problem I have to worry about.
That initial regexp, the one extracting email address is really wild though. I'm not even sure it should work, but I had a crazy idea to extract a substring which may or may not be surrounded by text to ignore, and it does in fact work for both formats:
From: sender@address
From: sender name <sender@address> _________________ Make Computing Fun Again |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|