Postfix implements the header_checks as built-in content inspection classes while receiving mail. Usually the best performance is obtained with pcre (Perl Compatible Regular Expression) tables or slower regexp (POSIX regular expressions). Googling on the net, i’ve found tiny perl script that can queries to dbl.spamhaus.org, multi.surbl.org, black.uribl.com. ( Sahil Tandon wrote it, based on João Gouveia perl script, i think..)
first download the script
Rename and make it executable
Edit master.cf add this two lines
1 | 127.0.0.1:2526 inet n n n - 0 spawn |
2 | user=nobody argv=/etc/postfix/checkdbl.pl |
Make preliminary test, to ensure checkdb.pl sih really spawned and answering our queries
Let’s try with Message-ID header (it is real spam in my inbox hehehe)
2 | Connected to mx.example.com (127.0.0.1). |
3 | Escape character is '^]'. |
4 | get Message-ID: <243589555829862551ca6a14e9bf5c6b@vldu204.eusensyv.info> |
Reply-To header
2 | Connected to mx.example.com (127.0.0.1). |
3 | Escape character is '^]'. |
4 | get reply-to: <software_innovations5@buyinhe.com> |
From header
2 | Connected to mx.example.com (127.0.0.1). |
3 | Escape character is '^]'. |
4 | get from: <software_innovations5@buyinhe.com> |
Or we can query by using postmap tool
2 | REJECT buyinhe.com, which appears in the 'from' header, is listed on black.uribl.com |
We’ve seen that checkdbl.pl realy work as expected, now it’s time to make it realy working in real life.
put this two lines in main.cf
1 | 127.0.0.1:2526_time_limit = 3600s |
2 | header_checks = tcp:[127.0.0.1]:2526 |
Reload postfix
And these are real rejected spam logs made by postfix and checkdbl.pl
1 | Month date 15:15:35 mx.example.com postfix/smtpd[24907]: 152CB30012A: client=unknown[69.162.108.69] |
2 | Month date 15:15:35 mx.example.com postfix/cleanup[28392]: 152CB30012A: reject: header Message-ID: <4507031@creditreports.tampocopica.com> from unknown[69.162.108.69]; from=<Nancy@tampocopica.com> to=<example-user@example.com> proto=ESMTP helo=<creditreports.tampocopica.com>: 5.7.1 creditreports.tampocopica.com, which appears in the 'Message-ID' header, is listed on dbl.spamhaus.org |
3 | Month date 15:15:35 mx.example.com postfix/cleanup[28392]: 152CB30012A: message-id=<4507031@creditreports.tampocopica.com> |
4 | Month date 15:50:04 mx.example.com postfix/smtpd[29412]: 7837130012F: client=unknown[66.90.109.40] |
5 | Month date 15:50:05 mx.example.com postfix/cleanup[31734]: 7837130012F: reject: header From: "Personalized-Christmas-Ornaments" <Alicia@diaseven.info> from unknown[66.90.109.40]; from=<Alicia@diaseven.info> to=<example-user@example.com> proto=ESMTP helo=<iyio40.diaseven.info>: 5.7.1 diaseven.info, which appears in the 'From' header, is listed on dbl.spamhaus.org |
1 | Month date 14:15:28 mx.example.com checkdbl[22069]: Hit: vldu204.eusensyv.info on dbl.spamhaus.org |
2 | Month date 14:17:53 mx.example.com checkdbl[22360]: Hit: buyinhe.com on black.uribl.com |
Yes, they are real spammer and rejected. sweet…
main.cf entry:
header_checks = tcp:[127.0.0.1]:2526
spits:
Dec 5 16:30:53 inet postfix/cleanup[9849]: fatal: unsupported dictionary type: tcp
any idea?
maybe this post will give you a clue
https://kutukupret.com/2009/11/17/centos-5-compile-postfix-with-tcp-table-support/
switched on brain and:
postconf -m
btree
cidr
environ
hash
ldap
mysql
nis
pcre
proxy
regexp
static
unix
so I don’t have tcp table support enabled/compiled.
Looking for more info, it seems this is “experimental”
I have recently run into a situation where I have an address/domain that I need to white list so the email is not rejected. Suggestions on how I can do this ?
Many thanks !
-Roberto
add and exception on main loop, say, you have one domain to whitelist, set a variable $mydomain and slightly modify the loop.
this is not tested, but i hope you get the picture.
1while(<>) {2chomp;3my$mydomain="example.com";45if(/^get\s+(?:resent-)?([\w-]+)\s*:\s*(.+)$/i) {6my($hdr,$data) = ($1,$2);7unless(grep(/^$hdr/i,@headers)) {8print"200 DUNNO\n";9next;10}11my@res= querybl($data);12if(@res&&$res[0] !=$mydomain) {13print"200 REJECT $res[0], which appears in the '$hdr' header, is listed on $res[1]\n";14next;15}16}17print"200 DUNNO\n";18}