[Postfixbuch-users] Email ohne gueltige Adresse im To:-Feld abweisen

Guido Mehnert guido at mail.mehnert.tk
So Dez 4 11:36:00 CET 2011


Guten Tag,

ich bin der Neue, also seid zum Anfang nicht allzu streng
mit mir :-)

Ich bemühme mich nun seit einiger Zeit einen Spammer zu filtern,
der mir seine Spam-Mails als Blindkopie schickt. Allen Spam-Mails
gemeinsam ist, dass im To:-Feld keine gültige Adresse eingetragen
wurde. Zumeist lässt der Spammer das To:-Feld auch einfach leer
und nutzt nur das BCC:-Feld. Postfix ersetzt das dann leere
To:-Feld mit: "To: undisclosed-recipients:;". Meine Versuche, auf
den Header zu filten, gingen bisher fehl, weil ich die Sprache des
pcre nicht kann.

Meine smtp_recipient_restrictions =
smtpd_recipient_restrictions =
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        reject_unknown_sender_domain
        reject_unknown_recipient_domain
        permit_sasl_authenticated
        permit_mynetworks
        reject_rbl_client zen.spamhaus.org
        reject_rbl_client ix.dnsbl.manitu.net
        #sqlgrey
        check_policy_service inet:127.0.0.1:|<port>|[1]
        reject_unverified_recipient
        reject_unauth_destination

Unterhalb der smtpd_recipient_restrictions habe ich mich
vergeblich mit header_checks versucht.

[1] Zeichen in |<>| geändert

Hier die Header einiger Spammer, die Greylisting überlebt
haben:
Return-Path: <ohm74 at web.de>
Delivered-To: |<Emailadresse>|
X-Greylist: delayed 67754 seconds by postgrey-1.31 at
<Server>; Sun, 27 Nov 2011 15:19:34 CET
Received: from morpheus.sle.br (unknown [200.247.83.18])
        by <Server> (Postfix) with ESMTP id 9BD6555B8001
        for |<Emailadresse>|; Sun, 27 Nov 2011 15:19:34 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
        by morpheus.sle.br (Postfix) with ESMTP id 611A3D81199;
        Sat, 26 Nov 2011 06:00:45 -0200 (BRST)
X-Virus-Scanned: amavisd-new at sle.br
Received: from morpheus.sle.br ([127.0.0.1])
        by localhost (morpheus.sle.br [127.0.0.1]) (amavisd-new,
port 10024)
        with ESMTP id U3CX1TydmhQd; Sat, 26 Nov 2011 06:00:45
-0200 (BRST)
Received: by morpheus.sle.br (Postfix, from userid 65)
        id A0B00D8116D; Sat, 26 Nov 2011 06:00:19 -0200 (BRST)
Received: from User (unknown [46.37.69.244])
        by morpheus.sle.br (Postfix) with ESMTPA id D1A97D8118F;
        Sat, 26 Nov 2011 05:59:47 -0200 (BRST)
Reply-To: <Seguridadconsultant at hotmail.es>
From: "DON GOMEZ SANCHEZ"<ohm74 at web.de>
Subject: GEWINNBENACHRITIGUNG
Date: Sat, 26 Nov 2011 11:02:16 +0100
MIME-Version: 1.0
Content-Type: text/plain;
        charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Antivirus: avast! (VPS 111126-0, 26/11/2011), Outbound message
X-Antivirus-Status: Clean
Message-Id: <20111126080019.A0B00D8116D at morpheus.sle.br>
To: undisclosed-recipients:;

Return-Path: <meetelen63 at msn.com>
Delivered-To: |<Emailadresse>|
X-Greylist: delayed 00:05:04 by SQLgrey-1.6.8
Received: from blu0-omc3-s9.blu0.hotmail.com
(blu0-omc3-s9.blu0.hotmail.com [65.55.116.84])
        by |<Server>| (Postfix) with ESMTP id 80CD955B802D
        for |<Emailadresse>|; Wed, 30 Nov 2011 00:56:42 +0100 (CET)
Received: from BLU0-SMTP92 ([65.55.116.73]) by
blu0-omc3-s9.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
         Tue, 29 Nov 2011 15:51:37 -0800
X-Originating-IP: [212.52.153.126]
X-Originating-Email: [meetelen63 at msn.com]
Message-ID: <BLU0-SMTP92C2E3789C19676DF05B64DBB30 at phx.gbl>
Received: from user-3d89bd8955 ([212.52.153.126]) by
BLU0-SMTP92.phx.gbl over TLS secured channel with Microsoft
SMTPSVC(6.0.3790.4675);
         Tue, 29 Nov 2011 15:51:34 -0800
From: Ellen Hanson <meetelen63 at msn.com>
To: "." <.>
X-Mailer: Pocomail 4.8 (4400) - EVALUATION VERSION
X-URL: http://www.pocomail.com/
Reply-To: meetellen0 at msn.com
Date: Tue, 29 Nov 2011 23:47:40 -0800
Subject: Hello Dearest One,
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 29 Nov 2011 23:51:35.0035 (UTC)
FILETIME=[D3C7F4B0:01CCAEF1]

Return-Path: <mail at hinhxx.com>
Delivered-To: |<Emailadresse>|
X-Greylist: delayed 00:06:40 by SQLgrey-1.6.8
Received: from smtpw2.aruba.it (smtpipvs3.aruba.it
[62.149.128.188])
        by |<Server>| (Postfix) with SMTP id A32F655B802C
        for |<Emailadresse>|; Sat,  3 Dec 2011
12:32:22 +0100 (CET)
Received: (qmail 5453 invoked by uid 89); 3 Dec 2011 11:25:41
-0000
Received: from unknown (HELO aruba.it) (62.149.158.90)
  by smtpw2.ad.aruba.it with SMTP; 3 Dec 2011 11:25:41 -0000
Date: Sat,  3 Dec 2011 05:25:40 -0600
Message-Id: <LVML2S$5E31C6701AE9B8CC27CDF91148DC31FE at aruba.it>
Subject: Reward Code Number: FB/28753134
MIME-Version: 1.0
X-Sensitivity: 3
Content-Type: multipart/alternative;
        boundary="_=__=_XaM3_.1322911540.2A.638206.42.22950.52.42.007.1972007158"
From: "Facebook" <mail at hinhxx.com>
X-XaM3-API-Version: V3(R2)
X-SenderIP: 80.79.121.75
X-Spam-Rating: smtpw2.ad.aruba.it 1.6.2 0/1000/N
To: undisclosed-recipients:;



Mehr Informationen über die Mailingliste Postfixbuch-users