[Postfixbuch-users] Email ohne gueltige Adresse im To:-Feld abweisen

Uwe Drießen driessen at fblan.de
So Dez 4 17:20:23 CET 2011


Im Auftrag von Guido Mehnert
> 
> Guten Tag,
> 
> ich bin der Neue, also seid zum Anfang nicht allzu streng
> mit mir :-)
> 
> Ich bemühme mich nun seit einiger Zeit einen Spammer zu filtern,
> der mir seine Spam-Mails als Blindkopie schickt. Allen Spam-Mails
> gemeinsam ist, dass im To:-Feld keine gültige Adresse eingetragen
> wurde. Zumeist lässt der Spammer das To:-Feld auch einfach leer
> und nutzt nur das BCC:-Feld. Postfix ersetzt das dann leere
> To:-Feld mit: "To: undisclosed-recipients:;". Meine Versuche, auf
> den Header zu filten, gingen bisher fehl, weil ich die Sprache des
> pcre nicht kann.
> 
> Meine smtp_recipient_restrictions =
> smtpd_recipient_restrictions =
>         reject_non_fqdn_sender
>         reject_non_fqdn_recipient
>         reject_unknown_sender_domain
>         reject_unknown_recipient_domain
>         permit_sasl_authenticated
>         permit_mynetworks

		reject_unauth_destination,

>         reject_rbl_client zen.spamhaus.org
>         reject_rbl_client ix.dnsbl.manitu.net
>         #sqlgrey
>         check_policy_service inet:127.0.0.1:|<port>|[1]
>         reject_unverified_recipient
>         reject_unauth_destination
> 

Schau nach ob du evtl. 

   reject_invalid_helo_hostname,
   reject_non_fqdn_helo_hostname,
   reject_unknown_client_hostname,
   reject_unknown_helo_hostname,

einsetzen kannst (aber bitte zuerst schauen was die Restriktionen machen)



> Unterhalb der smtpd_recipient_restrictions habe ich mich
> vergeblich mit header_checks versucht.

Headerchecks werden global eingetragen die sind nicht unter den
Restriktionen einzutragen. Die Header und Bodychecks laufen im cleanup

> 
> [1] Zeichen in |<>| geändert
> 
> Hier die Header einiger Spammer, die Greylisting überlebt
> haben:
> Return-Path: <ohm74 at web.de>
> Delivered-To: |<Emailadresse>|
> X-Greylist: delayed 67754 seconds by postgrey-1.31 at
> <Server>; Sun, 27 Nov 2011 15:19:34 CET
> Received: from morpheus.sle.br (unknown [200.247.83.18])
>         by <Server> (Postfix) with ESMTP id 9BD6555B8001
>         for |<Emailadresse>|; Sun, 27 Nov 2011 15:19:34 +0100 (CET)
> Received: from localhost (localhost [127.0.0.1])
>         by morpheus.sle.br (Postfix) with ESMTP id 611A3D81199;
>         Sat, 26 Nov 2011 06:00:45 -0200 (BRST)
> X-Virus-Scanned: amavisd-new at sle.br
> Received: from morpheus.sle.br ([127.0.0.1])
>         by localhost (morpheus.sle.br [127.0.0.1]) (amavisd-new,
> port 10024)
>         with ESMTP id U3CX1TydmhQd; Sat, 26 Nov 2011 06:00:45
> -0200 (BRST)
> Received: by morpheus.sle.br (Postfix, from userid 65)
>         id A0B00D8116D; Sat, 26 Nov 2011 06:00:19 -0200 (BRST)
> Received: from User (unknown [46.37.69.244])
>         by morpheus.sle.br (Postfix) with ESMTPA id D1A97D8118F;
>         Sat, 26 Nov 2011 05:59:47 -0200 (BRST)
> Reply-To: <Seguridadconsultant at hotmail.es>
> From: "DON GOMEZ SANCHEZ"<ohm74 at web.de>
> Subject: GEWINNBENACHRITIGUNG
> Date: Sat, 26 Nov 2011 11:02:16 +0100
> MIME-Version: 1.0
> Content-Type: text/plain;
>         charset="Windows-1251"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> X-Antivirus: avast! (VPS 111126-0, 26/11/2011), Outbound message
> X-Antivirus-Status: Clean
> Message-Id: <20111126080019.A0B00D8116D at morpheus.sle.br>
> To: undisclosed-recipients:;
> 
> Return-Path: <meetelen63 at msn.com>
> Delivered-To: |<Emailadresse>|
> X-Greylist: delayed 00:05:04 by SQLgrey-1.6.8
> Received: from blu0-omc3-s9.blu0.hotmail.com
> (blu0-omc3-s9.blu0.hotmail.com [65.55.116.84])
>         by |<Server>| (Postfix) with ESMTP id 80CD955B802D
>         for |<Emailadresse>|; Wed, 30 Nov 2011 00:56:42 +0100 (CET)
> Received: from BLU0-SMTP92 ([65.55.116.73]) by
> blu0-omc3-s9.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
>          Tue, 29 Nov 2011 15:51:37 -0800
> X-Originating-IP: [212.52.153.126]
> X-Originating-Email: [meetelen63 at msn.com]
> Message-ID: <BLU0-SMTP92C2E3789C19676DF05B64DBB30 at phx.gbl>
> Received: from user-3d89bd8955 ([212.52.153.126]) by
> BLU0-SMTP92.phx.gbl over TLS secured channel with Microsoft
> SMTPSVC(6.0.3790.4675);
>          Tue, 29 Nov 2011 15:51:34 -0800
> From: Ellen Hanson <meetelen63 at msn.com>
> To: "." <.>
> X-Mailer: Pocomail 4.8 (4400) - EVALUATION VERSION
> X-URL: http://www.pocomail.com/
> Reply-To: meetellen0 at msn.com
> Date: Tue, 29 Nov 2011 23:47:40 -0800
> Subject: Hello Dearest One,
> MIME-Version: 1.0
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> X-OriginalArrivalTime: 29 Nov 2011 23:51:35.0035 (UTC)
> FILETIME=[D3C7F4B0:01CCAEF1]
> 
> Return-Path: <mail at hinhxx.com>
> Delivered-To: |<Emailadresse>|
> X-Greylist: delayed 00:06:40 by SQLgrey-1.6.8
> Received: from smtpw2.aruba.it (smtpipvs3.aruba.it
> [62.149.128.188])
>         by |<Server>| (Postfix) with SMTP id A32F655B802C
>         for |<Emailadresse>|; Sat,  3 Dec 2011
> 12:32:22 +0100 (CET)
> Received: (qmail 5453 invoked by uid 89); 3 Dec 2011 11:25:41
> -0000
> Received: from unknown (HELO aruba.it) (62.149.158.90)
>   by smtpw2.ad.aruba.it with SMTP; 3 Dec 2011 11:25:41 -0000
> Date: Sat,  3 Dec 2011 05:25:40 -0600
> Message-Id: <LVML2S$5E31C6701AE9B8CC27CDF91148DC31FE at aruba.it>
> Subject: Reward Code Number: FB/28753134
> MIME-Version: 1.0
> X-Sensitivity: 3
> Content-Type: multipart/alternative;
> 
> boundary="_=__=_XaM3_.1322911540.2A.638206.42.22950.52.42.007.1972007158"
> From: "Facebook" <mail at hinhxx.com>
> X-XaM3-API-Version: V3(R2)
> X-SenderIP: 80.79.121.75
> X-Spam-Rating: smtpw2.ad.aruba.it 1.6.2 0/1000/N
> To: undisclosed-recipients:;


Mit freundlichen Grüßen

Uwe Drießen
--
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert

Tel.: 06708660045




Mehr Informationen über die Mailingliste Postfixbuch-users