On Mon, Mar 12, 2012 at 9:48 PM, Nataraj <incoming-centos at rjl.com> wrote: > On 03/12/2012 02:25 PM, m.roth at 5-cent.us wrote: >> Bob Hoffman wrote: >>> I have had the same email address since 1997 (when microsoft stole >>> bob.com from me thanks to network solutions...) >> I remember reading about you, vaguely. >> <snip> >>> Now I have set up a centos 6 box using postfix. Today I decided to try >>> to add smtpd restrictions. After a lot of reading and testing I 'seem' >>> to be doing incredible. >>> I wanted to share my current working postfix smtpd restrictions area so >>> that others who are interested can start with it. >> <snip> >> Here's a question: is there any way to inspect an email's headers, and >> reject it if the alleged FWDN in the From:" doesn't match the oldest >> "Received: "? >> >> mark >> > That would be a good test. Postfix does have the ability to match > regular expressions on headers, but the tests are limited to testing a > single line at a time. You can however write one of several types of > postfix content inspection modules using your favorite programming or > scripting language. If you use one of the before queue inspection > methods and you have a busy mail server, you have to watch out that you > don't introduce delays that could cause clients to time out. > > You might also look around to see if there's something out there that > would already do that. > > Check out http://www.postfix.org/CONTENT_INSPECTION_README.html I don't > think it's that hard to throw together a perl or python script to do > this. I have more experience with the policy daemon though. With sendmail, using MimeDefang as a milter was one of the best approaches, because then you could control all of the other usual (spamassassin, clamav, etc.) or custom steps with a small snippet of perl. I think the postfix milter interface is at least theoretically compatible these days but I haven't tried them together. The way MimeDefang multiplexes the fast/slow operations and extracts the attachments only once for any number of scans is particularly efficient. -- Les Mikesell lesmikesell at gmail.com