[CentOS] postfix and spam, I am impressed

Tue Mar 13 03:57:34 UTC 2012
Les Mikesell <lesmikesell at gmail.com>

On Mon, Mar 12, 2012 at 9:48 PM, Nataraj <incoming-centos at rjl.com> wrote:
> On 03/12/2012 02:25 PM, m.roth at 5-cent.us wrote:
>> Bob Hoffman wrote:
>>> I have had the same email address since 1997 (when microsoft stole
>>> bob.com from me thanks to network solutions...)
>> I remember reading about you, vaguely.
>> <snip>
>>> Now I have set up a centos 6 box using postfix. Today I decided to try
>>> to add smtpd restrictions. After a lot of reading and testing I 'seem'
>>> to be doing incredible.
>>> I wanted to share my current working postfix smtpd restrictions area so
>>> that others who are interested can start with it.
>> <snip>
>> Here's a question: is there any way to inspect an email's headers, and
>> reject it if the alleged FWDN in the From:" doesn't match the oldest
>> "Received: "?
>>        mark
> That would be a good test.  Postfix does have the ability to match
> regular expressions on headers, but the tests are limited to testing a
> single line at a time.  You can however write one of several types of
> postfix content inspection modules using your favorite programming or
> scripting language.  If you use one of the before queue inspection
> methods and you have a busy mail server, you have to watch out that you
> don't introduce delays that could cause clients to time out.
> You might also look around to see if there's something out there that
> would already do that.
> Check out http://www.postfix.org/CONTENT_INSPECTION_README.html  I don't
> think it's that hard to throw together a perl or python script to do
> this.  I have more experience with the policy daemon though.

With sendmail, using MimeDefang as a milter was one of the best
approaches, because then you could control all of the other usual
(spamassassin, clamav, etc.) or custom steps with a small snippet of
perl.   I think the postfix milter interface is at least theoretically
compatible these days but I haven't tried them together.  The way
MimeDefang multiplexes the fast/slow operations and extracts the
attachments only once for any number of scans is particularly

   Les Mikesell
     lesmikesell at gmail.com