Postfix: Примеры header_checks, helo_checks, body_checks, mime_header_checks
Автор: ymsssg 2006 (верстка и добавление правил от Axel aka RaVeN)
 


Стандартные фильтры и методы их подключения:
helo_checks=pcre:$config_directory/helo_checks

header_checks=pcre:$config_directory/header_checks

mime_header_checks=regexp:$config_directory/mime_header_checks

body_checks=pcre:$config_directory/body_checks

Дополнительные проверки:
mx_access:

Метод подключения
check_*_mx_access cidr:$config_directory/mx_access (используется в smtp_*restrictions)

relaying_stoplist:

Метод подключения
check_*_access regexp:$config_directory/relaying_stoplist (используется в smtp_*restrictions)



helo_checks:
Код:

# Reject anybody that HELO's as being in our own domain(s)
# (Note that if you followed the order suggested in the main.cf
# examples, above, that machines in mynetworks will be okay.)
mydomain.com REJECT You are not me
mail.mydomain.com REJECT You are not me

# Somebody HELO'ing with our IP address?
185.228.43.164 REJECT You are not me

# Somebody HELO'ing with localhost
localhost REJECT You are not my localhost
127.0.0.1 REJECT You are not my localhost

/^\[?10\.\d{1,3}\.\d{1,3}\.\d{1,3}\]?$/ REJECT Address in RFC 1918 private network
/^\[?192\.\d{1,3}\.\d{1,3}\.\d{1,3}\]?$/ REJECT Address in RFC 1918 private network
/^\[?172\.\d{1,3}\.\d{1,3}\.\d{1,3}\]?$/ REJECT Address in RFC 1918 private network

/\d{2,}[-\.]+\d{2,}/ REJECT Invalid hostname (D-D)

/^(((newm|em|gm|m)ail|yandex|rambler|hotbox|chat|rbc|subscribe|spbnit)\.ru)$/ REJECT Faked hostname ($1)
/^(((hotmail|mcim|newm|em)ail|post|hotbox|msn|microsoft|aol|news|compuserve|yahoo|google|earthlink|netscape)\.(com|net))$/ REJECT Faked hostname ($1)

^ Вверх

header_checks:
Код:

#Content-Type/Disposition Blocks

/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|ad[ept]|app|as[dpx]|ba[st]|bin|btm|cab|cb[lt]|cgi|chm|cil|cla(ss)?|cmd|cp[el]|crt|cs[chs]|cvp|dll|dot|drv|em(ai)?l|ex[_e]|exe?=|fon|fxp|hlp|ht[ar]|in[fips]|isp|jar|jse?|keyreg|ksh|lib|lnk|md[abetw]|mht(m|ml)?|mp3|ms[ciopt]|nte|nws|obj|ocx|ops|ov.|pcd|pgm|pif|p[lm]|pot|pps|prg|reg|sc[rt]|sh[bs]?|slb|smm|sw[ft]|sys|url|vb[esx]?|vir|vmx|vxd|wm[dsz]|ws[cfh]|xl.|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/ REJECT ".$2" file attachment types not allowed
/^Content-(Disposition|Type):\s+.+?(file)?name="?.+?\.com(\.\S{2,4})?(\?=)?"?(;|$)/ REJECT ".com" file attachment types not allowed
/^Content-(Disposition|Type):\s+.*?message\/partial\b/ REJECT
/^Content-(Disposition|Type):\s+.*?(file)?name="?.*?(your_details|application|document|screensaver|movie)\.zip/ REJECT
/^Subject: .*SPAM.*/ REDIRECT root@mydomain.com

IF/^Content-Type:/
/multipart\/related;.*type=\"multipart\/alternative\";.*boundary=\"====_ABC1234567890DEF_====\".*$/ REJECT Possible you have a virus Nimda. Try resend your message.
/multipart.*"----[A-F0-9]+_Outlook_Express_message_boundary"/i REJECT Possible you have a viruss Sircam. Try resend your message.
ENDIF

/^ *.*name="account-details.zip/ REJECT We think your message contain a virus MyTob. Please remove or rename your attachment account-details.zip.
/^ *.*name.*(website|details|try|updated-password|account-password|account-details|password)\.zip/ REJECT We think your message contain avirus MyTob. Please remove or rename your attachment $1.zip.


#Date Blocks

IF /^Date:/
/.{60,}$/ REJECT You have invalid Date Format. Possible you have bugget Outlook?
ENDIF


#X-Mailer Blocks

IF/^X-Mailer:/
/ Virtual MailSender; www.vpro.ru/ OK
/ 0001/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Avalanche/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Crescent Internet Tool/ REJECT Your email had spam-like header contents. (X-Mailer)
/ DiffondiCool/ REJECT Your email had spam-like header contents. (X-Mailer)
/ E-Mail Delivery Agent/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Emailer Platinum/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Entity/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Extractor/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Floodgate/ REJECT Your email had spam-like header contents. (X-Mailer)
/ GOTO Software Sarbacane/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MailWorkz/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MassE-Mail/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MaxBulk.Mailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ News Breaker Pro/ REJECT Your email had spam-like header contents. (X-Mailer)
/ SmartMailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ StormPort/ REJECT Your email had spam-like header contents. (X-Mailer)
/ SuperMail-2/ REJECT Your email had spam-like header contents. (X-Mailer)
/ RAdvanced Direct Remailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Advanced Mass Sender/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Spammer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Bomber/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Mega-Mailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ SuperMail/ REJECT Your email had spam-like header contents. (X-Mailer)
/ FastMailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ PObox/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MMailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Ligra Mailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Dynamic Opt-In Emailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Group Spamer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Mail Sender/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Mailloop/ REJECT Your email had spam-like header contents. (X-Mailer)
/ PersMail/ REJECT Your email had spam-like header contents. (X-Mailer)
/ LK SendI/ REJECT Your email had spam-like header contents. (X-Mailer)
/ WC Mail/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Virtual MailSender/ REJECT Your email had spam-like header contents. (X-Mailer)
/ ZUBA ZUB/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MailList Express/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Caretop/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Mailer Signature/ REJECT Your email had spam-like header contents. (X-Mailer)
/ FiG/ REJECT Your email had spam-like header contents. (X-Mailer)
/ PG-MAILINGLIST/ REJECT Your email had spam-like header contents. (X-Mailer)
/ advcomtest/ REJECT Your email had spam-like header contents. (X-Mailer)
/ ailerv/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Gailerj/ REJECT Your email had spam-like header contents. (X-Mailer)
/ User$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ \.\.\.\.\.\.\. / REJECT Your email had spam-like header contents. (X-Mailer)
/ sklsgwd/ REJECT Your email had spam-like header contents. (X-Mailer)
/ yo yo mail/ REJECT Your email had spam-like header contents. (X-Mailer)
/ ZanziMailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ smsmtp/ REJECT Your email had spam-like header contents. (X-Mailer)
/ BulkMailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ diffondi/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Virtual MailSender/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Version 5.0 / REJECT Your email had spam-like header contents. (X-Mailer)
/ NetMasters/ REJECT Your email had spam-like header contents. (X-Mailer)
/ nethack/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Dipost/ REJECT Your email had spam-like header contents. (X-Mailer)
/ (ACE ContactManager|CyberCreek Avalanche)/ REJECT Your email had spam-like header contents. (X-Mailer)
/ (Achi-Kochi Mail|E-mail Magnet|Mailcast)/ REJECT Your email had spam-like header contents. (X-Mailer)
/ (Group Mail|Aristotle Mail|WorldMerge)/ REJECT Your email had spam-like header contents. (X-Mailer)
/ (Extractor Pro|Floodgate Pro|MultiMailer)/ REJECT Your email had spam-like header contents. (X-Mailer)
/ (Ellipse Bulk Emailer|RamoMail|MultiMailer)/ REJECT Your email had spam-like header contents. (X-Mailer)
/ (Emailer Platinum.*Internet Marketing)/ REJECT Your email had spam-like header contents. (X-Mailer)
/ E-Magazine/ REJECT Your email had spam-like header contents. (X-Mailer)
/ ExclamationSoft/ REJECT Your email had spam-like header contents. (X-Mailer)
/ IM2K/ REJECT Your email had spam-like header contents. (X-Mailer)
/ PostMaster General/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Advanced Mass Sender/ REJECT Your email had spam-like header contents. (X-Mailer)
/ EZ Version/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Email Collector/ REJECT Your email had spam-like header contents. (X-Mailer)
/ SBZ systems/ REJECT Your email had spam-like header contents. (X-Mailer)
/ The Red Spider/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Dynamic Opt-In Emailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ IM2000 Version 1.01/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Prospect Mailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Inet_Mail_Out/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MailKing/ REJECT Your email had spam-like header contents. (X-Mailer)
/ David/ REJECT Your email had spam-like header contents. (X-Mailer)
/ EzyMassMailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Oshirase-Mailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ The Red Spider/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Mega-Mailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ FletMail/i REJECT Your email had spam-like header contents. (X-Mailer)
/ Floodgate/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Extractor/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Fusion/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MassE-Mail/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Quick Shot/ REJECT Your email had spam-like header contents. (X-Mailer)
/ NetMailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ WorldMerge/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Powermailer/ REJECT Your email had spam-like header contents. (X-Mailer)
/ homosexual/ REJECT Your email had spam-like header contents. (X-Mailer)
/ PSS Bulk Mailer.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ ccMail Link.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ IXO-Mail.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MMailer.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ K-ML.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ GoldMine.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ MAGIC.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ bomber.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ expeditor.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Brooklyn North.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Broadcast.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ DMailer.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Extractor.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ EMailing List Pro .*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Fusion.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ News Breaker .*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ dbMail.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Unity.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ PG-MAILINGLIST PRO .*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Dynamic.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Splio.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Sarbacane.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ sMailing.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ Broadc@st.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ WorkZ.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ ABMailer.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ QuickSender .*$/ REJECT Your email had spam-like header contents. (X-Mailer)
/.* over 2182 or.$/ REJECT Your email had spam-like header contents. (X-Mailer)
/ SpeedMail_.*$/ REJECT Your email had spam-like header contents. (X-Mailer)
ENDIF


#Other Headers Blocks

/^X-Unsent: 1/ REJECT Possible you have a virus Nimbda. Try resend your message.

# These are headers used to track some spam messages.
/^Bel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Hel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Kel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^BIC-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Lid-Tracking: .*/ REJECT Confirmed spam. Go away.

^ Вверх

mime_header_checks:
Код:

# Reject letters wiz attachments which have russian names

/^begin(-base64)? [0-9]+.*(\.|=2E)bat(\?=)?(\.)?/ REJECT Don't send to us letters with bat attachements
/^[^<]*(body|filename|name=).*(\.|=2E)bat(\?=)?(\.)?/ REJECT Don't send to us letters with bat attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)cmd(\?=)?(\.)?/ REJECT Don't send to us letters with cmd attachements
/^[^<]*(body|filename|name=).*(\.|=2E)cmd(\?=)?(\.)?/ REJECT Don't send to us letters with cmd attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)chm(\?=)?(\.)?/ REJECT Don't send to us letters with chm attachements
/^[^<]*(body|filename|name=).*(\.|=2E)chm(\?=)?(\.)?/ REJECT Don't send to us letters with chm attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)com(\?=)?(\.)?/ REJECT Don't send to us letters with com attachements
/^[^<]*(body|filename|name=).*(\.|=2E)com(\?=)?(\.)?/ REJECT Don't send to us letters with com attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)exe(\?=)?(\.)?/ REJECT Don't send to us letters with exe attachements
/^[^<]*(body|filename|name=).*(\.|=2E)exe(\?=)?(\.)?/ REJECT Don't send to us letters with exe attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)hta(\?=)?(\.)?/ REJECT Don't send to us letters with hta attachements
/^[^<]*(body|filename|name=).*(\.|=2E)hta(\?=)?(\.)?/ REJECT Don't send to us letters with hta attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)jse(\?=)?(\.)?/ REJECT Don't send to us letters with jse attachements
/^[^<]*(body|filename|name=).*(\.|=2E)jse(\?=)?(\.)?/ REJECT Don't send to us letters with jse attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)rm(\?=)?(\.)?/ REJECT Don't send to us letters with rm attachements
/^[^<]*(body|filename|name=).*(\.|=2E)rm(\?=)?(\.)?/ REJECT Don't send to us letters with rm attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)scr(\?=)?(\.)?/ REJECT Don't send to us letters with scr attachements
/^[^<]*(body|filename|name=).*(\.|=2E)scr(\?=)?(\.)?/ REJECT Don't send to us letters with scr attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)pif(\?=)?(\.)?/ REJECT Don't send to us letters with pif attachements
/^[^<]*(body|filename|name=).*(\.|=2E)pif(\?=)?(\.)?/ REJECT Don't send to us letters with pif attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)vbe(\?=)?(\.)?/ REJECT Don't send to us letters with vbe attachements
/^[^<]*(body|filename|name=).*(\.|=2E)vbe(\?=)?(\.)?/ REJECT Don't send to us letters with vbe attachements

/^begin(-base64)? [0-9]+.*(\.|=2E)vbs(\?=)?(\.)?/ REJECT Don't send to us letters with vbs attachements
/^[^<]*(body|filename|name=).*(\.|=2E)vbs(\?=)?(\.)?/ REJECT Don't send to us letters with vbs attachements


#Или можно так:
IF/^(.*)(body|filename|name=)/
/(.*)\.(lnk|dll|shs|vbe|hta|com|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|pif|chm|exe)$/ REJECT We are not accept attachments in ${2} format.
/\"(.*)\.(lnk|dll|shs|vbe|hta|com|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|pif|chm|exe)$/ REJECT We are not accept attachments in ${2} format.
ENDIF

^ Вверх

body_checks:
Код:

/sexu/ REJECT Body Spam Rule R401
/porno/ REJECT Body Spam Rule R402
/viagra/ REJECT Body Spam Rule R403
/penis/ REJECT Body Spam Rule R404
/enlargement/ REJECT Body Spam Rule R405
/enhancement/ REJECT Body Spam Rule R406
/cock/ REJECT Body Spam Rule R407
/teen/ REJECT Body Spam Rule R408
/doctor/ REJECT Body Spam Rule R409
/pills/ REJECT Body Spam Rule R410
/cialis/ REJECT Body Spam Rule R411
/inches/ REJECT Body Spam Rule R412
/visit/ REJECT Body Spam Rule R412
/amazing/ REJECT Body Spam Rule R413

^ Вверх



mx_access:
Код:

127.0.0.1 DUNNO 127.0.0.2 550 Domains not registered properly. Can't assign requested address
0.0.0.0/8 REJECT Domain MX in broadcast network
10.0.0.0/8 REJECT Domain MX in RFC 1918 private network
127.0.0.0/8 REJECT Domain MX in loopback network
169.254.0.0/16 REJECT Domain MX in link local network
172.16.0.0/12 REJECT Domain MX in RFC 1918 private network
192.0.2.0/24 REJECT Domain MX in TEST-NET network
192.168.0.0/16 REJECT Domain MX in RFC 1918 private network
224.0.0.0/4 REJECT Domain MX in class D multicast network
240.0.0.0/5 REJECT Domain MX in class E reserved network
248.0.0.0/5 REJECT Domain MX in reserved network


^ Вверх

relaying_stoplist:
Код:

/^dsl.*\..*/i 553 AUTO_DSL We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/.*\.dsl\..*/i 553 AUTO_DSL2 We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/[a|x]dsl.*\..*\..*/i 553 AUTO_[A|X]DSL We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/client.*\..*\..*/i 553 AUTO_CLIENT We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/cable.*\..*\..*/i 553 AUTO_CABLE We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/pool\..*/i 553 AUTO_POOL We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/.*dial(\.|-).*\..*\..*/i 553 AUTO_DIAL We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/ppp.*\..*/i 553 AUTO_PPP We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/dslam.*\..*\..*/i 553 AUTO_DSLAM We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/dslb.*\..*\..*/i 553 AUTO_DSLB We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/node.*\..*\..*/i 553 AUTO_NODE We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

/.*\.dynamicIP\..*/i 553 AUTO_DYNAMIC We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.



^ Вверх




Axel (aka RaVeN) © 2006