> On 7 September 2017, at 15:28, pgndev <[hidden email]> wrote:
> It ain't pretty, or recommended for the long term, but something like this should slow it down
> header_checks = pcre:/etc/postfix/header_checks.pcre
> IF /^(To|From|Cc|Reply-To|Sender|Return-Path): /
> /@qq\.com/i REJECT
> (check the syntax!)
To block the message-id field shouldn't that be:
The qq.com only appears in the message-id, never in any of the addresses.
It's not all that pretty, but it works fine. I have been watching the logs and those messages are now being rejected. Thanks for all the help.
> On 7 September 2017, at 15:50, pgndev <[hidden email]> wrote:
> I missed the "message id" ...
> You should be able to match/block any valid header name.
> Add it to, or replace, what's in the match -- up to you. Personally, I've never received a valid email from 'anything' @qq.com. YMMV.
> If you're shutting down a flood, more extreme, blunt instrument measures @ the firewall (e.g. GeoIP blocking) can be put in place.