check from address

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

check from address

freeline
Hello,

how do I reject mails that use an @-sign in the display name of the from
header?

A lot of SPAM and VIRUS mails use from addresses like "My Name
<[hidden email]>   "<[hidden email]> with lots of spaces so the
real address is never shown by the mail client. I want to block these mails.

Thanks,
Volker


signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: check from address

Phil Stracchino
On 12/26/18 3:14 PM, Volker Cordes wrote:
> Hello,
>
> how do I reject mails that use an @-sign in the display name of the from
> header?
>
> A lot of SPAM and VIRUS mails use from addresses like "My Name
> <[hidden email]>   "<[hidden email]> with lots of spaces so the
> real address is never shown by the mail client. I want to block these mails.

Couldn't you just check for N+ spaces after a closing > ?


/\> {12,}/


--
  Phil Stracchino
  Babylon Communications
  [hidden email]
  [hidden email]
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958


signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: check from address

Pau Amma
In reply to this post by freeline
On Wed, December 26, 2018 8:14 pm, Volker Cordes wrote:
> how do I reject mails that use an @-sign in the display name of the from
> header?

Have you read http://www.postfix.org/BUILTIN_FILTER_README.html ?

Reply | Threaded
Open this post in threaded view
|

Re: check from address

Wietse Venema
In reply to this post by freeline
Volker Cordes:
> Hello,
>
> how do I reject mails that use an @-sign in the display name of the from
> header?
>
> A lot of SPAM and VIRUS mails use from addresses like "My Name
> <[hidden email]>   "<[hidden email]> with lots of spaces so
> the real address is never shown by the mail client. I want to block
> these mails.

The pattern below will block a From: header with 10+ spaces anywhere.

If you want to make the number much smaller than that, then it is
better to use a spamfilter, because spamfilters rely on multiple
indicators, instead of triggering a reject after a single regexp
match.

/etc/postfix/main.cf:
    header_checks = pcre:/etc/postfix/header_checks.pcre

/etc/postfix/header_checks.pcre:
    /^From:.+\s{10}/    REJECT suspicious From: header

http://www.postfix.org/header_checks.5.html
http://www.postfix.org/pcre_table.5.html

        Wietse