On Fri, 16 Jan 2026 17:17:48 -0800, Viktor Dukhovni via Postfix-users wrote:
>> Why pcre as opposed to regex? i.e. > Because PCRE is often more capable, and may be familiar from other > contexts, but also because "bad advice", parsing header addresses > with regular expressions is always a mistake. hmmmm. my unjustified instinct is that pcre is a bit heavier than old fashioned regex. but, as i said, unjustified. and the load is light, < 500 msg/hr make it past dnsbls etc. >> /(randy|root)@bogus.com/ [email protected] >> /[email protected]/ dest.server >> /[email protected]/ dest.server >> /[email protected]/ dest.server >> /.*@bogus.com/ /dev/null >> >> thanks! > > The correct form of grattitude is "thanks, your time and effort are > appreciated, but I'll do somethin else...". please do not put words in my mouth, i need the room for feet. i did not intend what you imply. i meant two things: o how would bill recommend i decide between two seeimgly different hacks? o and to thank bill for the clue of using virtual as opposed to header matching. as you point out, big mistake there. > Spam filtering can be difficult, use high quality RBLs, perhaps > postscreen can help, and if "rspamd" is in effective, test > alternative or multiple filters. i am using postscreen, though undoubtedly my use could be improved postscreen_access_list = permit_mynetworks postscreen_dnsbl_sites = list.dnswl.org=127.0.[0..255].[1..3]*-5 zen.spamhaus.org*2 postscreen_dnsbl_action = enforce postscreen_denylist_action = drop postscreen_greet_action = drop i am also running rspamd, but a lot gets through as Add Header, i.e. /X-Spam: YES/, some of it spam and some of it should be ham. i am sure my configuration could be improved. and i am trying filters, cf. this discussion. or did you mean another heavy processor on the order of rspamd? rspamd and postfix are already punching above my weight; i am a bgp & is-is kinda guy. >> bogus.com has only half a dozen legitimate local parts, i.e. foo in >> [email protected]. what is the simplest efficient way to drop all >> inbound for all but the half dozen legit local parts? > > You have failed to mention whether this is, or is not a virtual alias > domain it is now :) fwiw, the MX targets have no local mailboxes. it's all onward transport, O(dozen) in `relay_domains`. >> fwiw, my current hack is in `header_checks` a la >> /^To:.*[email protected]/ PASS >> /^To:.*[email protected]/ PASS >> /^To:.*[email protected]/ PASS >> ... >> /^To:.*@bogus.com/ DISCARD > > That's a bad idea. The regular expressions are far too imprecise, > and why are you trying to filter on header rather than envelope > addresses? If any of the recipients ever receives legitimate mail from > a list, or otherwise as a forward or BCC, their specific address won't > be in the headers... point! <doh> for the moment i fixed this header/envelop st00pidity by virtuals as bill suggested <blush> > but a real virtual alias domain already requires matching > **envelope** addresses in the virtual alias table, and I'd NEVER > recomment use of regular expressions in that context. care to explain why not? > The PCREs are poorly anchored, better REs would be: > if /@bogus\.com$/ > /^foo@[^@]*$/ [email protected] > /^bar@[^@]*$/ [email protected] > /^feen@[^@]*$/ [email protected] > fi wow! ok. and that's why pcre, eh? except > And of course one should/would not use a regexp virtual(5) table: > > main.cf: > indexed = ${default_database_type}:${config_directory}/ > virtual_alias_domains = bogus.com > virtual_alias_maps = ${indexed}virtual > > virtual: > [email protected] [email protected] > [email protected] [email protected] > [email protected] [email protected] hmmm. i need to think more. there are a fair number of domains being forwarded, most to a remote default smtp server which actually deals with all the virtuals plus a few hundred local mailboxes. just this one particular domain, bogus.com, seems to attract hundreds of spam emails a day which rspamd classifies as /X-Spam: YES/ which i have to review manually. i need to read and think more thanks for all sorts of clues randy _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
