On 5/3/2013 4:01 AM, Frank Bonnet wrote: > Hello > > We are hardly spammed by numerous sources , the FIRST line of each email > is like the following > > Return-Path: <corona...@google.com> > > The left part of the address is constantly changed but the right is > always @google.com > > I would like to discard all that spam, help greatly appreciated > > Thanks by advance >
The Return-Path: header is added by postfix during delivery, and is equal to the envelope sender address. It's not clear that all @google.com senders are spam, so there may be legit mail caught in the trap. Use with caution. You can probably reject most of the spam using a few common and relatively safe rules. I would suggest something like this: # main.cf smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination # next line is considered quite safe reject_unknown_reverse_client_hostname # next line is safe for most sites check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre # zen is considered a very safe and effective RBL reject_rbl_client zen.spamhaus.org # next line rejects all @google.com senders. May reject legit mail. check_sender_access pcre:/etc/postfix/sender.pcre ## sender.pcre file contents: /@google\.com$/ REJECT suspicious @google.com sender address # while you're at it, reject the current .pw tld spam storm /\.pw$/ REJECT ".pw" domains not accepted here The fqrdns.pcre file can be downloaded here: http://www.hardwarefreak.com/fqrdns.pcre If you're uncomfortable with any of the above suggestions, you can safely try them out by prepending warn_if_reject, which will log a reject_warning:, but not reject the message. Like this: warn_if_reject reject_rbl_client zen.spamhaus.org The above settings require postfix 2.6 or newer, with pcre support. -- Noel Jones
