pcre

Spam Filtering with postifx and pcre

  1. Check if postfix has pcre support :

postconf -m

  1. Add the below lines to main.cf

vi /etc/postfix/main.cf

body_checks = pcre:/etc/postfix/body_checks.pcre<br></br>
header_checks = pcre:/etc/postfix/header_checks.pcre```

3. Put the keywords and details that you want to filter :

`vi /etc/postfix/body_checks.pcre```

```
# First skip over base 64 encoded text to save CPU cycles.<br></br>
# Requires PCRE version 3.<br></br>
~^[[:alnum:]+/]{60,}$~          OK<br></br>
# Put your own body patterns here.<br></br>
/Viagra/ REJECT<br></br>
/pron/ REJECT<br></br>
/sex/ REJECT<br></br>
/free money/ REJECT<br></br>
/^.*=20[a-z]*=20[a-z]*=20[a-z]*=20[a-z]*/ REJECT```

 

`vi /etc/postfix/header_checks.pcre`

/^Subject:(.)fuck|(.)viagra/ REJECT Dont Bother Sending Rubbish Emails


/^Content-(Disposition|Type).name\s=\s*"?(.(.|=2E)(


ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|


hlp|ht[at]|


inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|


{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}}|


ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|


vb[esx]?|vxd|ws[cfh]))(?=)?"?\s(;|$)/x


REJECT Attachment name "$2" may not end with ".$4"```

Also  You can Reject based on domain with helo_access.pcre, but enable that in main.cf, add the following to smtp helo restrictions

smtpd_helo_restrictions = other restrictions, check_helo_access pcre:/etc/postfix/helo_access.pcre

vi /etc/postfix/helo_access.pcre

```/(.*)/ PREPEND X-Original-Helo: $1`

/^localhost$/    REJECT Go away, bad guy (localhost).<br></br>
/^localhost.localdomain$/REJECT Go away, bad guy (localhost.localdomain)```

```/^[0-9.]+$/     REJECT Go away, bad guy (not RFC compliant).```

```
/^126\.com$/        REJECT Go away, bad guy (126.com).<br></br>
/^163\.com$/        REJECT Go away, bad guy (163.com).<br></br>
/^163\.net$/        REJECT Go away, bad guy (163.net).<br></br>
/^sohu\.com$/       REJECT Go away, bad guy (sohu.com).<br></br>
/gmail\.com$/       REJECT Go away, bad guy (gmail.com).<br></br>
/^google\.com$/     REJECT Go away, bad guy (google.com).<br></br>
/^yahoo\.com\.cn$/  REJECT Go away, bad guy (yahoo.com.cn).<br></br>
/^yahoo\.co\.jp$/   REJECT Go away, bad guy (yahoo.co.jp).```

Sign up for more like this.

Enter your email
Subscribe