Spam Filtering with postifx and pcre

1. Check if postfix has pcre support :

postconf -m

2. Add the below lines to main.cf

vi /etc/postfix/main.cf

body_checks = pcre:/etc/postfix/body_checks.pcre
header_checks = pcre:/etc/postfix/header_checks.pcre

3. Put the keywords and details that you want to filter :

vi /etc/postfix/body_checks.pcre

# First skip over base 64 encoded text to save CPU cycles.
# Requires PCRE version 3.
~^[[:alnum:]+/]{60,}$~          OK
# Put your own body patterns here.
/Viagra/ REJECT
/pron/ REJECT
/sex/ REJECT
/free money/ REJECT
/^.*=20[a-z]*=20[a-z]*=20[a-z]*=20[a-z]*/ REJECT

 

vi /etc/postfix/header_checks.pcre

/^Subject:(.*)fuck|(.*)viagra/ REJECT Dont Bother Sending Rubbish Emails
/^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
hlp|ht[at]|
inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
REJECT Attachment name "$2" may not end with ".$4"

Also  You can Reject based on domain with helo_access.pcre, but enable that in main.cf, add the following to smtp helo restrictions

smtpd_helo_restrictions = other restrictions, check_helo_access pcre:/etc/postfix/helo_access.pcre

vi /etc/postfix/helo_access.pcre

/(.*)/ PREPEND X-Original-Helo: $1

/^localhost$/    REJECT Go away, bad guy (localhost).
/^localhost.localdomain$/REJECT Go away, bad guy (localhost.localdomain)

/^[0-9.]+$/     REJECT Go away, bad guy (not RFC compliant).

/^126\.com$/        REJECT Go away, bad guy (126.com).
/^163\.com$/        REJECT Go away, bad guy (163.com).
/^163\.net$/        REJECT Go away, bad guy (163.net).
/^sohu\.com$/       REJECT Go away, bad guy (sohu.com).
/gmail\.com$/       REJECT Go away, bad guy (gmail.com).
/^google\.com$/     REJECT Go away, bad guy (google.com).
/^yahoo\.com\.cn$/  REJECT Go away, bad guy (yahoo.com.cn).
/^yahoo\.co\.jp$/   REJECT Go away, bad guy (yahoo.co.jp).

You may also like...