最後更新: 2019-05-01

目錄

• 用 Mysql 來做 checking
• testing
• No foreign character
• Variable
• regexp tables
• Example: Block someone
• Example: 移除不要的 Header
• Example: Prepend

 

---

介紹

 

It is implemented by the Postfix cleanup(8) server before mail is queued.

message headers are examined one logical header at a time,

    even when a message header spans multiple lines.

Body lines are always examined one line at a time.

 

---

用 Mysql 來做 checking

 

main.cf

#header_checks = regexp:/etc/postfix/header_checks
header_checks = proxy:mysql:/etc/postfix/mysql/control_header_checks.cf

control_header_checks.cf

dbname = mail
hosts  = 127.0.0.1
port   = 3306
user   = mailadmin
password = ?????????????

query = SELECT action FROM `control_header_checks` WHERE '%s' REGEXP rule LIMIT 0,1;

建立 sql table: control_header_checks

------------------
| rule   | action  |
------------------

CREATE TABLE IF NOT EXISTS `control_header_checks` (
  `rule` varchar(255) NOT NULL,
  `action` varchar(255) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

rule 的格式:

Subject:.*\*\*\*SPAM\*\*\*.*

支援:  .  *  ^  $ \

ACTIONS

• OK                                                     # For backwards compatibility, OK treated as DUNNO
• DUNNO                                              # Pretend that the lookup key was not found.
                                                           # This prevents Postfix from trying substrings of the lookup key
                                                           # (shorten  the table search)
• FILTER transport:destination                # 當 mail 被放進 Queue 後(成功過了其他關), 那就會去 指定的 Filter
                                                           # 它會 overrides  content_filter setting 的 filter
• REJECT text
• WARN text                                         # Log a "warning:"  record  with  the optional text
• HOLD                                                # Hold until someone either deletes it or releases it
• PREPEND headername: headervalue
• DISCARD (silently)
• REDIRECT user@domain
• BCC user@domain

P.S.

header_check 係用內容的一行行對 rule 的順次序 check 的 !!!

內容順序 > rule 順序

 

---

Testing

 

postmap -q "string" pcre:/etc/postfix/filename

postmap -q - pcre:/etc/postfix/filename <inputfile

 

---

No foreign character

 

/^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/                                              REJECT No foreign character sets, please.
/^(Content-Type:.*|\s+)charset\s*=\s*"?(big5|euc-kr|gb2312|koi8|Windows-1251|ks_c_5601-1987)"?/    REJECT No foreign character sets, please.

 

---

Variable

 

user@domain

• %%     --> %
• %u      --> user
• %s      --> input  key
• %d      --> domain

 

---

Compile map

 

postmap [type:]/path/to/filename

當沒有指定 type 時, 就會用 default_database_type 設定

postconf default_database_type    # Checking

# Default: hash
default_database_type = hash

file extension

filename.db    # type: hash / btree

 

---

regexp tables(POSIX)

 

安裝

# Default 係沒有安的

dnf install postfix-pcre

postconf -m

Syntax

• /pattern/flags result
• !/pattern/flags result

flags:

i                 # Default: on; case insensitive

 * By default, regexp: and pcre: patterns are case insensitive

Example: Block someone

block someone:

/^Subject: make money fast/     REJECT
/^To: friend@public\.com/       REJECT

* "From:" 及 "To:" 都是不可靠的, 因為任對方宣稱

Spam mail to another mailbox:

/^Subject: \*\*\*SPAM\*\*\*/    REDIRECT [email protected]
/^Subject: \*\*\*Spam\*\*\*/    REDIRECT [email protected]

 

---

PCRE (Perl Compatible Regular Expressions) map

 

pcre vs regexp

 * pcre lookups are often faster than regexp lookups

This is because the pcre implementation is often more efficient than the POSIX regular expression implementation

Syntax

# first non-whitespace character is "#" is comment
/pattern/flags result
!/pattern/flags result

flag

i               # Toggles the case sensitivity flag. Default: on

pattem

\s              # space

\S             # non-space

 

---

Example: 移除不要的 Header

 

/etc/postfix/main.cf:

header_checks = regexp:/etc/postfix/header_checks.cf

/etc/postfix/header_checks.cf

/^Received:.*\[127\.0\.0\.1/            IGNORE
/^Received: from .*\[192\.168\.0\.1/    IGNORE

中了 regexp 的那段 Header 會被移除了.

 

---

Example: Prepend useful info.

 

/etc/postfix/check_helo_access.pcre

# Prepend HELO identifier for anti-spam analytics.
/(.*)/ PREPEND X-Original-Helo: $1 (Usefull info.)

 

---

解決大量回覆回條

 

在搬服務器後, Outlook 不知為何會傻傻地發回大量回條給對方 (Subject: 未讀取:)

eml 的 raw data

Subject: =?big5?B?pbzFqqj6Oi

解決:

/etc/postfix/main.cf

header_checks = regexp:/etc/postfix/header_checks

/etc/postfix/header_checks

/Subject: =\?big5\?B\?pbzFqqj6O/                DISCARD

 

---

if..endif

 

if /pattern/flags
  ...
endif

If the input string matches /pattern/, then match that input string against the patterns between if and endif.

 * The if..endif can nest.

 

---

詳見:

http://www.postfix.org/header_checks.5.html