This week I have been setting up and tested with Postfix / Rspamd / Redis.
The system is running and I have the Rspamd GUI available for tweaking and monitoring (thanx to this thread: https://forum.opnsense.org/index.php?topic=17569.msg119574 (https://forum.opnsense.org/index.php?topic=17569.msg119574) )
Now I came across this site with info about spammers/backscatter : http://www.postfix.org/BACKSCATTER_README.html (http://www.postfix.org/BACKSCATTER_README.html)
How to config this
QuoteTo block such backscatter I use header_checks and body_checks patterns like this:
/etc/postfix/main.cf:
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks:
# Do not indent the patterns between "if" and "endif".
if /^Received:/
/^Received: +from +(porcupine\.org) +/
reject forged client name in Received: header: $1
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2
/^Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1
endif
/^Message-ID:.* <!&!/ DUNNO
/^Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1
/etc/postfix/body_checks:
# Do not indent the patterns between "if" and "endif".
if /^[> ]*Received:/
/^[> ]*Received: +from +(porcupine\.org) /
reject forged client name in Received: header: $1
/^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2
/^[> ]*Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1
endif
/^[> ]*Message-ID:.* <!&!/ DUNNO
/^[> ]*Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1
How to config this in Postfix GUI on opnsense?
Does it work as:
Services: Postfix: Header Checks
adding e.g. Expression: .* <!&!/ DUNNO REJECT
for [while receiving mail]
or how should i do this?