update..

2022-11-17 18:10:40 +01:00
parent f80772ed42
commit 45115c6700
75 changed files with 5165 additions and 436 deletions
--- a/roles/common/files/mailserver/etc/postfix/body_check.pcre
+++ b/roles/common/files/mailserver/etc/postfix/body_check.pcre
@ -0,0 +1,9 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ---
+# - Body Checks
+# ---
+
+/See the attached file for details/       REJECT Sobig Virus found. - Body-Spamschutzregel TEXT-1001
+
+/.*https?:\/\/click2eat.shop\/Installer\/updatedwebmails/   REJECT Maype fishing E-Mail credentials - Body-Spamschutzregel TEXT-1002
--- a/roles/common/files/mailserver/etc/postfix/header_checks.pcre
+++ b/roles/common/files/mailserver/etc/postfix/header_checks.pcre
@ -0,0 +1,37 @@
+# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
+# ---
+# - Replace headers
+
+# - Replace recieved from IPv4
+#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4
+
+# - Replace recieved from IPv6
+#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6
+
+# ---
+# - Ignore Headers
+# ---
+
+#/^\s*User-Agent/        IGNORE
+#/^\s*X-Enigmail/        IGNORE
+#/^\s*X-Mailer/          IGNORE
+#/^\s*X-Originating-IP/  IGNORE
+
+
+# ---
+# - Reject / Discard headers
+# ---
+
+/^To:.*<>/                    REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001
+
+/\(envelope-from <>\)/        REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
+
+/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
+
+/^From:.*<>/                  REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
+
+/^Date: .* 19[0-9][0-9]/      REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
+/^Date: .* 200[0-9]/          REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
+/^Date: .* 201[0-9]/          REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003
+/^Date: .* 2020/              REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
@ -22,3 +22,25 @@
 illuminatus\.lionheart\.lovejoy$
 dancortez\.500$
 geplosser\.pl$
+zukunftbeitragen\.quest$
+gulpagerts\.com$
+flodesyta\.shop$
+einfach-mail-express\.eu$
+feowatley\.shop$
+kssalon\.com$
+zeitarbeitsgruppe\.com$
+jobinscenter\.mom$
+bilingates\.gsm\.pl$
+^mail\.finsky-palace\.radio\.am$
+^mail\.newslinkes\.radio\.fm$
+thecaffeinatedquilter\.com$
+^mail\.hossted\.app$
+rea\.realflightshop\.com$
+tetontimberlinetrading\.com$
+walelaber\.shop$
+couetsart\.xyz$
+technedigitale\.com$
+dia-two-2\.de$
+surlumice\.store$
+hecnvoipl\.xyz$
+viastarco\.xyz$
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
@ -18,3 +18,55 @@
 85.254.72.106
 103.136.40.0/23
 185.53.170.115
+# zukunftbeitragen.quest
+86.107.103.211
+# RU (u.a. mail.geplosser.pl)
+62.152.59.0/24
+# GB mx.bilingates.gsm.pl
+95.168.184.156
+# RU (u.a. mx.jobinscenter.mom)
+31.28.27.0/24
+# RU (u.a. mx.novatechs.gen.tr)
+93.189.44.0/22
+# RU (u.a. vh126.timeweb.ru)
+92.53.96.0/24
+# RU (u.a. mail.newslinkes.radio.am)
+45.130.151.0/24
+# US - OLink Cloud LLC US Cloud ( u.a. pritionch.store)
+104.160.19.0/24
+# TR (u.a. dosvufpro.store
+185.219.135.0/24
+# RZ ( u.a. mx.jobinscenter.mom)
+31.28.27.0/24
+# RU (mx.novatechs.gen.tr)
+93.189.44.0/22
+# mx.bilingates.gsm.pl
+95.168.184.156
+# mail.finsky-palace.radio.am
+89.163.230.186
+# mail.newslinkes.radio.fm
+62.3.58.20
+# SC ( u.a. undialogy.store)
+149.3.170.0/24
+# tetontimberlinetrading.com
+155.94.219.66
+185.43.108.101
+# US (u.a.walelaber.shop)
+216.250.247.0/24
+# IN (u.a. couetsart.xyz)
+103.174.86.0/23
+# DE ( u.a. smtp15.dia-two-2.de
+193.168.252.0/23
+# US ( u.a. surlumice.store )
+# 192.161.160.0/19
+192.161.173.22
+# RU
+194.87.236.0/22
+# SC (u.a. werkzeughandeldirekt.net)
+146.19.253.0/24
+# Piscataway NJ (u.a. werkzeughandeldirekt.net)
+209.182.224.0/22
+# LV (u.a. eur-versand.com )
+217.199.96.0/19
+# viastarco.xyz (eur-versand.com)
+163.123.180.214
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
@ -40,6 +40,23 @@
@geplosser\.pl$
@alfasells\.de$
@news-des-tages\.de$
+@handel2022\.com$
+@zukunftbeitragen\.quest$
+@ip-51-83-242\.eu$
+@notreesnolife\.com$
+@ilsang\.biz$
+vorteilsemail\.de$
+@inbox\.ru$
+@poeloker\.com$
+@jobinscenter\.mom$
+@novatechs\.gen\.tr$
+@bilingates\.gsm\.pl$
+@newslinkes\.radio\.fm$
+@finsky-palace\.radio\.am$
+@deutsche-ecommerce\.net$
+@cpsarg\.com$
+@markenhandelonline\.com$
+firmen-infos\.com$

@inx1and1\..+$
@ppe-healthcare-europe\.\S+$
@ -56,3 +73,5 @@
 # annoying spammer addresses
 ^error@mailfrom\.com$
 ^sqek@eike\.se$
+^info@webmeinung\.de$
+^info@handel-versand\.com$