Compare commits
2 Commits
96a77260c3
...
d1694bf3a4
| Author | SHA1 | Date | |
|---|---|---|---|
| d1694bf3a4 | |||
| ee1e2d0b7e |
@@ -2257,6 +2257,45 @@ if ! $installation_failed ; then
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create /etc/spamassassin/99_nullsender.cf
|
||||
#
|
||||
# Spamassassin Regeln für Nullsender (Return-Path: <>)
|
||||
#
|
||||
# Problem:
|
||||
# echte DSNs haben ebenfalls Return-Path: <>
|
||||
#
|
||||
# Aber:
|
||||
# Echte DSNs sind i.d.R. multipart/report (delivery-status)
|
||||
#
|
||||
echononl " Create file \"/etc/spamassassin/99_nullsender.cf\".."
|
||||
cat <<'EOF' > /etc/spamassassin/99_nullsender.cf 2> $tmp_err_msg
|
||||
########################################################################
|
||||
# Null-sender (Return-Path: <>) Behandlung
|
||||
# Ziel: Fake-Bounces markieren, echte DSNs nicht treffen
|
||||
########################################################################
|
||||
|
||||
# 1) Null-Envelope-From erkannt
|
||||
header LOCAL_NULL_SENDER Return-Path =~ /^<>$/i
|
||||
describe LOCAL_NULL_SENDER Null envelope-from (Return-Path <>)
|
||||
score LOCAL_NULL_SENDER 0.1
|
||||
|
||||
# 2) Echte DSNs sind i.d.R. multipart/report (delivery-status)
|
||||
header LOCAL_DSN_MULTIPART Content-Type =~ /^multipart\/report\b/i
|
||||
describe LOCAL_DSN_MULTIPART Looks like a real DSN (multipart/report)
|
||||
score LOCAL_DSN_MULTIPART -3.0
|
||||
|
||||
# 3) Fake-Bounce: Null-sender, aber NICHT multipart/report
|
||||
meta LOCAL_NULL_NOT_DSN LOCAL_NULL_SENDER && !LOCAL_DSN_MULTIPART
|
||||
describe LOCAL_NULL_NOT_DSN Null-sender but not a DSN (likely fake bounce spam)
|
||||
score LOCAL_NULL_NOT_DSN 6.0
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $tmp_err_msg)"
|
||||
fi
|
||||
|
||||
|
||||
# - Enable nightly cronjob for spamassassin
|
||||
# -
|
||||
|
||||
@@ -3616,41 +3616,58 @@ fi
|
||||
_file="/etc/postfix/header_checks.pcre"
|
||||
echononl " Create file '$_file' used for header replacing"
|
||||
if [[ ! -f "$_file" ]]; then
|
||||
cat << EOF > "$_file"
|
||||
cat << 'EOF' > "$_file"
|
||||
# ---
|
||||
# - Replace headers
|
||||
# - Header Checks - /etc/postfix/header_checks
|
||||
# ---
|
||||
#
|
||||
# Ziel: offensichtlich kaputte RFC-Header ablehnen (wenig False Positives)
|
||||
|
||||
# - Replace recieved from
|
||||
#/^Received: from (.* \\([-._[:alnum:]]+ \\[[.[:digit:]]{7,15}\\]\\)).*?([[:space:]]+).*\\(Authenticated sender: ([^)]+)\\)(.*)/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])\$2(Authenticated sender: \$3)\$4
|
||||
########################################
|
||||
# A) Kaputter From:-Header
|
||||
########################################
|
||||
|
||||
# 1) From: ist leer
|
||||
/^From:\s*$/ REJECT Invalid From header (empty) - Spamschutzregel FROM-1001
|
||||
|
||||
# 2) Mehr als ein '@' im From:-Header -> syntaktisch kaputt
|
||||
/^From:.*@.*@/ REJECT Invalid From header (multiple @) - Spamschutzregel FROM-1002
|
||||
|
||||
|
||||
# ---
|
||||
# - Ignore Headers
|
||||
# ---
|
||||
# 3) Mehrere Mailboxen durch Komma getrennt (wie: Die@..., Lions@..., ...)
|
||||
# (Legitime Fälle nutzen i.d.R. Display-Namen/Group-Syntax; dieses Muster ist in Spam sehr häufig)
|
||||
/^From:\s*[^<>,]+@[^,]+,\s*[^<>,]+@/ REJECT Invalid From header (multiple mailboxes) - Spamschutzregel FROM-1003
|
||||
|
||||
#/^\s*User-Agent/ IGNORE
|
||||
#/^\s*X-Enigmail/ IGNORE
|
||||
#/^\s*X-Mailer/ IGNORE
|
||||
#/^\s*X-Originating-IP/ IGNORE
|
||||
# 4) Typische kaputte UTF-8-Fragmente
|
||||
/^From:.*\xC3\xA2/ REJECT Invalid UTF-8 in From header - Spamschutzregel FROM-1004
|
||||
|
||||
|
||||
# ---
|
||||
# - Reject / Discard headers
|
||||
# ---
|
||||
########################################
|
||||
# B) Optional: sehr spezifische lokale Blacklist
|
||||
########################################
|
||||
|
||||
/^To:.*<>/ REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001
|
||||
#/^Reply-To: .+\@inx1and1\..+/ REJECT Possible spam (local pattern)
|
||||
|
||||
/\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
|
||||
|
||||
/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
|
||||
########################################
|
||||
# C) Warn
|
||||
########################################
|
||||
|
||||
/^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
|
||||
# Date-Rejects sind oft zu aggressiv -> wenn nötig: lieber taggen oder loggen statt reject
|
||||
/^Date: .* 19[0-9][0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1001
|
||||
/^Date: .* 200[0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1002
|
||||
/^Date: .* 201[0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1003
|
||||
|
||||
|
||||
|
||||
########################################
|
||||
# Bemerkungen
|
||||
########################################
|
||||
|
||||
# (envelope-from <>) nicht pauschal rejecten:
|
||||
# echte DSNs/Bounces haben legitimerweise MAIL FROM: <>
|
||||
#/\(envelope-from <>\)/ REJECT Null envelope-from
|
||||
|
||||
/^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
|
||||
/^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
|
||||
/^Date: .* 201[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003
|
||||
/^Date: .* 2020/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
|
||||
Reference in New Issue
Block a user