Here is how you can improve your Postfix access maps in order to block incoming spam based on sender’s address.
Step 1. Collect all unwanted mail in one directory
Using your mail client, move junk emails to the Junk folder (Whether you filter mail manually or with the help of spam filters is entirely up to you).
Step 2. Navigate to the directory with unwanted mail
In the command line of your mail server, navigate to the mail directory down to the junk folder that contains unwanted mail (typically it’s a subdirectory named either “new” or “cur”).
Step 3. Create a new directory for mail already processed
In the folder that contains the spam you want to run through your access maps file or header checks file, create these new directories:
mkdir temp
This directory will hold the individual mails that are yet to be processed.
mkdir done
This directory will hold the individual mails that have already been processed (until you delete them).
Move the spam to the temp directory.
Step 4. Mark mail from unrecognized senders with DUNNO
In the file which is referenced as your access sender maps table (e.g. /etc/postfix/access_maps/pcre_access_sender) in /etc/postfix/main.cf, enter this line after all other rules:
/^From:.+($|>)/ DUNNO
This line will log the message “DUNNO” for each unknown sender address indicating that Postfix cannot decide what to do with that particular message based on MAIL FROM.
Step 5. Run each spam message through postmap
At the prompt, enter this line (after adjusting for the path to your header checks or access maps file):
for f in temp/*; do echo "Processing $f ... please wait..."; (postmap -q - pcre:/etc/postfix/access_maps/pcre_access_sender < $f) >> logs_pcre_access_sender; mv $f done/; done
This little one-liner will:
- iterate through each individual email message in the folder (temp/*),
- run each individual message through the access maps or header checks file,
- redirect the output to the logs_pcre_access_sender file (an arbitrary file generated by the output of postmap in this example),
- move the file that’s been processed to the folder done.
It will, however, limit checks to the access maps table for senders’ addresses. (You may want to repeat Step 3 and 4 for other types of restrictions.)
The result will be written to logs_pcre_access_sender (in your current working directory).
Step 5. Find offending senders’ addresses
Grep in logs_pcre_access_sender for DUNNO to find all undesirable senders:
grep -i DUNNO logs_pcre_access_sender >> DUNNOs
You can extract these very easily using regex and add them to your access restrictions.
Step 6. Extract domain names and convert them into regular expressions
Strip the file containing unrecognized senders of all irrelevant characters leaving only the offending domain names in place.
In Notepad++, run a replacement using regular expressions. Search for the pattern:
^(.+)\.(.+)
Replace each occurrence of this pattern with:
/[@\\.]+\($1\\.$2\)\($|>\)/ DISCARD sender's domain name rejected : [\$1]
This will turn your list of domains:
domainname1.tld domainname2.tld domainname3.tld
into a list of regular expressions for domain-level blocking in Postfix which you can enter into a regex: or pcre: access map table:
/[@\.]+(domainname1\.com)($|>)/ DISCARD sender's domain name rejected : [$1] /[@\.]+(domainname2\.com)($|>)/ DISCARD sender's domain name rejected : [$1] /[@\.]+(domainname3\.com)($|>)/ DISCARD sender's domain name rejected : [$1]
Tip: Before pasting from Notepad++ into PuTTY, perform an EOL conversion to the Windows standard.
Step 7. Test your regex and reload or restart Postfix
Remember to test your regex using:
postmap -q '<yadayada@domainname1.com>' pcre:/etc/postfix/access_maps/pcre_access_sender
If it works, run:
postfix reload
or
systemctl restart postfix
Tip: Sifting through log files can be cumbersome. If you want to cut to the chase and see just the most relevant output, you can use:
egrep '(warning|error|fatal|panic):' /var/log/maillog | more
Leave a Reply