I am using SpamAssassin Mail Filter to block mail domains with wildcards, but those domains start to send emails somehow with on behalf of.
For example, i already have marked this domain like *@163.com but still receive spam emails.
How to block that?
Source email
Return-Path: <ilrdzb@wilx.com>
X-Original-To: XXX
Delivered-To: "XXX"@XXX
Received: from apteka-sloneczna.pl (unknown [182.136.235.217])
by XXX (Postfix) with ESMTP id DFF40A007F84
for <XXX>; Sat, 6 Apr 2024 20:46:43 +0200 (CEST)
Date: Sun, 7 Apr 2024 02:46:50 +0800 (CST)
From: 15009567621 <15009567621@163.com>
Sender: ilrdzb <ilrdzb@wilx.com>
To: admin <XXX>
Message-ID: <161250356.3936903.1712429210283@apteka-sloneczna.pl>
Subject: welded pipe
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
are other rules working, you should he spamassin rules in the header with the points it added.
Not sure how to test the “on behalf of” email. How do I duplicate sending that?
The header you have shown doesn’t indicate Spamassassin is running, is it?
like
X-Spam-Hostname-Processed-On:
X-Spam-Ip-Sent-From:
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
X-Spam-Report:
X-Spam-Status: No, score=-2.4 required=8.0 tests=
i am not sure, not present, here is the etc/postfix/main.cf file
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = maxel.mk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, maxel.mk, localhost.mk, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
allow_percent_hack = no
resolve_dequoted_address = no
tls_server_sni_maps = hash:/etc/postfix/sni_map
Do you have X-Spam-whatever lines in the header of those emails to indicate that SpamAssassin is checking your rules? If so what do they say? If not SpamAssassin is not configured to check and will not do anything.