Neep Help with Postfix and headers_check

Debian 10 Buster with Virtualmin 6.17

Hi Forum,
I get a lot of spam from “*.ip.linodeusercontent.com” so I would like to REJECT all f these mails from users at ip.linodeusercontent.com.

It looks like this
Received:
from hubspotemail.net (172-104-227-129.ip.linodeusercontent.com [172.104.227.129]) by myhost.mydomain.tld (Postfix) with ESMTP id 61689B40C05 for user@domain.tld; Sat, 26 Mar 2022 12:31:22 +0100 (CET)

nano /etc/postfix/main.cf
I added
header_checks = pcre:/etc/postfix/header_checks

nano /etc/postfix/header_checks
If /^From:/i
/^From: .*ip.linodeusercontent.com/ REJECT
Endif

But it does not work.
and with postmap I’ll get

postmap /etc/postfix/header_checks
postmap: warning: /etc/postfix/header_checks, line 2: record is in “key: value” format; is this an alias file?
postmap: warning: /etc/postfix/header_checks, line 3: expected format: key whitespace value

Hi,

What about using Webmin / Servers ⇾ SpamAssassin Mail Filter: Allowed and Denied Addresses to configure denied addresses?

They’re not wanting to block based on the From: address, which is what that form is for. This is about the server hostname it comes from.

At least, I assume they aren’t all coming from the same From: address or domain.

Ah, okay.

This error is coming from having a space after your From: in regex. It should rather look like this:

/^From:.*ip\.linodeusercontent\.com/ REJECT

I would also removed if endif block, as it is simply unnecessary, and be careful you cannot indent content inside of if endif block (check on that too). Moreover, I haven’t seen anyone using capital letters for If and Endif but that shouldn’t be a problem.

But it does not work.
and with postmap I’ll get

You don’t need to use postmap on files with PCRE. Simply restart Postfix.

Additionally double check that the package postfix-pcre is installed (it’s nearly impossible to have it not installed but just in case).

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.