Postfix:header checks

From Hackepedia
Jump to navigationJump to search

This was taken from various places. The idea is we can clean it up and edit as appropriate, so that we can all cut and paste to use.

/^To: friend@public\.com/
     REJECT Spamware mailer detected.
# All sorts of microsoft-induced brain damage.  Tell sender to cut it out.
#/^Content-Disposition: attachment; *filename=.*\.(scr|pif|exe|com|bat|shs|shb|vxd|rm|chm|vbs|ini|cm
d|do|hta|xl|reg|lnk|js|jse)$/
#    REJECT Microsoft attachments not accepted here.  Please remove them and resend. 
/^(To|Cc|Resent-To):.*honeyass69*/
    REJECT We prefer to reject SPAM at this location. 
/^(To|Cc|Resent-To):.*caramel*/
    REJECT We prefer to reject SPAM at this location.  0003
/^Content-Type:\*image\/gif/       
    REJECT 550 gif is no longer permitted here due to spam usage. email the adminstrator here if this is an issue. 0004

#/^Content-Type: multipart\/alternative/
#    REJECT HTML not allowed.  Microsoft Outlook users: to turn off HTML mail choose Tools -> Options -> Mail Format -> Message Format -> Plain text.
#/^Content-Type: text\/html/
#    REJECT HTML not allowed.  Microsoft Outlook users: to turn off HTML mail choose Tools -> Options -> Mail Format -> Message Format -> Plain text.
#/^Content-Type: multipart\/related/
#     REJECT HTML not allowed.  Microsoft Outlook users: to turn off HTML mail choose Tools -> Options -> Mail Format -> Message Format -> Plain text.
#/^Content-Disposition: Multipart message/
#     REJECT HTML not allowed.  Microsoft Outlook users: to turn off HTML mail choose Tools -> Options -> Mail Format -> Message Format -> Plain text.
/^Subject: =?big5?/             
    REJECT Chinese encoding not allowed.  0005
/^Subject: =?EUC-KR?/               
    REJECT Korean encoding not allowed. 0006
/^Content-Type:.*charset=.?ks[\-_c]/
    REJECT Korean language rejected.  0007
/^Content-Type:.*charset=.?euc[\-_]kr/  
    REJECT Korean language rejected.  0008
/^Subject: ADV:/
     REJECT Advertisements not accepted here.  0009
/^X-Mailer: ravmd\//
     REJECT Antivirus software generated messages are not welcome here.  Our machines run FreeBSD and do not send viruses.  Your software must be misconfigured.  0010.
/^Subject: .*[^[:print:]]{6}/  
     REJECT  English please..  0011 
#/^Subject: .*BOUNCE [email protected]:    Non-member submission from*/
#     REJECT You must be a member to post. http://www.yashy.com/list/
/^Received:.*\[192\.168\.3./ IGNORE
#/^Received: from 127.0.0.1/                    IGNORE
/^Disposition-Notification-To:/                 IGNORE

# On some systems we create a custom log entry for SpamAssassin confirmed spam emails.
# If you want to drop or hold these emails, change WARN to DISCARD or HOLD respectively.
# You can also use the FILTER command to forward all spam to another process or account.
# /^X-Spam-Flag: YES/                           WARN SpamAssassin Confirmed Spam Content

# These are headers used to track some spam messages.
/^Bel-Tracking: .*/                             REJECT Confirmed spam. Go away.
/^Hel-Tracking: .*/                             REJECT Confirmed spam. Go away.
/^Kel-Tracking: .*/                             REJECT Confirmed spam. Go away.
/^BIC-Tracking: .*/                             REJECT Confirmed spam. Go away.
/^Lid-Tracking: .*/                             REJECT Confirmed spam. Go away.

# Following Will Block Spams With Many Spaces In The Subject.
/^Subject: .*            /                      REJECT Your subject had too many subsequent spaces. Please change the subject and try again.
/^Date: .* 200[0-6]/                            REJECT Your email has a date from the past. Fix your system clock and try again.
/^Date: .* 19[0-9][0-9]/                        REJECT Your email has a date from the past. Fix your system clock and try again.

/^Subject: Snowhite and the Seven Dwarfs - The REAL story!/     REJECT Message content rejected - No
 spam please!

# male insecurity

/^Subject: Get Viagra Online Now !!!/                           REJECT Message content rejected - No spam please!
/^Subject: ENLARGE YOUR PACAKGE GUARANTEED/                     REJECT Message content rejected - No spam please!
/^Subject: Add REAL Inches To Your Package! GUARANTEED/         REJECT Message content rejected - No spam please!
/^Subject: At Last, Herbal V, the All Natural Alternative!/     REJECT Message content rejected - No spam please!
/^Subject: Have Hair Loss? We Can Help You!\.\.Read on\.\./     REJECT Message content rejected - No spam please!
/^Subject: Pill to Increase Your Ejaculation by \d{3}%/         REJECT Message content rejected - No spam please!
/^Subject: free trial herbal viagra good for men and women/     REJECT Message content rejected - No spam please!
/^Subject: STAYING POWER/                                       REJECT Message content rejected - No spam please!
/^Subject: Isn\'t It Time You Solved Your \"little\" Problem\?\s*\d{2,6}/       REJECT Message content rejected - No spam please!
/^Subject: Non Prescription Alternative to Viagra/              REJECT Message content rejected - No spam please!
# known spamware

/^X-(Advertisement|\d|UltraMail|Bulkmail): /    REJECT Message content rejected - No spam please!
/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|EmailerPlatinum|eMarksman|Ext
ractor|e-Merge|fromstealth[^.]|GlobalMessenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|ma
ssmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora)\b/ REJECT Message content rejected - No spam please!
/^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate
|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCoolBlastoise|MailerGear|Advanced Mass Sender)\b/   REJECT Message content rejected - No spam please!
/^X-Server: Advanced Direct Remailer/   REJECT Message content rejected - No spam please!
/^X-AD2000-(Serial|Register):/  REJECT Message content rejected - No spam please!

#anti spammer robots
/^X-Mailer: .*(PSS Bulk Mailer|ccMailLink|IXO-Mail|MMailer|K-ML|GoldMine|MAGIC|bomber|expeditor|Brooklyn North|Broadcast|DMailer|Extractor|EMailing List Pro|Group|Fusion|News Breaker|dbMail|Unity|PG-
MAILINGLIST PRO|Dynamic| Splio|Sarbacane|sMailing|Broadc@st|WorkZ|ABMailer|QuickSender).*$/ REJECT We reject spam sending software

#mplayer ml
/^Received:.*mail.mplayerhq.hu.*$/ REJECT I'm not subscribed
#anonymizers
#/^Received: .*(barbarella\.super\.nu|cameleon.org|remailer\.privacy\.at).*$/ REJECT

#Spamming top-domains
/^Received: .*\.gt .*$/ REJECT Sorry, too much spam from your country
/^Received: .*\.tw .*$/ REJECT Sorry, too much spam from your country
/^Received: .*\.kr .*$/ REJECT Sorry, too much spam from your country
/^Received: .*\.cr .*$/ REJECT Sorry, too much spam from your country
/^Received: .*\.cn .*$/ REJECT Sorry, too much spam from your country
#Spamming domains (stupid companies)
/^Received: .*avoska\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*yourwebsite\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*gastone\.it.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*waloa\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*cornut\.fr.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*microtronique\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*caminarsoftware\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*\.lk.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*\.quik\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*rootsystems\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*webhostingtalk\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*mail\.liekki\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*h8h\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*port\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*\.eth\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*hamilton\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*indiatimes\.com.*$/ REJECT bouncetime.com
/^Received: .*e-newsletters.*$/ REJECT newsletters forbidden
/^Received: .*usbid\.com.*$/ REJECT
/^Received: .*\.ixo\.com.*$/ REJECT
/^Received: .*dsl.brasiltelecom.net.br.*$/ REJECT
#Spamming domains using multiple smtp servers
/^From: .*uol\.com\.co.*$/ REJECT You are banned due to stupid spamming habits
/^From: .*clubsurf\.com.*$/ REJECT You are banned due to stupid spamming habits
/^From: .*ecplaza\.net.*$/ REJECT You are banned due to stupid spamming habits
/^From: .*advancenet\.net.*$/ REJECT You are banned due to stupid spamming habits
/^From: .*pc-look\.com.*$/ REJECT Shut up stupid spammer
/^From: .*pc-zone\.com.*$/ REJECT Shut up stupid spammer
/^From: .*zone pc.*$/ REJECT Shut up stupid spammer
/^From: .*fabricehalimi@aol\.com.*$/ REJECT Go spam elsewhere
#/^From: .*yahoo.com\.*$/ REJECT Sorry, too much spam from yahoo, find another email address to mail me.
/^From: .*aufeminin\.com.*$/ REJECT No mail allowed from aufeminin.com, stop spamming me please
/^From: .*fullpromote.*$/ REJECT Welcome to fullreject.com
/^From: .*@eyou\.com.*$/ REJECT enothing
/^From: .*noxservices\.com.*$/ REJECT Shut up stupid spammer
#Typical spam Subjects
/^Subject: .*penis.*enlargement.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: .*penis.*growth.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: .*viagra.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: .*sex.*free.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: .*free.*sex.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: (ADV:|AD:|ADV |AD ).*$/ REJECT You are not the contents of your wallet
/^Subject: .*special offer.*$/ REJECT special bounce
/^Subject: .*need money.*$/ REJECT no
/^Subject: .*Phentermine.*$/ REJECT I'm not fat 
/^Subject: .*Video.*botschaft.*$/ REJECT fuck off
/^Subject: .*penis.*$/ REJECT NO
/^Subject: .*member.*pill.*$/ REJECT o0o

#Spam often have many spaces to hide a reference at the end
/^Subject: .*          .*/ REJECT Mail detected as spam - hint, change subject

#American, Canadian and people using dollars as your currency, 
#you could get false positives here !
#/^Subject: .* \$.*$/ REJECT Don't mail with dollars in subject, it makes your mail a spam.

#attachments
/^(.*)name=\"(.*)\.(exe|lnk|dll|shs|vbe|hta|com|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|pif|chm)\"$/ REJECT Your attachment looks like a virus to me.
/^(.*)name=(.*)\.(exe|lnk|dll|eml|shs|vbe|hta|com|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|pif|chm)$/ REJECT Your attachment looks like a virus to me.
#stupid charsets
/^Content-Type:.*charset="iso-2022-jp".*$/ REJECT I don't speak japanese

#false Originating-IP
/^X-Originating-IP:..[a-z].*$/ REJECT ip
/^X-Originating-IP:.*IP.*$/ REJECT ip
#known spam
/^X-Spam-Level: \*\*\*\*\*\*\*\*/ REJECT Spam


/^X-Mailer: *Achi-Kochi Mail/i          REJECT
/^X-Mailer: *IM200[0-9] Version/i       REJECT
/^X-Mailer: *IM2K Custom Version/i      REJECT
/^X-Mailer: *Direct Email/i             REJECT
/^X-Mailer: *adToOne version/i          REJECT
/^X-Mailer: *DM Mailer Ver/i            REJECT
/^X-Mailer: *Oshirase(\([0-9.]+\))?-Mailer/i    REJECT
/^X-Mailer: *RapidShot$/i               REJECT
/^X-Mailer: *SendMailEx/i               REJECT
/^X-Mailer: *AutoSendMail2/i            REJECT
/^X-Mailer: *diffondi V/i               REJECT
/^X-Mailer: *MaxBulk Mailer v/i         REJECT
/^X-Mailer: *Douhou@Mail version/i      REJECT
/^X-Mailer: *Mailloop/i                 REJECT
/^X-Mailer: Version [0-9]\./i           REJECT
/^X-Mailer: JumboMailout /i             REJECT
/^X-Mailer: Caretop 2604$/i             REJECT
/^X-Mailer: 007 Direct Email Easy$/i    REJECT
/^X-Mailer: PocketMailing Ver/i         REJECT
/^X-Mailer: DiffondiCool V/i            REJECT
/^X-Mailer: Easy DM free$/i             REJECT
/^X-Shiroyagi-Version:/i                REJECT
/^X-Mailer: [A-Z0-9]{8}\.[A-Z0-9]{8}\.[A-Z0-9]{32}$/    REJECT
/^X-Mailer: OutLook Express 3\.14159$/i REJECT
/^X-Mailer: jpfree Group Mail Express V/i       REJECT
/^X-Mailer: MultiSneder[0-9]/i          REJECT
/^X-Mailer: X Ver[0-9]\.[0-9]/i         REJECT
/^X-Mailer: MailMagic [0-9]/i           REJECT
/^X-Mailer: Mail Distributer/i          REJECT
/^X-Mailer: Super Mailer [0-9]/i        REJECT
/^X-Mailer: ACMAILER scripted by/i      REJECT
/^X-Mailer: SMTP Sender/i               REJECT
/^X-Mailer: anyone/i                    REJECT
/^X-Mailer: DouhouHaishin ver/i         REJECT
/^X-Mailer: OutlookExpress$/i           REJECT
/^X-Mailer: MailMg V/i                  REJECT
/^X-Mailer: VolleyMail\.net/i           REJECT
/^X-Bulkmail:/                          REJECT
/^X-Mail-Agent: Extra Japan @Mailer/i   REJECT
/^X-SMTP-Proxy: Anon@JUMPERZ\.NET\//i   REJECT
/^X-Mailer-Version:/i                   REJECT
/^X-Shiroyagi-ID:/i                     REJECT
/^From:.*Mail-In <mailin@/              REJECT
/^(From|To):.*=\?iso-2022-jp\?B\?[A-Za-z0-9+]*\?=@/     REJECT
/^Received:.*\.{16}/                    REJECT
/^Received:.*\.FreeBit\.NE\.JP /        REJECT
/^Received: from GET004 \(flets[0-9]*\.t3\.rim\.or\.jp/i        REJECT
#/^Subject:.*( {8}|     {3})[^  ]{5,}$/ REJECT
#/^Subject:.*( |        ){10}$/                 REJECT
#/^Subject:.*( |        ){16}/                  REJECT
#/^Subject:.*\.{6}/                     REJECT
#/^Subject:.*>{8}/                      REJECT
#/^Subject:.*!!!/                       REJECT
#/^Subject:.*( \$\$\$|\$\$\$ )/         REJECT
#/^Subject:.*GUARANTEED/i               REJECT
#/^Subject:.*FREE.*!/i                  REJECT
#/^Subject: *=\?[Ii][Ss][Oo]-2022-[Jj][Pp]\?B\?GyRC(TCQ|S3Y)\+NUJ6OS05cCIo/i    REJECT
#/^Subject: Re: Your password!$/                REJECT
/^Subject:.*=\?(gb2312|big5|ks_c_5601|euc-kr|windows-1251)\?/   REJECT
#/^Subject: Here are the rest of my pics/       REJECT
/^Subject: *ADV?:/i                     REJECT
#/^Subject:.*=\?[Ss][Hh][Ii][Ff][Tt]_[Jj][Ii][Ss]\?B\?lqKPs5H4jUyNkIGm/i        REJECT
#/^Subject:.*=\?[Ee][Uu][Cc]-[Jj][Pp]\?B\?zKS\+tcL6ua258KKo/i   REJECT
#/^Subject: *\(NASDAQ:JLWT\) *Watch *This *Stock *Trade$/i      REJECT
#/^Subject: *=\?iso-2022-jp\?Q\?=[89A-F]/       REJECT
#/^Subject: *=\?iso-2022-jp\?Q\?=96=A2=8F=B3=91=F8=8DL=8D=90=81=A6/     REJECT
#/^Subject:.*[^ -~].*[^ -~].*[^ -~].*[^ -~].*[^ -~].*[^ -~]/    REJECT
/^X-X:/                                 REJECT
/^X-Delete-Me:/                         REJECT
/^X-Encoding: MIME$/i                   REJECT
#/^To:.*@.*,.*@/                                OK
#/^(Errors-)?To:.*@((hotmail|excite|msn|aol|livedoor|yahoo|petfull|public)\.com|commtom\.i(com|net)|
5Business.cc)/                      REJECT
/^To: *@/                               REJECT
/^To: *<#field[0-9]#/i                  REJECT
/^To:.*C:`Bulk\.Adz.*\.txt/i            REJECT
#/^To:[^@;]*$/                          REJECT
#/^From:[^@;]*$/                        REJECT
/^Received:.*[^A-Z0-9.-]msk\.no-ip\.com[^A-Z0-9.-]/     REJECT
/^Content-Type:.*charset="?(DEFAULT|gb2312|big5|ks_c_5601|euc-kr|windows-1251)/ REJECT
/^Content-Type: multipart\/mixed;.*boundary="bound".*X-Priority:/i      REJECT
/^Date:.* --0400$/                      REJECT
/^Message-ID: *<.*@localhost\.localdomain>/     REJECT
/^Message-ID: *<[^@]*@?\.?>/            REJECT
/^Message-ID: *<[^<>]* [^<>]*>/         REJECT
/^Message-ID:[^@]*$/                    REJECT
/^From:.*<@[a-z0-9.-]*>/                REJECT
/^Received:.*\[202\.224\.232\.1(7[6-9]|8[0-3])\]/       REJECT
/^From:.*<#[email protected]>/      REJECT
/^Reply-To: @(fullpromote|trafficbbs)\.com/     REJECT
/^From:.*@hat-in\.com>/i                REJECT
/^From:.*=\?ISO-2022-JP\?B\?GyRCJUghPCU\/JWs5LTlwPFIbKEI=\?=/i  REJECT
/^X-MailScanner: Found to be clean$/i   REJECT

# Virus alarts
/^Subject:  File was infected with a virus$/i           REJECT
/^Subject: \*\*\* You have sent a virus !/i             REJECT
/^Subject: VIRUS IN YOUR MAIL$/i                        REJECT
/^Subject: Virus Alert$/i                               REJECT
/^Subject: Warning: E-mail viruses detected$/i          REJECT
/^Subject: Returned due to virus;/i                     REJECT
/^Subject: VIRUS (.*) IN YOUR MAIL$/i                   REJECT
/^X-Yahoo-Profile: yumima1972$/i                        REJECT
/^X-MagazineId: s1ok$/i                                 REJECT
## the iframe trick

/iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0/   REJECT

## Virus Prevention

/name=\"(.*)\.(zip|hta|exe|com|pif|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|pif|chm)\"$/ REJECT
/(filename|name)=".*\.(exe|asd|chm|dll|hlp|hta|js|ocx|pif|lnk)"/        REJECT

## Bad Domains

/.*inbox\.lv/   REJECT

## Charsets from asia:

/^Content-type:.*charset\s*=[\s\"]*(big5|euc-kr|gb2312|ks_c_5601-1987|ISO-2022-JP)/ REJECT
/^Subject:.*\[Big5\].*/ REJECT
/^Subject: \=\?iso-8859-1.*/    REJECT