Non English Spam

Erik Norgaard norgaard at
Sun Oct 15 13:55:09 PDT 2006

Gerard Seibert wrote:
> On Sunday October 15, 2006 at 03:21:37 (PM) Erik Norgaard wrote:
>> Ian Smith wrote:
> [...]
>> Maybe I didn't make clear how the filtering in Postfix works? Each 
>> header line is unwrapped and then filtered independent of the others. 
>> There is no info as to if that is the first or last Received line.
>> I can make a rule to reject the mail. And I can make a rule that accept 
>> a given header line, but the remaining header will still be filtered and 
>> possibly rejected.
>> I can't make a header check for Received cause checks for content-type 
>> to be skipped.
>> Nor can I make incoming mail from white listed servers skip the header 
>> checks. The two things are independent: The first applies when 
>> establishing the connection: HELO, MAIL FROM, RCPT TO etc. The header 
>> checks are invoked if the initial delivery request was accepted.
>> Yes, that sucks, but that's how Postfix works.
> Are you sure about that? I use Postfix myself and that does not appear
> to be correct, although it might be. Have you ever posted this question
> on the postfix forum? <postfix-users at> There are some pretty
> sharp individuals there who might be able to give you some advice.

I am certain that:

1) header/body checks are independent of the smtpd_restrictions - I can 
send a mail that is rejected even though I have authenticated and permit 
authenticated connections.

2) OK when a header line is matched does not affect the parsing of other 
header lines, and if you think about it you wouldn't want that: Then  it 
would be possible to include a secret keyword or forged header line in 
the top of the header to get by the other rules.

Basically, the only line that you can trust is the first Received which 
our server inserted - which as mentioned is waste to check. So, no 
header check in itself should allow an entire mail.

There is a FILTER keyword which you can use to "tag" a mail for further 
content filtering. That action is taken after all the header checks have 
been done.

Cheers, Erik

Ph: +34.666334818                      web:
X.509 Certificate:
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9

More information about the freebsd-questions mailing list