Postfix:header checks: Difference between revisions
From Hackepedia
Jump to navigationJump to search
New page: This was taken from various places. The idea is we can clean it up and edit as appropriate, so that we can all cut and paste to use. <pre> /^To: friend@public\.com/ REJECT Spamware m... |
(No difference)
|
Latest revision as of 16:06, 18 June 2007
This was taken from various places. The idea is we can clean it up and edit as appropriate, so that we can all cut and paste to use.
/^To: friend@public\.com/
REJECT Spamware mailer detected.
# All sorts of microsoft-induced brain damage. Tell sender to cut it out.
#/^Content-Disposition: attachment; *filename=.*\.(scr|pif|exe|com|bat|shs|shb|vxd|rm|chm|vbs|ini|cm
d|do|hta|xl|reg|lnk|js|jse)$/
# REJECT Microsoft attachments not accepted here. Please remove them and resend.
/^(To|Cc|Resent-To):.*honeyass69*/
REJECT We prefer to reject SPAM at this location.
/^(To|Cc|Resent-To):.*caramel*/
REJECT We prefer to reject SPAM at this location. 0003
/^Content-Type:\*image\/gif/
REJECT 550 gif is no longer permitted here due to spam usage. email the adminstrator here if this is an issue. 0004
#/^Content-Type: multipart\/alternative/
# REJECT HTML not allowed. Microsoft Outlook users: to turn off HTML mail choose Tools -> Options -> Mail Format -> Message Format -> Plain text.
#/^Content-Type: text\/html/
# REJECT HTML not allowed. Microsoft Outlook users: to turn off HTML mail choose Tools -> Options -> Mail Format -> Message Format -> Plain text.
#/^Content-Type: multipart\/related/
# REJECT HTML not allowed. Microsoft Outlook users: to turn off HTML mail choose Tools -> Options -> Mail Format -> Message Format -> Plain text.
#/^Content-Disposition: Multipart message/
# REJECT HTML not allowed. Microsoft Outlook users: to turn off HTML mail choose Tools -> Options -> Mail Format -> Message Format -> Plain text.
/^Subject: =?big5?/
REJECT Chinese encoding not allowed. 0005
/^Subject: =?EUC-KR?/
REJECT Korean encoding not allowed. 0006
/^Content-Type:.*charset=.?ks[\-_c]/
REJECT Korean language rejected. 0007
/^Content-Type:.*charset=.?euc[\-_]kr/
REJECT Korean language rejected. 0008
/^Subject: ADV:/
REJECT Advertisements not accepted here. 0009
/^X-Mailer: ravmd\//
REJECT Antivirus software generated messages are not welcome here. Our machines run FreeBSD and do not send viruses. Your software must be misconfigured. 0010.
/^Subject: .*[^[:print:]]{6}/
REJECT English please.. 0011
#/^Subject: .*BOUNCE yashy-hack@mail.yashy.com: Non-member submission from*/
# REJECT You must be a member to post. http://www.yashy.com/list/
/^Received:.*\[192\.168\.3./ IGNORE
#/^Received: from 127.0.0.1/ IGNORE
/^Disposition-Notification-To:/ IGNORE
# On some systems we create a custom log entry for SpamAssassin confirmed spam emails.
# If you want to drop or hold these emails, change WARN to DISCARD or HOLD respectively.
# You can also use the FILTER command to forward all spam to another process or account.
# /^X-Spam-Flag: YES/ WARN SpamAssassin Confirmed Spam Content
# These are headers used to track some spam messages.
/^Bel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Hel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Kel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^BIC-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Lid-Tracking: .*/ REJECT Confirmed spam. Go away.
# Following Will Block Spams With Many Spaces In The Subject.
/^Subject: .* / REJECT Your subject had too many subsequent spaces. Please change the subject and try again.
/^Date: .* 200[0-6]/ REJECT Your email has a date from the past. Fix your system clock and try again.
/^Date: .* 19[0-9][0-9]/ REJECT Your email has a date from the past. Fix your system clock and try again.
/^Subject: Snowhite and the Seven Dwarfs - The REAL story!/ REJECT Message content rejected - No
spam please!
# male insecurity
/^Subject: Get Viagra Online Now !!!/ REJECT Message content rejected - No spam please!
/^Subject: ENLARGE YOUR PACAKGE GUARANTEED/ REJECT Message content rejected - No spam please!
/^Subject: Add REAL Inches To Your Package! GUARANTEED/ REJECT Message content rejected - No spam please!
/^Subject: At Last, Herbal V, the All Natural Alternative!/ REJECT Message content rejected - No spam please!
/^Subject: Have Hair Loss? We Can Help You!\.\.Read on\.\./ REJECT Message content rejected - No spam please!
/^Subject: Pill to Increase Your Ejaculation by \d{3}%/ REJECT Message content rejected - No spam please!
/^Subject: free trial herbal viagra good for men and women/ REJECT Message content rejected - No spam please!
/^Subject: STAYING POWER/ REJECT Message content rejected - No spam please!
/^Subject: Isn\'t It Time You Solved Your \"little\" Problem\?\s*\d{2,6}/ REJECT Message content rejected - No spam please!
/^Subject: Non Prescription Alternative to Viagra/ REJECT Message content rejected - No spam please!
# known spamware
/^X-(Advertisement|\d|UltraMail|Bulkmail): / REJECT Message content rejected - No spam please!
/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|EmailerPlatinum|eMarksman|Ext
ractor|e-Merge|fromstealth[^.]|GlobalMessenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|ma
ssmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora)\b/ REJECT Message content rejected - No spam please!
/^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate
|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCoolBlastoise|MailerGear|Advanced Mass Sender)\b/ REJECT Message content rejected - No spam please!
/^X-Server: Advanced Direct Remailer/ REJECT Message content rejected - No spam please!
/^X-AD2000-(Serial|Register):/ REJECT Message content rejected - No spam please!
#anti spammer robots
/^X-Mailer: .*(PSS Bulk Mailer|ccMailLink|IXO-Mail|MMailer|K-ML|GoldMine|MAGIC|bomber|expeditor|Brooklyn North|Broadcast|DMailer|Extractor|EMailing List Pro|Group|Fusion|News Breaker|dbMail|Unity|PG-
MAILINGLIST PRO|Dynamic| Splio|Sarbacane|sMailing|Broadc@st|WorkZ|ABMailer|QuickSender).*$/ REJECT We reject spam sending software
#mplayer ml
/^Received:.*mail.mplayerhq.hu.*$/ REJECT I'm not subscribed
#anonymizers
#/^Received: .*(barbarella\.super\.nu|cameleon.org|remailer\.privacy\.at).*$/ REJECT
#Spamming top-domains
/^Received: .*\.gt .*$/ REJECT Sorry, too much spam from your country
/^Received: .*\.tw .*$/ REJECT Sorry, too much spam from your country
/^Received: .*\.kr .*$/ REJECT Sorry, too much spam from your country
/^Received: .*\.cr .*$/ REJECT Sorry, too much spam from your country
/^Received: .*\.cn .*$/ REJECT Sorry, too much spam from your country
#Spamming domains (stupid companies)
/^Received: .*avoska\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*yourwebsite\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*gastone\.it.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*waloa\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*cornut\.fr.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*microtronique\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*caminarsoftware\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*\.lk.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*\.quik\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*rootsystems\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*webhostingtalk\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*mail\.liekki\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*h8h\.com.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*port\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*\.eth\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*hamilton\.net.*$/ REJECT You are banned due to stupid spamming habits
/^Received: .*indiatimes\.com.*$/ REJECT bouncetime.com
/^Received: .*e-newsletters.*$/ REJECT newsletters forbidden
/^Received: .*usbid\.com.*$/ REJECT
/^Received: .*\.ixo\.com.*$/ REJECT
/^Received: .*dsl.brasiltelecom.net.br.*$/ REJECT
#Spamming domains using multiple smtp servers
/^From: .*uol\.com\.co.*$/ REJECT You are banned due to stupid spamming habits
/^From: .*clubsurf\.com.*$/ REJECT You are banned due to stupid spamming habits
/^From: .*ecplaza\.net.*$/ REJECT You are banned due to stupid spamming habits
/^From: .*advancenet\.net.*$/ REJECT You are banned due to stupid spamming habits
/^From: .*pc-look\.com.*$/ REJECT Shut up stupid spammer
/^From: .*pc-zone\.com.*$/ REJECT Shut up stupid spammer
/^From: .*zone pc.*$/ REJECT Shut up stupid spammer
/^From: .*fabricehalimi@aol\.com.*$/ REJECT Go spam elsewhere
#/^From: .*yahoo.com\.*$/ REJECT Sorry, too much spam from yahoo, find another email address to mail me.
/^From: .*aufeminin\.com.*$/ REJECT No mail allowed from aufeminin.com, stop spamming me please
/^From: .*fullpromote.*$/ REJECT Welcome to fullreject.com
/^From: .*@eyou\.com.*$/ REJECT enothing
/^From: .*noxservices\.com.*$/ REJECT Shut up stupid spammer
#Typical spam Subjects
/^Subject: .*penis.*enlargement.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: .*penis.*growth.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: .*viagra.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: .*sex.*free.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: .*free.*sex.*$/ REJECT My sexual life is ok, thanks for bothering
/^Subject: (ADV:|AD:|ADV |AD ).*$/ REJECT You are not the contents of your wallet
/^Subject: .*special offer.*$/ REJECT special bounce
/^Subject: .*need money.*$/ REJECT no
/^Subject: .*Phentermine.*$/ REJECT I'm not fat
/^Subject: .*Video.*botschaft.*$/ REJECT fuck off
/^Subject: .*penis.*$/ REJECT NO
/^Subject: .*member.*pill.*$/ REJECT o0o
#Spam often have many spaces to hide a reference at the end
/^Subject: .* .*/ REJECT Mail detected as spam - hint, change subject
#American, Canadian and people using dollars as your currency,
#you could get false positives here !
#/^Subject: .* \$.*$/ REJECT Don't mail with dollars in subject, it makes your mail a spam.
#attachments
/^(.*)name=\"(.*)\.(exe|lnk|dll|shs|vbe|hta|com|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|pif|chm)\"$/ REJECT Your attachment looks like a virus to me.
/^(.*)name=(.*)\.(exe|lnk|dll|eml|shs|vbe|hta|com|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|pif|chm)$/ REJECT Your attachment looks like a virus to me.
#stupid charsets
/^Content-Type:.*charset="iso-2022-jp".*$/ REJECT I don't speak japanese
#false Originating-IP
/^X-Originating-IP:..[a-z].*$/ REJECT ip
/^X-Originating-IP:.*IP.*$/ REJECT ip
#known spam
/^X-Spam-Level: \*\*\*\*\*\*\*\*/ REJECT Spam
/^X-Mailer: *Achi-Kochi Mail/i REJECT
/^X-Mailer: *IM200[0-9] Version/i REJECT
/^X-Mailer: *IM2K Custom Version/i REJECT
/^X-Mailer: *Direct Email/i REJECT
/^X-Mailer: *adToOne version/i REJECT
/^X-Mailer: *DM Mailer Ver/i REJECT
/^X-Mailer: *Oshirase(\([0-9.]+\))?-Mailer/i REJECT
/^X-Mailer: *RapidShot$/i REJECT
/^X-Mailer: *SendMailEx/i REJECT
/^X-Mailer: *AutoSendMail2/i REJECT
/^X-Mailer: *diffondi V/i REJECT
/^X-Mailer: *MaxBulk Mailer v/i REJECT
/^X-Mailer: *Douhou@Mail version/i REJECT
/^X-Mailer: *Mailloop/i REJECT
/^X-Mailer: Version [0-9]\./i REJECT
/^X-Mailer: JumboMailout /i REJECT
/^X-Mailer: Caretop 2604$/i REJECT
/^X-Mailer: 007 Direct Email Easy$/i REJECT
/^X-Mailer: PocketMailing Ver/i REJECT
/^X-Mailer: DiffondiCool V/i REJECT
/^X-Mailer: Easy DM free$/i REJECT
/^X-Shiroyagi-Version:/i REJECT
/^X-Mailer: [A-Z0-9]{8}\.[A-Z0-9]{8}\.[A-Z0-9]{32}$/ REJECT
/^X-Mailer: OutLook Express 3\.14159$/i REJECT
/^X-Mailer: jpfree Group Mail Express V/i REJECT
/^X-Mailer: MultiSneder[0-9]/i REJECT
/^X-Mailer: X Ver[0-9]\.[0-9]/i REJECT
/^X-Mailer: MailMagic [0-9]/i REJECT
/^X-Mailer: Mail Distributer/i REJECT
/^X-Mailer: Super Mailer [0-9]/i REJECT
/^X-Mailer: ACMAILER scripted by/i REJECT
/^X-Mailer: SMTP Sender/i REJECT
/^X-Mailer: anyone/i REJECT
/^X-Mailer: DouhouHaishin ver/i REJECT
/^X-Mailer: OutlookExpress$/i REJECT
/^X-Mailer: MailMg V/i REJECT
/^X-Mailer: VolleyMail\.net/i REJECT
/^X-Bulkmail:/ REJECT
/^X-Mail-Agent: Extra Japan @Mailer/i REJECT
/^X-SMTP-Proxy: Anon@JUMPERZ\.NET\//i REJECT
/^X-Mailer-Version:/i REJECT
/^X-Shiroyagi-ID:/i REJECT
/^From:.*Mail-In <mailin@/ REJECT
/^(From|To):.*=\?iso-2022-jp\?B\?[A-Za-z0-9+]*\?=@/ REJECT
/^Received:.*\.{16}/ REJECT
/^Received:.*\.FreeBit\.NE\.JP / REJECT
/^Received: from GET004 \(flets[0-9]*\.t3\.rim\.or\.jp/i REJECT
#/^Subject:.*( {8}| {3})[^ ]{5,}$/ REJECT
#/^Subject:.*( | ){10}$/ REJECT
#/^Subject:.*( | ){16}/ REJECT
#/^Subject:.*\.{6}/ REJECT
#/^Subject:.*>{8}/ REJECT
#/^Subject:.*!!!/ REJECT
#/^Subject:.*( \$\$\$|\$\$\$ )/ REJECT
#/^Subject:.*GUARANTEED/i REJECT
#/^Subject:.*FREE.*!/i REJECT
#/^Subject: *=\?[Ii][Ss][Oo]-2022-[Jj][Pp]\?B\?GyRC(TCQ|S3Y)\+NUJ6OS05cCIo/i REJECT
#/^Subject: Re: Your password!$/ REJECT
/^Subject:.*=\?(gb2312|big5|ks_c_5601|euc-kr|windows-1251)\?/ REJECT
#/^Subject: Here are the rest of my pics/ REJECT
/^Subject: *ADV?:/i REJECT
#/^Subject:.*=\?[Ss][Hh][Ii][Ff][Tt]_[Jj][Ii][Ss]\?B\?lqKPs5H4jUyNkIGm/i REJECT
#/^Subject:.*=\?[Ee][Uu][Cc]-[Jj][Pp]\?B\?zKS\+tcL6ua258KKo/i REJECT
#/^Subject: *\(NASDAQ:JLWT\) *Watch *This *Stock *Trade$/i REJECT
#/^Subject: *=\?iso-2022-jp\?Q\?=[89A-F]/ REJECT
#/^Subject: *=\?iso-2022-jp\?Q\?=96=A2=8F=B3=91=F8=8DL=8D=90=81=A6/ REJECT
#/^Subject:.*[^ -~].*[^ -~].*[^ -~].*[^ -~].*[^ -~].*[^ -~]/ REJECT
/^X-X:/ REJECT
/^X-Delete-Me:/ REJECT
/^X-Encoding: MIME$/i REJECT
#/^To:.*@.*,.*@/ OK
#/^(Errors-)?To:.*@((hotmail|excite|msn|aol|livedoor|yahoo|petfull|public)\.com|commtom\.i(com|net)|
5Business.cc)/ REJECT
/^To: *@/ REJECT
/^To: *<#field[0-9]#/i REJECT
/^To:.*C:`Bulk\.Adz.*\.txt/i REJECT
#/^To:[^@;]*$/ REJECT
#/^From:[^@;]*$/ REJECT
/^Received:.*[^A-Z0-9.-]msk\.no-ip\.com[^A-Z0-9.-]/ REJECT
/^Content-Type:.*charset="?(DEFAULT|gb2312|big5|ks_c_5601|euc-kr|windows-1251)/ REJECT
/^Content-Type: multipart\/mixed;.*boundary="bound".*X-Priority:/i REJECT
/^Date:.* --0400$/ REJECT
/^Message-ID: *<.*@localhost\.localdomain>/ REJECT
/^Message-ID: *<[^@]*@?\.?>/ REJECT
/^Message-ID: *<[^<>]* [^<>]*>/ REJECT
/^Message-ID:[^@]*$/ REJECT
/^From:.*<@[a-z0-9.-]*>/ REJECT
/^Received:.*\[202\.224\.232\.1(7[6-9]|8[0-3])\]/ REJECT
/^From:.*<#fun-club@docomo.ne.jp>/ REJECT
/^Reply-To: @(fullpromote|trafficbbs)\.com/ REJECT
/^From:.*@hat-in\.com>/i REJECT
/^From:.*=\?ISO-2022-JP\?B\?GyRCJUghPCU\/JWs5LTlwPFIbKEI=\?=/i REJECT
/^X-MailScanner: Found to be clean$/i REJECT
# Virus alarts
/^Subject: File was infected with a virus$/i REJECT
/^Subject: \*\*\* You have sent a virus !/i REJECT
/^Subject: VIRUS IN YOUR MAIL$/i REJECT
/^Subject: Virus Alert$/i REJECT
/^Subject: Warning: E-mail viruses detected$/i REJECT
/^Subject: Returned due to virus;/i REJECT
/^Subject: VIRUS (.*) IN YOUR MAIL$/i REJECT
/^X-Yahoo-Profile: yumima1972$/i REJECT
/^X-MagazineId: s1ok$/i REJECT
## the iframe trick
/iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0/ REJECT
## Virus Prevention
/name=\"(.*)\.(zip|hta|exe|com|pif|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|pif|chm)\"$/ REJECT
/(filename|name)=".*\.(exe|asd|chm|dll|hlp|hta|js|ocx|pif|lnk)"/ REJECT
## Bad Domains
/.*inbox\.lv/ REJECT
## Charsets from asia:
/^Content-type:.*charset\s*=[\s\"]*(big5|euc-kr|gb2312|ks_c_5601-1987|ISO-2022-JP)/ REJECT
/^Subject:.*\[Big5\].*/ REJECT
/^Subject: \=\?iso-8859-1.*/ REJECT