Question How to add Email Header Check for less spam with Postfix and Spamassasin?

[pleskify]

Hello fellow Plesk users,

I am having some spam mails slipping through my spamassassin filters and want to get rid of them by checking for various subject lines. Since there is no GUI way in Plesk to do this and I also couldn't find a CLI command I was looking for other solutions.

With postfix-pcre I found a package that could solve this.

First I checked if postfix-pcre is already installed.

# postconf -m

pcre is listed there. So it should be supported and running.

Next I enabled header_checks in Postfix by editing the main configuration file

# sudo nano /etc/postfix/main.cf

and added the following at the end of the file

# header_checks = pcre:/etc/postfix/header_checks

I saved and closed the file and opened the lookup file

# sudo nano /etc/postfix/header_checks

In there I added phrases like this

/Potenzmittel/ REJECT

and saved the file.

Finally I build the index file with

# sudo postmap /etc/postfix/header_checks

and restarted postfix

# /etc/init.d/postfix restart

--
So far so good. At first it looked really promising but today one of the blocked subjects came through again. So its not working properly I guess.

What could I do to block emails that contains blocked words in their subject?
Do you see a mistake in the process described above?

Thanks and cheers,
pleskify

 

[hansitheking]

Hello @pleskify: maybe this older thread helps you.

Also, it is better to use a regex in your header_checks file and state a reason and ID why it was rejected, here is one example which will reject mails with the subject "Kostenloser Lottoschein" or "Best pills for potency".

/^Subject:.*Kostenloser.Lottoschein/ REJECT Mail was detected as SPAM and rejected. If this is wrong send this mail attached with all headers to [email protected] SPAM_HEADER_ID_001
/^Subject:.*Best.pills.for.potency/ REJECT Mail was detected as SPAM and rejected. If this is wrong send this mail attached with all headers to [email protected] SPAM_HEADER_ID_002

I was using this method for a long time, but switch to rejecting SPAM by spamassassin once above a fixed score. Therefore, mails have to be passed through spamassassin twice. If I found time or a guide I will post it here.

 

[pleskify]

Thank you for your reply @hansitheking .. Running mails twice through spamassassin doesn't sound perfect to me but if you find a great tutorial on that or could write up one yourself, that would be highly appreciated. The problem I see is, that this mails don't get a spam score and I would need to assign it manually for subject-lines. So I could just reject them directly. Thats at least the way I understand it. Please correct me if I overlook something there.

The code you provided is super interesting though because of the syntax. Mine looked quit different because I have not written "^Subject:" and also did not use dots as spaces like in your example. I just edited the file and will provide feedback if that worked.

Thanks for that.

Edit:
Unfortunately this is still not helping. The subject I want to filter is: "Höhle der Löwen" System macht Deutsche Bürger reich!
It's super annoying because its coming through every other day with always changing sender and domains. Often it gets cached from the spamassassin but from time to time it will be delivered.

What would be the way to block something specific like this?

I tried following now:

/^Subject:.*System.macht.Deutsche*/ REJECT

but again no success here.