Block Email Spam with Postfix

Email Header and Body Checks with Postfix SMTP Server

Postfix provides 4 simple content-checking parameters.

  • header_checks
  • mime_header_checks
  • nested_header_checks
  • body_checks

Postfix will check all inbound emails when any of the above parameters are being used. Each parameter points to a lookup table containing regular expression patterns and actions.

The patterns are compared to strings within email messages (header and body). If Postfix finds a match, the specified action is executed.

There are mainly two types of regular expressions that can be used by Postfix.

  • regexp: POSIX regular expression
  • PCRE: Perl-compatible regular expression

Postfix comes with POSIX regular expression support, but PCRE is way faster. To use PCRE in Postfix, you need to install the postfix-pcre package.

sudo apt install postfix-pcre

Run the following command and you will see pcre is now supported.

postconf -m

Header Checks

To enable header_checks in Postfix, open the main configuration file.

sudo nano /etc/postfix/main.cf

Add the following line at the end of the file.

header_checks = pcre:/etc/postfix/header_checks

Save and close the file. Then you need to create the /etc/postfix/header_checks lookup file with a command line text editor such as Nano.

sudo nano /etc/postfix/header_checks

You can add regular expression checking like below.

/claim your free training/      DISCARD
/Hidden Secrets/                   DISCARD
/GOOD NEWS TO YOU/        DISCARD

The lefthand key is a regular expression enclosed by two forward slashes. If any of the strings on the left-hand appear in any of the headers of an email message (these would most likely show up in the Subject: header), the message is rejected during the SMTP dialog. By default regular expression checking is not case-sensitive.

This will cause Postfix to claim successful delivery and silently discard the message. DISCARD makes it look as if the message was delivered even though it was simply deleted.

You can also use REJECT, instead of DISCARD.

/claim your free training/    REJECT
/Hidden Secrets/                 REJECT
/GOOD NEWS TO YOU/      REJECT

If you use the REJECT, the sender of the email will receive a rejection notification. However, this can be counterproductive if the sender is a spammer or malicious actor.

Some spammers use the blank email addresses in the From: or To:  header, you can add the following checks.

/To:.*<>/           DISCARD
/From:.*<>/         DISCARD

Once you finish editing the header_checks lookup file, you need to build the index file.

sudo postmap /etc/postfix/header_checks

Then restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Body Checks

To add body checks in Postfix, follow these technical steps:

  1. Open the main configuration file for Postfix using a text editor such as Nano:
sudo nano /etc/postfix/main.cf
  1. Add the following line to the end of the file:
body_checks = pcre:/etc/postfix/body_checks

This enables body_checks in Postfix and tells it to use the lookup file /etc/postfix/body_checks.

  1. Create the lookup file /etc/postfix/body_checks using a text editor:
sudo nano /etc/postfix/body_checks
  1. Add regular expressions to the file to specify the patterns you want to check for in the body of incoming email messages. For example, you could add the following lines to reject or discard messages containing certain phrases:
/MobileMonkey/               REJECT
/DEAR! GOOD NEWS/       REJECT

# OR

/MobileMonkey/                  DISCARD
/DEAR! GOOD NEWS/          DISCARD
  1. After adding your desired patterns, save and close the file.
  2. Build the index file for the body_checks lookup table:
sudo postmap /etc/postfix/body_checks
  1. Restart Postfix for the changes to take effect:
sudo systemctl restart postfix

Once you have completed these steps, Postfix will check the body of incoming email messages against the patterns specified in the body_checks lookup file, and will reject or discard any messages that match.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Liked this post? Share with others!

Do you want to boost your business today?

This is your chance to invite visitors to contact you. Tell them you’ll be happy to answer all their questions as soon as possible.