How To Block Email Using Subject Headers In Postfix

Author: erics, December 7th, 2021

I needed to block email based on the Subject header. The solution is simple: Edit main.cf as root and uncomment or add:

header_checks = regexp:/etc/postfix/header_checks

1	header_checks = regexp:/etc/postfix/header_checks

Next, creaate or edit /etc/postfix/header_checks as root and add the following line:

/subject:\sbad subject text here/        REJECT  header_checks NO SPAM ALLOWED
/subject:\stest subject text here/        DISCARD  header_checks NO SPAM ALLOWED

1 2	/subject:\sbad subject text here/ REJECT header_checks NO SPAM ALLOWED /subject:\stest subject text here/ DISCARD header_checks NO SPAM ALLOWED

Finally, run sudo postfix reload NOTE: Do NOT add the “i” after the regular expression! It is case-insensitive by […]

Categories: How-To's, Technology Tags: Block, Check, Checks, Discard, Header, header_checks, headers, howto, PostFix, Reject, Spam, Subject, tips | No comments

How To Block All Traffic From China Using iptables and ipset on Amazon Linux

Author: erics, October 24th, 2019

All credit to Matt Wilcox for this excellent article, for which this post is based – thank you, Matt! https://mattwilcox.net/web-development/unexpected-ddos-blocking-china-with-ipset-and-iptables/ All commands run as root!

yum install -y ipset
vi blockchina (see below for contents)
chmod 755 blockchina
./blockchina

1

2

3

4

yum install -y ipset

vi blockchina (see below for contents)

chmod 755 blockchina

./blockchina

Do this once only:

iptables -A INPUT -p tcp -m set --match-set china src -j DROP; service iptables save

1	iptables -A INPUT -p tcp -m set --match-set china src -j DROP; service iptables save

Then add blockchina to the root cron

#!/bin/sh
#
# blockchina
#
DIR=/etc

# Create the ipset list
ipset -N china hash:net

# remove any old list that might exist from previous runs of this script
rm $DIR/cn.zone

# Pull the latest IP set for China
wget -P $DIR http://www.ipdeny.com/ipblocks/data/countries/cn.zone

# Add each IP address from the downloaded list into the ipset 'china'
for i in $(cat $DIR/cn.zone ); do ipset -A china $i; done

# Update iptables
service iptables restart

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

#!/bin/sh

#

# blockchina

#

DIR=/etc

# Create the ipset list

ipset -N china hash:net

# remove any old list that might exist from previous runs of this script

rm $DIR/cn.zone

# Pull the latest IP set for China

wget -P $DIR http://www.ipdeny.com/ipblocks/data/countries/cn.zone

# Add each IP address from the downloaded list into the ipset 'china'

for i in $(cat $DIR/cn.zone ); do ipset -A china $i; done

# Update iptables

service iptables restart

Categories: How-To's, Technology Tags: Amazon, Amazon Linux, AWS, Block, China, DDOS, dos, Firewall, ipset, IPTables, Linux, root, traffic | No comments

How To Block an Entire TLD in Postfix

Author: erics, September 13th, 2016

Step 1. Execute the following two commands: postconf -e smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains postconf -e reject_unauth_destinations=pcre:/etc/postfix/rejected_domains If that doesn’t work, you may hand-edit main.cf and add/edit these lines:

smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains
reject_unauth_destinations=pcre:/etc/postfix/rejected_domains

1 2	smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains reject_unauth_destinations=pcre:/etc/postfix/rejected_domains

Step 2. Create the regex filter file: vim /etc/postfix/rejected_domains

/\.top$/           REJECT No spam allowed from the .top TLD
/\.stream$/           REJECT No spam allowed from the .stream TLD

1 2	/\.top$/ REJECT No spam allowed from the .top TLD /\.stream$/ REJECT No spam allowed from the .stream TLD

Step 3. Signal Postfix to reread the config: postfix reload NOTE: Do NOT use the postmap command for the […]

Categories: How-To's, Technology Tags: Amazon Linux, AWS, Block, Filter, howto, Linux, PostFix, tips, TLD | No comments

How To Block WordPress XMLRPC Attacks

Author: erics, July 8th, 2014

Add the following to either your .htaccess file or to your Apache config:

<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>

1

2

3

4

Order allow,deny

Deny from all

</Files>

Categories: How-To's, Technology Tags: .htaccess, Attack, Block, DDOS, dos, howto, tips, WordPress, xmlrpc | No comments

How To Create a Code Block in PHP for Error Handling

Author: erics, October 19th, 2012

The do/while statement is sometimes used to break out of a block of code when an error condition occurs. For example:

do {
  // do some stuff
  if ($error_condition)
    break;
  // do some other stuff
} while (false);

1

2

3

4

5

6

do {

// do some stuff

if ($error_condition)

break;

// do some other stuff

} while (false);

Because the condition for the loop is false, the loop is executed only once, regardless of what happens inside the loop. However, if an error occurs, the code after the break is not […]

Categories: How-To's, Technology Tags: Block, break, Code, Code Block, Error, Error Handling, Errors, php | No comments

How To Block/Reject Email From Or To A Specific Address Using Postfix On CentOS

Author: erics, June 3rd, 2011

By default, the Postfix SMTP server accepts any sender address. You block email addresses using the sender_access file:

# cd /etc/postfix
# vi sender_access
baduser@baddomain.com REJECT
# postmap hash:sender_access
# vi recipient_access
baduser@baddomain.com REJECT
# postmap hash:recipient_access
# vi main.cf
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access
(make sure these are the FIRST entry on the lines)
# /etc/init.d/postfix restart

1

2

3

4

5

6

7

8

9

10

11

12

# cd /etc/postfix

# vi sender_access

baduser@baddomain.com REJECT

# postmap hash:sender_access

# vi recipient_access

baduser@baddomain.com REJECT

# postmap hash:recipient_access

# vi main.cf

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access

(make sure these are the FIRST entry on the lines)

# /etc/init.d/postfix restart

Categories: How-To's, Technology Tags: Block, CentOS, Email, howto, PostFix, Receiver, Reject, Sender, Spam, tips | 2 comments

How To Block Email Using Subject Headers In Postfix

How To Block All Traffic From China Using iptables and ipset on Amazon Linux

How To Block an Entire TLD in Postfix

How To Block WordPress XMLRPC Attacks

How To Create a Code Block in PHP for Error Handling

How To Block/Reject Email From Or To A Specific Address Using Postfix On CentOS

Our Link Network

Business

Client Websites

Fine Dining

Friends & Family

Galleries

Health

Resources

Technology

Travel

The Archives

Latest Ramblings…

Various Topics of No Interest