block Malware

# vi /etc/postfix/header_checks

/^Subject:/     WARN

/^User-Agent:/    IGNORE

/^From:.*<#.*@.*>/ REJECT

/^Return-Path:.*<#.*@.*>/ REJECT

/^Received: from 127.0.0.1/  IGNORE

/^Subject:/      WARN /^To:/           WARN /^From:/         WARN

/^Received: from 127.0.0.1/ IGNORE

/^User-Agent:/                 IGNORE

/^Received:.*with ESMTPSA/  IGNORE

/^X-Originating-IP:/        IGNORE

/^X-Mailer:/                IGNORE

/E-mail Storage Limit Exhausted/ REJECT

/Your email account was recently logged into from another computer/    REJECT

/Update Mail From Admin Server/                                         REJECT

/Urgent Mail From Server/                                               REJECT

/mailbox will be terminated after 24 hours/                REJECT

/hot g!rl want you!/ REJECT

/Your E-mail Account storage capacity is low/           REJECT

/The part-time employment/      REJECT

/Rapid-Acting Supplement For Outstanding Results/       REJECT

/Mail From Admin Server/                                         REJECT

/Urgent Mail From Server/                                               REJECT

/Your E-mail De-activation/     REJECT

#/invoice/     REJECT -----Subject/file attachment types not allowed [invoice]

#/scan/        REJECT -----Subject/file attachment types not allowed [scan]

#/PAYMENT/     REJECT -----Subject/file attachment types not allowed [Payment]

/my new photo/                                          REJECT

/Your mailbox is almost full/                      REJECT

/account has been Blocked due to system error/          REJECT

/mailbox will be terminated after 24 hours/                REJECT

/Mailbox Will Be Suspended!/                                      REJECT

/Your Account Will Be Blocked!/                                  REJECT

/WILL LOSE YOUR EMAIL ADDRESS/                             REJECT

/add more MB to your mailbox/           REJECT

/Account will be Suspended soon/        REJECT

/UPGRADE IS FREE OFF CHARGE/            REJECT

/Validate Your Webmail Account/         REJECT

/incoming important 'Message' blocked/   REJECT

/Your account has been renewed/ REJECT

/Minimum Top-up Deposit Now/     REJECT

/Hello!/ REJECT

/Bank of America/ REDIRECT junk.mail@worldcm.net

/Money transfer details/ REDIRECT junk.mail@worldcm.net

/PAYMENT CONFIRMATION/ REDIRECT junk.mail@worldcm.net

/New payment details and address update/ REDIRECT junk.mail@worldcm.net

/URGENT! PI unconfirmed issue/              REDIRECT junk.mail@worldcm.net

/almost reached their disk quota/           REDIRECT junk.mail@worldcm.net

/Payment status/                            REDIRECT junk.mail@worldcm.net

#  vi /etc/postfix/main.cf                         

-----

mime_header_checks = regexp:/etc/postfix/block_attachments

# vi /etc/postfix/body_checks

# Skip pflogsumm report lines

/^ {6,11}\d{1,6}[ km] / OK

/^ {4}blocked using / OK

/^begin\s+\d+\s+.+?\.(386|ad[ept]|app|as[dpx]|ba[st]|bin|btm|cab|cb[lt]|cgi|chm|cil|cla(ss)?|cmd|com|cp[el]|crt|cs[chs]|cvp|dll|dot|drv|em(ai)?l|ex[_e]|fon|fxp|hlp|ht[ar]|in[fips]|isp|jar|jse?|keyreg|ksh|lib|lnk|md[abetw]|mht(m|ml)?|mp3|ms[ciopt]|nte|nws|obj|ocx|ops|ov.|pcd|pgm|pif|p[lm]|pot|pps|prg|reg|sc[rt]|sh[bs]?|slb|smm|sw[ft]|sys|url|vb[esx]?|vir|vmx|vxd|wm[dsz]|ws[cfh]|xl.|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/ REJECT ".$1" Body filetype not allowed

/<\s*(object\s+data)\s*=/                  REJECT Email with "$1" tags not allowed

/<\s*(script\s+language\s*="vbs")/              REJECT Email with "$1" tags not allowed

/<\s*(script\s+language\s*="VBScript\.Encode")/      REJECT Email with "$1" tags not allowed

Postfix mail server block Malware with blacklist

--

It will be a nice idea to block malware spreading URLs and website. Setting up a malware blacklist in Postfix MTA is quite easy. The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware.

Create a blacklist

First you need to create a blacklist, type the following command:

# wget -O - 'https://lists.malwarepatrol.net/cgi/getfile?receipt=f1391767429&product=8&list=postfix' > /etc/postfix/mbl-body-deny

Where receipt= should be followed by your personal Malwarepatrol id once registered. Do not use f1391767429. This is for demo purpose only.

Configure Postfix

Open postfix main.cf config file, run:

# vi /etc/postfix/main.cf

Setup postfix body_check directive as follows:

body_checks = regexp:/etc/postfix/mbl-body-deny

Save and close the file.

Restart Postfix

Now just restart the postfix daemon:

# postmap /etc/postfix/mbl-body-deny

#  systemctl restart postfix

# /etc/init.d/postfix restart

Automate procedure

   mkdir scripts /root/Documents/

  touch /root/Documents/scripts/fetch.postfixmalware.sh

 chmod 755 /root/Documents/scripts/fetch.postfixmalware.sh

You need to setup a cron job to automate entire procedure. Create a shell script as follows:

vi /root/Documents/scripts/fetch.postfixmalware.sh

Add cronjob as follows:

40 23 * * * /etc/admin/scripts/fetch.postfixmalware.sh >/dev/null 2>&1

40 23 * * * /root/Documents/scripts/fetch.postfixmalware.sh >/dev/null 2>&1

You may wan to combine this feature with mime attachments blocking and anti spam blacklist for the best result.

---

LL

not have this id Kamaruddeen@example.com in my mail server but mail received this ID to other mail ids iin postfix mail server 

 Configure Postfix to Reject Unauthenticated Emails

• Edit /etc/postfix/main.cf and ensure:

Enable SPF checking (install postfix-policyd-spf-python): 

Block Spoofed Emails

• Add to /etc/postfix/main.cf

smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps

Then create /etc/postfix/sender_login_maps and map valid senders: 

@example.com   authenticated-users

postmap /etc/postfix/sender_login_maps

systemctl reload postfix

LL