Notes-Header-Checks
Section I - General Info
As a long time fan of Postfix, I use Postfix's header_check feature to discard messages (or redirect) I don't want coming off the wire. In my opinion, using Postfix to discard unwanted messages is a good way to keep spam messages away. However, using header_checks must be used with care. The purpose of this wiki is to guide you to add your own header_checks file for the Zimbra-MTA system.
Section II - Prepare ZCS Machines
First, look at the postfix_header_checks in Zimbra's localconfig.
zmlocalconfig | grep header_checks
Most likely you will see the following:
postfix_header_checks = pcre:/opt/zimbra/conf/postfix_header_checks
Now, lets create our own header_checks file. Note: For this wiki, I am going to create a "custom_header_checks" file, but you can create your own file.
touch /opt/zimbra/conf/custom_header_checks
zmlocalconfig -e postfix_header_checks="pcre:/opt/zimbra/conf/postfix_header_checks, pcre:/opt/zimbra/conf/custom_header_checks"
zmmtactl restart
zmlocalconfig | grep postfix_header_checks
You should see:
postfix_header_checks = pcre:/opt/zimbra/conf/postfix_header_checks, pcre:/opt/zimbra/conf/custom_header_checks
Don't forget to use postconf to make sure the changes are picked up.
postconf | grep header_checksIf the header_checks are not picked up from the postconf command, run the following command.
zmprov mcf zimbraMtaBlockedExtensionWarnRecipient FALSE
zmmtactl restart
Section III - Editing your custom header checks file
Editing your /opt/zimbra/conf/custom_header_checks is fairly straight forward, just use your favorite editor, i.e vi, nano, emacs.
No need to run postmap against the /opt/zimbra/conf/custom_header_checks
Section IV - Header checks syntax by example
In the interest of brevity and simplicity, I am only going provide a few examples. Honestly, I've only scratched the surface of this feature.
m U.S. Ambassador to Nigeria/ DISCARD #spam rule no msgs from Nigeria
/^Subject:(.*)\?KOI8-R\?/ DISCARD #spam rule Russian encoding not allowed by this server
/^From:(.*)Slice-O-Matic Reviews/ DISCARD #spam rule No slice o-matics
/^From:(.*)Your Free iPad/ DISCARD #spam rule No thank you
/^From:(.*)user005@badspammerdomain.com/ DISCARD #spam Known spammer address
/^From:(.*)Tarot Reading/ DISCARD #spam rule No Tarot reading
/^From:(.*)someaccount@yahoo.com/ REDIRECT ceo@domainexample.com #spam rule redirect all messages from this address
/^From:(.*)<(.*)@yahoo.com>(.*)/ REDIRECT monitor@domainexample.com
/^To:(.*)<(.*)@yahoo.com>(.*)/ REDIRECT monitor@domainexample.com
/^Received: from .+\..+\.mydomain\.com .+(by mail\.mydomain\.com .+) / REPLACE Received: $1
/^Received: from mac7\.local/ IGNORE
/^Received: from .*\.local/ IGNORE
ks 'pcre:/opt/zimbra/conf/postfix_header_checks, pcre:/opt/zimbra/conf/custom_header_checks'
zmmtactl restart
Section VII - Body Checks
By default, Zimbra does not touch the MTA body_checks feature. However, updating the zmconfigd.cf and localconfig should make postfix start using the body_checks setting. See, https://bugzilla.zimbra.com/show_bug.cgi?id=103124.
If you want to implement the MTA's body_checks feature, you can do the following. Note: This is for versions for 8.5, 8.6, & 8.6
Add the following to the /opt/zimbra/conf/zmconfigd.cf file (right below delay_warning_time, and above header_checks)
POSTCONF body_check