Are you tired of publishing SPAM? Join me on a journey to set up simple blocklists to auto-filter based on origin and sender for Postfix mail servers.

If you're in academia, you likely know publishing SPAM. For those that are not (or missed out on the pleasure so far), publishing SPAM are publishers that send unsolicited requests for articles, offer publication services, or other auxiliary services such as proof reading or "help" to get papers published. They generally don't offer unsubscribe features and keep you on their list, especially if you reply.

While not disastrous, these emails are annoying. For example, I end up with 10-15 such unwanted emails in my inbox each day. My initial go-to goal was to train local SPAM filters to remove these emails. As I'm using at least 5 different computing systems (desktop home, desktop office, laptop home, laptop office, mobile client --- I know, I should look for help), I was looking for a different solution that avoids over-training local SPAM filters. Given that these publishers generally stick to their domains and emails, a simple blocklist should be sufficient to filter them. As I'm running my own mail server, this should be a piece of cake, right?

On my mail server, the main pieces are postfix for smtp handling, SpamAssassin for SPAM filtering, maildrop for vmail delivery, and dovecot for imap connections to the clients. Any of these components should be able to implement a simple blocklist based on the sender address. Or so I thought. Paging in all the configuration and customization across the different components was somewhat difficult, especially as my configuration grew over the last couple of years.

After searching the web for a bit, I discovered the PREPEND feature for smtpd_sender_restrictions. This must be it, I thought and tried to learn more. But the man page is rather dry and stackoverflow was not of much help (anymore). I therefore turned to ChatGPT and asked it for options.

What ChatGPT got right was that it's not straight-forward to move mail to alternate folders in Postfix as maildrop/dovecot takes care of local mail delivery. But I can tag messages. Unfortunately, ChatGPT hallucinated also quite a bit, offering options and half-truths about configurations that did not work reliably. While I initially assumed that Debian stable was just too outdated, some of the flags that ChatGPT suggested simply did not exist.

Another issue I ran into was that spamassassin removes any X-Spam-ABC flag when filtering email. As I initially tried to set the X-Spam-Status: YES to have dovecot filter the mail to the Junk folder, spamassassin silently removed the tag during processing.

After quite some trial and error, I settled on

smtpd_sender_restrictions =
    check_sender_access hash:/etc/postfix/sender_access,
    ...

with the file sender_access being auto-generated based on a simple text file where I encode unwanted email addresses and domains. For each email, address, I add a line foo@bar.com PREPEND X-Blocklist: YES (and run postmap sender_access) afterwards.

In my dovecot sieve for local delivery where I already move SPAM email into the Junk folder, I then simply do the same for any emails tagged with X-Blocklist: YES:

if header :contains "X-Blocklist" "YES" {
    fileinto "Junk";
}

This exercise took me roughly 1.5 days including testing. I was a bit surprised by how much stackoverflow has degraded. It's also an unfortunate fact that very few people keep running their own mail servers and not much information is out there (only a few outdated forum posts). Similarly, the hallucinations of ChatGPT were somewhat scary and lead me down a few wrong paths. In the end, a combination of trial-and-error, configuration hunting, reading lots of forum posts, and using ChatGPT in a developer-in-the-loop mode somewhat helped solve this issue.

Do you think it was worth spending 1.5 days to delete unwanted email? Also, how long will it take me to recoup the cost of this over-engineering? ;)

Other articles

38c3: Hutzelwutze in Hamburg

Published: Mon 30 December 2024
By Mathias Payer

In Conferences.

tags: security congress 38c3 ccc privacy

Another year, another CCC. It's been a long road from Berlin to Leipzig and Hamburg. Each year, I repeat the ritual of going to the "Kongress", the most amazing hacker get together in the world. The Kongress is special, hackers of all denominations meet, engage, hack, and enjoy a few …
read more
From Fuzzing to Frameworks: 2024 Research Highlights

Published: Fri 27 December 2024
By Mathias Payer

In Academia.

tags: research trends fuzzing hypvervisor kernel browser Android

2024 was an active year for the HexHive research group, marked by tireless efforts to enhance the security of various complex systems. A key trend throughout the year was the continued evolution of fuzzing research. Notably, we observed a gradual shift away from general-purpose fuzzing as a primary research focus …
read more
RIP Niklaus Wirth

Published: Fri 05 January 2024
By Mathias Payer

In Academia.

tags: mentor death

Niklaus Wirth, known for his work on programming languages and systems, died on January 1st, 2024 (ETH Zurich). Wirth was known for his work on programming languages and systems with a keen focus on simplicity and functionality for which he was awarded the 1984 Turing Award. His most well-known language …
read more
37c3: Chaos returning to Hamburg

Published: Sat 30 December 2023
By Mathias Payer

In Conferences.

tags: security congress 37c3 ccc privacy

After a three-year hiatus due to the pandemic, the Chaos Communication Congress is finally back at an onsite venue. For those that don't know, the congress is the biggest hacker Conference in Europe. It is known not just for deep technical talks and amazing hacks but also for political talks …
read more
Writing (successful) ERC grants in Europe

Published: Tue 06 September 2022
By Mathias Payer

In Academia.

tags: ERC

In 2018, when I moved from Purdue University in the US to EPFL in Switzerland, I had the opportunity to apply for an ERC H2020 starting grant in computer science. ERC starting grants are similar to the NSF Career award and can be submitted up to 7 years after completing …
read more
Second factor on VPNs considered harmful

Published: Mon 11 July 2022
By Mathias Payer

In Random.

tags: EPFL

Due to the risk of "cyber threats", many universities are switching to second factor authentication to log into their VPNs. Many companies moved to second factor for VPN authentication quite some time ago to protect their perimeter from external access. The idea is that users have to provide two factors …
read more
PhD at EPFL, in Europe

Published: Thu 21 January 2021
By Mathias Payer

In Academia.

tags: PhD EPFL

Every December a lot of prospective students reach out to faculty regarding PhD programs. This is the time where we review the students and assess their skills and potential along many dimensions such as past research, research ideas, engineering capabilities, and systems experience. These discussions along with the submission of …
read more
Positive reviewing in software security

Published: Sat 07 December 2019
By Mathias Payer

In Academia.

tags: NDSS SEC review

Yesterday we concluded the NDSS20 PC meeting. In total, 12% of papers were accepted, 6% now have a short fuse major revision opportunity, in line with other top tier conferences. The PC chairs handled the meeting well, striving for positivity and feedback for the authors. Overall, this was a great …
read more
Expedia: from software bug to customer service nightmare, a modern Odyssey

Published: Mon 01 July 2019
By Mathias Payer

In Random.

tags: Travel Expedia

While traveling through Europe, I logged into my Expedia.com account and something odd happened: instead of being logged in, the Expedia system decided to redirect me to Expedia.ch and created a new account. Oddly, it copied all my credit card details, account information, frequent traveller details, and individual …
read more

Page 1 / 9 »

Other articles

links

social