# whitelist local messages accept connect // /^127\.*/ reject "Malformed HELO (not a fully-qualified host name, there is no dot)" helo /\./n reject "Please use your real hostname in your HELO - private networks not valid" helo /^\[?10\./e helo /^\[?192\.168\./e helo /^\[?172\.(1[6-9]|2[0-9]|3[0-2])\./e reject "Please use your real hostname in your HELO - you are not me" helo /impsec\.org/i helo /pavoninestudios\.com/i helo /^localhost(\.localdomain)?$/ie helo /^207\.210\.83\.140$/i reject "Sender forgery - you are not me" envfrom /@impsec\.org/i envfrom /@[a-z]*\.impsec\.org/ie envfrom /@pavoninestudios\.com/i envfrom /@[a-z]*\.pavoninestudios\.com/ie header /Return-Path/i /MAILER-DAEMON@impsec\.org/i header /Return-Path/i /MAILER-DAEMON@[a-z]*\.impsec\.org/ie header /From/i /MAILER-DAEMON@impsec\.org/i header /From/i /MAILER-DAEMON@[a-z]*\.impsec\.org/ie header /From/i /MAILER-DAEMON@pavoninestudios\.com/i header /From/i /MAILER-DAEMON@[a-z]*\.pavoninestudios\.com/ie header /From/i /postmaster@impsec\.org/i header /From/i /postmaster@[a-z]*\.impsec\.org/ie header /From/i /postmaster@pavoninestudios\.com/i header /From/i /postmaster@[a-z]*\.pavoninestudios\.com/ie header /From/i /@impsec\.org/i and header /List-Id/ /./n reject "Sorry - only English spoken here" header /Subject/i /=[?](KOI8-[RU]|GB2312|GB2312_CHARSET|ISO-2022-JP|SHIFT[-_]JIS|BIG5|WINDOWS-125[156])[?][QB][?]/ie header /Subject/i /charset=(3D)?"?(KOI8-[RU]|GB2312|GB2312_CHARSET|ISO-2022-JP|SHIFT[-_]JIS|BIG5)/ie header /Subject/i /[À-þ]{6}/e header /Content-Type/i ,text/(plain|html); *charset="?(KOI8-[RU]|GB2312(_CHARSET)?|ISO-2022-JP|SHIFT[-_]JIS|BIG5),ie # risky: #body ,Content-Type(: |" content=")text/(plain|html); charset="?(KOI8-[RU]|GB2312(_CHARSET)?|ISO-2022-JP|SHIFT[-_]JIS|BIG5),ie #body ,http-equiv=3D"Content-Type" content=3D"text/(plain|html); charset=3D(KOI8-[RU]|GB2312|ISO-2|SHIFT|BIG5),ie tempfail "Apparent forged-mailman bounce spam - please implement SPF checks on your mailman host if it is directly exposed to the Internet" envrcpt /mailman@impsec\.org/i and envfrom /mailman-bounces@/i and envfrom /mailman-bounces@impsec\.org/in reject "You are sending a bounce to a mailing list request robot - the sender address on the message you received was forged" envrcpt /-l-request@/ie and envfrom /^<>$/ envrcpt /-l-request@/ie and envfrom /mailer-daemon@/i reject "Joe-jobbed address that never sends mail - please contact via postmaster@impsec.org" envrcpt /info@impsec\.org/i reject "Lazy spammer sending to obviously bogus addresses" header /To/i /@example\.com/i header /To/i /@example\.domain/i header /To/i /@your\.domain/i header /To/i /@some\.domain/i header /To/i /@domain\.dom/i header /To/i /@somewhere\.tld/i header /To/i /@somewhere\.com/i header /To/i /@your\.domain\.com/i header /To/i /@your\.favorite\.machine/i