[SOLVED] DISCARD spam with postfix (wildcard)


Wanting to get some input for using wildcard domains in sender_access. I am pulling my hair out - what am I doing wrong? Any suggestions for testing this in a better manner?

Not sure if I am not reading the documentation correctly or if I haven’t had enough caffeine but any input as to what I am missing/misreading would be super helpful.

My key assumption is that if I use an entry such as (below) then anything from that domain will get discarded. eg that this will remove mary@exampledomain.com, fred@exampledomain.com and bob@mail.exampledomain.com

.exampledomain.com. DISCARD

Full settings on how I set this up are here in my earlier post

Specific example with the headers is below:
I have blocked
.keepfamilyhealth.com DISCARD

The headers are:

Return-Path: <bounce@keepfamilyhealth.com>
Delivered-To: peter@bluetardis.com.au
Received: from box.bluetardis.com.au ([])
    by box.bluetardis.com.au with LMTP id mAu7MrggAWSJCwAA3LfvEA
    for <peter@bluetardis.com.au>; Fri, 03 Mar 2023 09:18:32 +1100
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
X-Spam-Level: ***
X-Spam-Status: No, score=3.9 required=5.0 tests=BAYES_99,BAYES_999,DKIM_SIGNED,
    URI_NOVOWEL autolearn=no autolearn_force=no version=3.4.2
    * 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
    * [score: 1.0000]
    * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
    * [score: 1.0000]
    * -0.1 DMARC_PASS DMARC check passed
    * -0.1 SPF_PASS SPF check passed
    * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
    * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
    * [ listed in wl.mailspike.net]
    * 0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence
    * 0.0 HTML_MESSAGE BODY: HTML included in message
    * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
    * author's domain
    * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
    * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
    * valid
    * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
    * lines
    * 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
    * Colors in HTML
X-Spam-Score: 3.9
Received: from relay280.mysmtp3.com (relay280.mysmtp3.com [])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
    (No client certificate requested)
    by box.bluetardis.com.au (Postfix) with ESMTPS id 8DA297D008
    for <peter@bluetardis.com.au>; Fri, 3 Mar 2023 09:18:30 +1100 (AEDT)
Authentication-Results: box.bluetardis.com.au; dmarc=pass (p=none dis=none) header.from=keepfamilyhealth.com
Authentication-Results: box.bluetardis.com.au; spf=pass smtp.mailfrom=bounce@keepfamilyhealth.com
Authentication-Results: box.bluetardis.com.au;
    dkim=pass (1024-bit key; unprotected) header.d=keepfamilyhealth.com header.i=@keepfamilyhealth.com header.b="GxJfymMh";
Received: from [non-disclosed] for <peter@bluetardis.com.au>; Thu, 2 Mar 2023 23:04:12 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=keepfamilyhealth.com;
    s=mysmtp; t=1677794652;
Message-ID: <2-82xsoNd4Fig6-cJzOpv78g8g5@keepfamilyhealth.com>
Date: Thu, 02 Mar 2023 22:04:11 +0000
Subject: regrow your healthy, thick hair in just 30 days.
From: This method <denise@keepfamilyhealth.com>
Reply-To: support@keepfamilyhealth.com
To: peter@bluetardis.com.au
MIME-Version: 1.0
Content-Type: multipart/alternative;
x-var: 125106703-78253166-1105-740-572-952-2
x-logid: 125106703
X: eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.IWlWItcM_v5kym8Jr6PLV_y-GzJQ79R6RVKPTgAQZroRm2STxdUESw.UM6Nmdgmheks-v6k1vj43g.yaDwDRhyL8lAzBe_Z3E7cRyClcI9G-VodiTDBO8alZKgOPbsg6Hta8OGAZZ-yCzaETCruQl-pUvHE-q3oqRCDOWK1JbjrkSBlzD8LrjyZQDQ8cBvS2P4jaqpul6n-GJhQ_mOLBm0P02pn8zJZwWtWSnZgmldlOLOCuEa7oJuZX2t7YlcNALWOS6BY4DW0TPJBrH9uhVM1OyQXfLSsl__KtNEv29fJjMUD5vKzEC3lxEMnl2oEKZTwb4tId9RnagivXfLokaLkrZDtSzOQYTYBw.8UZz4i1M2j4pjG2e6tQomQ

The fix for me was to make the following changes:
open the main configuration file.
sudo nano /etc/postfix/main.cf

Add the following line at the end of the file.
Note: this uses PCRE rather than RegEx. Must faster for humans to setup.

header_checks = pcre:/etc/postfix/header_checks

Save and close the file.

Create the /etc/postfix/header_checks lookup file with a command line text editor such as Nano.
sudo nano /etc/postfix/header_checks

You can add regular expression checking like below.

/free credit quote/ DISCARD
/.stupidspammerdomain.com/ DISCARD

Once you finish editing the header_checks lookup file, you need to build the index file.
sudo postmap /etc/postfix/header_checks

Then restart Postfix for the changes to take effect.
sudo systemctl restart postfix

Testing is easy enough: start with an external email address you own and blockit eg myotheraddress@gmail.com

Watch the logs and tweak as needed.

sudo tail -f /var/log/mail.log