Re: Spam Attack on Postmaster

From: mouss (no email)
Date: Mon Mar 01 2010 - 20:25:32 EST

  • Next message: Alex: "Postfix TLS requirements"

    Carlos Williams a écrit :
    > On Mon, Mar 1, 2010 at 12:28 PM, Noel Jones <> wrote:
    >> It "slips past" because there are no rules to block it.
    >> You can add "postmaster at your_domain REJECT" to this list if you want.
    >
    > I am assuming I would add this to 'sender_access', correct?
    >
    > On Mon, Mar 1, 2010 at 1:31 AM, LuKreme <> wrote:
    >> Often people have an exclusion to pass email to postmaster no matter what.
    >> Check you sender_access and helo_checks for such an exclusion.
    >>
    >> Mine looks like this:
    >>
    >> /^$/ 550 Don't Spoof as my postmaster
    >> /^$/ 550 Don't Spoof as my postmaster
    >> /^$/ 550 Don't Spoof as my postmaster
    >> /^postmaster\@/ OK
    >
    > LuKreme suggested the above which is different from your suggestion
    > above. I guess I am just not sure which works or do they simply do the
    > same thing. I don't know if the above example from LuKreme is for
    > 'sender_access' or another type of file. Do you care to add to this
    > for my understanding?
    >
    >> No glaring errors, although you might want to remove
    >> reject_unknown_recipient_domain as the only thing it's likely to block is
    >> your own domain.
    >
    > Thanks. I will try this. You're the 1st to suggest this so far. Thanks.

    do not allow mail sent by "receive only" addresses such as psotmaster. I
    am assuming that you don't send mail "from postmaster".

    that said, this won't block all your spam. block _sources_ of spam:

    $ host 89.204.40.160
    160.40.204.89.in-addr.arpa domain name pointer
    160.40.204.89.access.ttknet.ru.

    so use a

    regex=pcre:/etc/postfix/pcre

    smtpd_recipient_restrictions =
            ...
            reject_unauth_destination
            ...
            check_helo_access $regex/access_host
            check_reverse_client_hostname_access $regex/access_host

    == access_host
    /^(d\+\W){4}.*\.ttknet\.ru$/ REJECT generic hostname....

    In these spam days, it's no more possible to play mail with "generic"
    hostnames. The above is still "conservative". it'll only take me some
    time to go for a /(d\+\W){4}/.... ;-p


  • Next message: Alex: "Postfix TLS requirements"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD