Loading ...
Sorry, an error occurred while loading the content.

Re: smtpd_sender_restrictions

Expand Messages
  • Jorey Bump
    ... If you must block by country, use an RBL: http://countries.nerd.dk/ However, I find such RBLs more useful in a scoring system. Here s what I do in my
    Message 1 of 15 , Dec 1, 2006
    • 0 Attachment
      Carlos Eduardo R. L. de Miranda wrote:

      > Our server is receiving lots of spam messages from servers with Russian
      > domain.
      > I would like to block every message from Russian domains.

      If you must block by country, use an RBL:

      http://countries.nerd.dk/

      However, I find such RBLs more useful in a scoring system. Here's what I
      do in my SpamAssassin local.cf (watch the wrap):

      # first discover country code of origin using a TXT lookup
      header RCVD_COUNTRIES eval:check_rbl_txt('nerd-zz',
      'zz.countries.nerd.dk.')
      describe RCVD_COUNTRIES Received from countries.nerd.dk
      tflags RCVD_COUNTRIES net
      # All countries get a point by default
      score RCVD_COUNTRIES 1.0

      # now do a subtest based on the resulting lookup
      # adjust score apropriately for your user base

      # Remove the penalty for my own country, the source of most of my mail
      header RCVD_VIA_US eval:check_rbl_sub('nerd-zz', 'us')
      describe RCVD_VIA_US Received from United States
      tflags RCVD_VIA_US net
      score RCVD_VIA_US -1.0

      # Remove the penalty for other countries I'm likely to correspond with
      header RCVD_VIA_CANADA eval:check_rbl_sub('nerd-zz', 'ca')
      describe RCVD_VIA_CANADA Received from Canada
      tflags RCVD_VIA_CANADA net
      score RCVD_VIA_CANADA -1.0

      # Add additional points for countries that are common sources of spam
      header RCVD_VIA_RUSSIA eval:check_rbl_sub('nerd-zz', 'ru')
      describe RCVD_VIA_RUSSIA Received from Russia
      tflags RCVD_VIA_RUSSIA net
      score RCVD_VIA_RUSSIA 1.0

      header RCVD_VIA_NIGERIA eval:check_rbl_sub('nerd-zz', 'ng')
      describe RCVD_VIA_NIGERIA Received from Nigeria
      tflags RCVD_VIA_NIGERIA net
      score RCVD_VIA_NIGERIA 3.0


      I stick with SpamAssassin's default required_score of 5.0 before a
      message is marked spam. Note that I don't assign scores that will
      automatically mark a message as spam (and SpamAssassin scores are not
      merely additive, negative points are also assigned by some rules). While
      I do believe that the country of origin can be an indicator of
      *potential* spamminess, I try to choose weights that will put the score
      over the top only when combined with other reliable indicators. Also,
      the situation is constantly improving in some countries, so you
      shouldn't just set and forget this.

      Be sure to consider your user base. I have clients whose focus is
      entirely international, so obviously I do not employ this technique on
      their sites.
    • mouss
      ... Note that /^.+... is almost equivalent to /.+... assuming one doesn t accept nonfqnd addresses, /ru$/ would block more than the posted expression. or if
      Message 2 of 15 , Dec 1, 2006
      • 0 Attachment
        Tony Earnshaw wrote:
        > Carlos Eduardo R. L. de Miranda wrote:
        >
        >> Our server is receiving lots of spam messages from servers with Russian
        >> domain.
        >> I would like to block every message from Russian domains.
        >>
        >> Postfix 2.3.3 - Fedora Core 6
        >>
        >> main.cf
        >> smtpd_sender_restrictions = check_sender_access
        >> hash:/etc/postfix/sender,
        >> reject_non_fqdn_sender, reject_unknown_sender_domain
        >>
        >> sender file:
        >> /.*@*\.ru$/ REJECT text message
        >
        > The above is wrong and obviously won't block anything from anyone. Do
        > you see why? Look again!
        >
        > This will work (tested with pcretest):
        > /^.+@.+\.ru$/

        Note that
        /^.+...
        is almost equivalent to
        /.+...

        assuming one doesn't accept nonfqnd addresses,
        /ru$/
        would block more than the posted expression. or if you think there will
        be a tld ending in ru other than .ru, then
        /.\ru$/


        but as you say, the sender tld won't help much... OP may want a geo
        DNSBL such as blackholes.us (Is this still maintained?).
      • mouss
        ... Instead of querying a DNSBL: loadplugin Mail::SpamAssassin::Plugin::RelayCountry header COUNTRY_US X-Relay-Countries=~/ bUS b/ describe COUNTRY_US Relayed
        Message 3 of 15 , Dec 1, 2006
        • 0 Attachment
          Jorey Bump wrote:
          > Carlos Eduardo R. L. de Miranda wrote:
          >
          >> Our server is receiving lots of spam messages from servers with Russian
          >> domain.
          >> I would like to block every message from Russian domains.
          >
          > If you must block by country, use an RBL:
          >
          > http://countries.nerd.dk/
          >
          > However, I find such RBLs more useful in a scoring system. Here's what
          > I do in my SpamAssassin local.cf (watch the wrap):
          >
          > # first discover country code of origin using a TXT lookup
          > header RCVD_COUNTRIES eval:check_rbl_txt('nerd-zz',
          > 'zz.countries.nerd.dk.')
          > describe RCVD_COUNTRIES Received from countries.nerd.dk
          > tflags RCVD_COUNTRIES net
          > # All countries get a point by default
          > score RCVD_COUNTRIES 1.0

          Instead of querying a DNSBL:


          loadplugin Mail::SpamAssassin::Plugin::RelayCountry

          header COUNTRY_US X-Relay-Countries=~/\bUS\b/
          describe COUNTRY_US Relayed via United States
          score COUNTRY_US 0.01
        • Sheldon T. Hall
          Quoth mouss ... ... Simpler still, and requiring less horsepower ... get the country IP assignments from http://completewhois.com in a form suitable for use
          Message 4 of 15 , Dec 1, 2006
          • 0 Attachment
            Quoth mouss ...
            > Jorey Bump wrote:
            > > Carlos Eduardo R. L. de Miranda wrote:
            > >
            > >> Our server is receiving lots of spam messages from servers
            > >> with Russian domain.
            > >> I would like to block every message from Russian domains.
            > >
            > > If you must block by country, use an RBL:
            > >
            > > http://countries.nerd.dk/
            > >
            > > However, I find such RBLs more useful in a scoring system.
            > > Here's what
            > > I do in my SpamAssassin local.cf (watch the wrap):
            > >
            > > # first discover country code of origin using a TXT lookup
            > > header RCVD_COUNTRIES eval:check_rbl_txt('nerd-zz',
            > > 'zz.countries.nerd.dk.')
            > > describe RCVD_COUNTRIES Received from countries.nerd.dk
            > > tflags RCVD_COUNTRIES net
            > > # All countries get a point by default
            > > score RCVD_COUNTRIES 1.0
            >
            > Instead of querying a DNSBL:
            >
            >
            > loadplugin Mail::SpamAssassin::Plugin::RelayCountry
            >
            > header COUNTRY_US X-Relay-Countries=~/\bUS\b/
            > describe COUNTRY_US Relayed via United States
            > score COUNTRY_US 0.01

            Simpler still, and requiring less horsepower ... get the country IP
            assignments from http://completewhois.com in a form suitable for use with
            your firewall, and block port 25 (or everthing) to packets coming from those
            address blocks. This isn't perfect, but if applied selectively, it really,
            really cuts down on the crap.

            I don't see a lot of spam delivered by servers at Russian domains, although
            I see a lot of spam with forged Russian "from" addresses.

            -Shel
          • mouss
            ... His mail has two Message-Id headers. Message-ID: ... Message-ID: broken
            Message 5 of 15 , Dec 2, 2006
            • 0 Attachment
              Tony Earnshaw wrote:
              >
              >
              > BTW my MUA (Thunderbird 1.5.0.8) keeps breaking your MS Outlook 11
              > thread, I don't know why ...

              His mail has two Message-Id headers.

              Message-ID: <BAY110-DAV4BED20C8242739035454BBADA0@...>
              ...
              Message-ID: <004401c71547$d0829ab0$7400a8c0@ws1>

              broken setup...
            • Curtis Doty
              ... Received: from .* by BAY110-DAV4.phx.gbl with DAV; Indeed, the offending relay appears to have been MSN/Hotmail using WebDAV for email submission. ../C
              Message 6 of 15 , Dec 3, 2006
              • 0 Attachment
                1:47am mouss said:

                > Tony Earnshaw wrote:
                > >
                > >
                > > BTW my MUA (Thunderbird 1.5.0.8) keeps breaking your MS Outlook 11 thread, I
                > > don't know why ...
                >
                > His mail has two Message-Id headers.
                >
                > Message-ID: <BAY110-DAV4BED20C8242739035454BBADA0@...>
                > ...
                > Message-ID: <004401c71547$d0829ab0$7400a8c0@ws1>
                >
                > broken setup...
                >

                Received: from .* by BAY110-DAV4.phx.gbl with DAV;

                Indeed, the offending relay appears to have been MSN/Hotmail using WebDAV
                for email submission.

                ../C
              • R.L. Nevot
                Hi all ... Lots of responses, but there s something I cannot see. If you are using regular expressions, you must use regexp: or pcre: type maps for regular
                Message 7 of 15 , Dec 3, 2006
                • 0 Attachment
                  Hi all

                  2006/12/1, Carlos Eduardo R. L. de Miranda <cerlm@...>:
                  smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender,
                          reject_non_fqdn_sender, reject_unknown_sender_domain

                  sender file:
                  /.*@*\.ru$/     REJECT text message

                  Command: postmap /etc/postfix/sender
                           Service postfix reload

                  It is no working. The *.ru domains are accepted and delivered to user.


                  Lots of responses, but there's something I cannot see. If you are using regular expressions, you must use regexp: or pcre: type maps for regular expressions to be evaluated. If you use HASH, afaik it wouldn't work.

                  Regards
                Your message has been successfully submitted and would be delivered to recipients shortly.