Loading ...
Sorry, an error occurred while loading the content.
 

Re: smtpd_sender_restrictions

Expand Messages
  • mouss
    ... Note that /^.+... is almost equivalent to /.+... assuming one doesn t accept nonfqnd addresses, /ru$/ would block more than the posted expression. or if
    Message 1 of 15 , Dec 1, 2006
      Tony Earnshaw wrote:
      > Carlos Eduardo R. L. de Miranda wrote:
      >
      >> Our server is receiving lots of spam messages from servers with Russian
      >> domain.
      >> I would like to block every message from Russian domains.
      >>
      >> Postfix 2.3.3 - Fedora Core 6
      >>
      >> main.cf
      >> smtpd_sender_restrictions = check_sender_access
      >> hash:/etc/postfix/sender,
      >> reject_non_fqdn_sender, reject_unknown_sender_domain
      >>
      >> sender file:
      >> /.*@*\.ru$/ REJECT text message
      >
      > The above is wrong and obviously won't block anything from anyone. Do
      > you see why? Look again!
      >
      > This will work (tested with pcretest):
      > /^.+@.+\.ru$/

      Note that
      /^.+...
      is almost equivalent to
      /.+...

      assuming one doesn't accept nonfqnd addresses,
      /ru$/
      would block more than the posted expression. or if you think there will
      be a tld ending in ru other than .ru, then
      /.\ru$/


      but as you say, the sender tld won't help much... OP may want a geo
      DNSBL such as blackholes.us (Is this still maintained?).
    • Sheldon T. Hall
      Quoth mouss ... ... Simpler still, and requiring less horsepower ... get the country IP assignments from http://completewhois.com in a form suitable for use
      Message 2 of 15 , Dec 1, 2006
        Quoth mouss ...
        > Jorey Bump wrote:
        > > Carlos Eduardo R. L. de Miranda wrote:
        > >
        > >> Our server is receiving lots of spam messages from servers
        > >> with Russian domain.
        > >> I would like to block every message from Russian domains.
        > >
        > > If you must block by country, use an RBL:
        > >
        > > http://countries.nerd.dk/
        > >
        > > However, I find such RBLs more useful in a scoring system.
        > > Here's what
        > > I do in my SpamAssassin local.cf (watch the wrap):
        > >
        > > # first discover country code of origin using a TXT lookup
        > > header RCVD_COUNTRIES eval:check_rbl_txt('nerd-zz',
        > > 'zz.countries.nerd.dk.')
        > > describe RCVD_COUNTRIES Received from countries.nerd.dk
        > > tflags RCVD_COUNTRIES net
        > > # All countries get a point by default
        > > score RCVD_COUNTRIES 1.0
        >
        > Instead of querying a DNSBL:
        >
        >
        > loadplugin Mail::SpamAssassin::Plugin::RelayCountry
        >
        > header COUNTRY_US X-Relay-Countries=~/\bUS\b/
        > describe COUNTRY_US Relayed via United States
        > score COUNTRY_US 0.01

        Simpler still, and requiring less horsepower ... get the country IP
        assignments from http://completewhois.com in a form suitable for use with
        your firewall, and block port 25 (or everthing) to packets coming from those
        address blocks. This isn't perfect, but if applied selectively, it really,
        really cuts down on the crap.

        I don't see a lot of spam delivered by servers at Russian domains, although
        I see a lot of spam with forged Russian "from" addresses.

        -Shel
      • mouss
        ... His mail has two Message-Id headers. Message-ID: ... Message-ID: broken
        Message 3 of 15 , Dec 2, 2006
          Tony Earnshaw wrote:
          >
          >
          > BTW my MUA (Thunderbird 1.5.0.8) keeps breaking your MS Outlook 11
          > thread, I don't know why ...

          His mail has two Message-Id headers.

          Message-ID: <BAY110-DAV4BED20C8242739035454BBADA0@...>
          ...
          Message-ID: <004401c71547$d0829ab0$7400a8c0@ws1>

          broken setup...
        • Curtis Doty
          ... Received: from .* by BAY110-DAV4.phx.gbl with DAV; Indeed, the offending relay appears to have been MSN/Hotmail using WebDAV for email submission. ../C
          Message 4 of 15 , Dec 3, 2006
            1:47am mouss said:

            > Tony Earnshaw wrote:
            > >
            > >
            > > BTW my MUA (Thunderbird 1.5.0.8) keeps breaking your MS Outlook 11 thread, I
            > > don't know why ...
            >
            > His mail has two Message-Id headers.
            >
            > Message-ID: <BAY110-DAV4BED20C8242739035454BBADA0@...>
            > ...
            > Message-ID: <004401c71547$d0829ab0$7400a8c0@ws1>
            >
            > broken setup...
            >

            Received: from .* by BAY110-DAV4.phx.gbl with DAV;

            Indeed, the offending relay appears to have been MSN/Hotmail using WebDAV
            for email submission.

            ../C
          • R.L. Nevot
            Hi all ... Lots of responses, but there s something I cannot see. If you are using regular expressions, you must use regexp: or pcre: type maps for regular
            Message 5 of 15 , Dec 3, 2006
              Hi all

              2006/12/1, Carlos Eduardo R. L. de Miranda <cerlm@...>:
              smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender,
                      reject_non_fqdn_sender, reject_unknown_sender_domain

              sender file:
              /.*@*\.ru$/     REJECT text message

              Command: postmap /etc/postfix/sender
                       Service postfix reload

              It is no working. The *.ru domains are accepted and delivered to user.


              Lots of responses, but there's something I cannot see. If you are using regular expressions, you must use regexp: or pcre: type maps for regular expressions to be evaluated. If you use HASH, afaik it wouldn't work.

              Regards
            Your message has been successfully submitted and would be delivered to recipients shortly.