Loading ...
Sorry, an error occurred while loading the content.

Re: Spam Attack on Postmaster

Expand Messages
  • Carlos Williams
    ... I am assuming I would add this to sender_access , correct? ... LuKreme suggested the above which is different from your suggestion above. I guess I am
    Message 1 of 18 , Mar 1, 2010
    • 0 Attachment
      On Mon, Mar 1, 2010 at 12:28 PM, Noel Jones <njones@...> wrote:
      > It "slips past" because there are no rules to block it.
      > You can add "postmaster@your_domain   REJECT" to this list if you want.

      I am assuming I would add this to 'sender_access', correct?

      On Mon, Mar 1, 2010 at 1:31 AM, LuKreme <kremels@...> wrote:
      > Often people have an exclusion to pass email to postmaster no matter what.
      > Check you sender_access and helo_checks for such an exclusion.
      >
      > Mine looks like this:
      >
      > /^postmaster@...$/ 550 Don't Spoof as my postmaster
      > /^postmaster@...$/ 550 Don't Spoof as my postmaster
      > /^postmaster@...$/ 550 Don't Spoof as my postmaster
      > /^postmaster\@/ OK

      LuKreme suggested the above which is different from your suggestion
      above. I guess I am just not sure which works or do they simply do the
      same thing. I don't know if the above example from LuKreme is for
      'sender_access' or another type of file. Do you care to add to this
      for my understanding?

      > No glaring errors, although you might want to remove
      > reject_unknown_recipient_domain as the only thing it's likely to block is
      > your own domain.

      Thanks. I will try this. You're the 1st to suggest this so far. Thanks.
    • mouss
      ... do not allow mail sent by receive only addresses such as psotmaster. I am assuming that you don t send mail from postmaster . that said, this won t
      Message 2 of 18 , Mar 1, 2010
      • 0 Attachment
        Carlos Williams a écrit :
        > On Mon, Mar 1, 2010 at 12:28 PM, Noel Jones <njones@...> wrote:
        >> It "slips past" because there are no rules to block it.
        >> You can add "postmaster@your_domain REJECT" to this list if you want.
        >
        > I am assuming I would add this to 'sender_access', correct?
        >
        > On Mon, Mar 1, 2010 at 1:31 AM, LuKreme <kremels@...> wrote:
        >> Often people have an exclusion to pass email to postmaster no matter what.
        >> Check you sender_access and helo_checks for such an exclusion.
        >>
        >> Mine looks like this:
        >>
        >> /^postmaster@...$/ 550 Don't Spoof as my postmaster
        >> /^postmaster@...$/ 550 Don't Spoof as my postmaster
        >> /^postmaster@...$/ 550 Don't Spoof as my postmaster
        >> /^postmaster\@/ OK
        >
        > LuKreme suggested the above which is different from your suggestion
        > above. I guess I am just not sure which works or do they simply do the
        > same thing. I don't know if the above example from LuKreme is for
        > 'sender_access' or another type of file. Do you care to add to this
        > for my understanding?
        >
        >> No glaring errors, although you might want to remove
        >> reject_unknown_recipient_domain as the only thing it's likely to block is
        >> your own domain.
        >
        > Thanks. I will try this. You're the 1st to suggest this so far. Thanks.

        do not allow mail sent by "receive only" addresses such as psotmaster. I
        am assuming that you don't send mail "from postmaster".

        that said, this won't block all your spam. block _sources_ of spam:

        $ host 89.204.40.160
        160.40.204.89.in-addr.arpa domain name pointer
        160.40.204.89.access.ttknet.ru.


        so use a

        regex=pcre:/etc/postfix/pcre

        smtpd_recipient_restrictions =
        ...
        reject_unauth_destination
        ...
        check_helo_access $regex/access_host
        check_reverse_client_hostname_access $regex/access_host


        == access_host
        /^(d\+\W){4}.*\.ttknet\.ru$/ REJECT generic hostname....

        In these spam days, it's no more possible to play mail with "generic"
        hostnames. The above is still "conservative". it'll only take me some
        time to go for a /(d\+\W){4}/.... ;-p
      Your message has been successfully submitted and would be delivered to recipients shortly.