Loading ...
Sorry, an error occurred while loading the content.

Re: Spam Attack on Postmaster

Expand Messages
  • mouss
    ... do not allow mail sent by receive only addresses such as psotmaster. I am assuming that you don t send mail from postmaster . that said, this won t
    Message 1 of 18 , Mar 1 5:25 PM
    • 0 Attachment
      Carlos Williams a écrit :
      > On Mon, Mar 1, 2010 at 12:28 PM, Noel Jones <njones@...> wrote:
      >> It "slips past" because there are no rules to block it.
      >> You can add "postmaster@your_domain REJECT" to this list if you want.
      >
      > I am assuming I would add this to 'sender_access', correct?
      >
      > On Mon, Mar 1, 2010 at 1:31 AM, LuKreme <kremels@...> wrote:
      >> Often people have an exclusion to pass email to postmaster no matter what.
      >> Check you sender_access and helo_checks for such an exclusion.
      >>
      >> Mine looks like this:
      >>
      >> /^postmaster@...$/ 550 Don't Spoof as my postmaster
      >> /^postmaster@...$/ 550 Don't Spoof as my postmaster
      >> /^postmaster@...$/ 550 Don't Spoof as my postmaster
      >> /^postmaster\@/ OK
      >
      > LuKreme suggested the above which is different from your suggestion
      > above. I guess I am just not sure which works or do they simply do the
      > same thing. I don't know if the above example from LuKreme is for
      > 'sender_access' or another type of file. Do you care to add to this
      > for my understanding?
      >
      >> No glaring errors, although you might want to remove
      >> reject_unknown_recipient_domain as the only thing it's likely to block is
      >> your own domain.
      >
      > Thanks. I will try this. You're the 1st to suggest this so far. Thanks.

      do not allow mail sent by "receive only" addresses such as psotmaster. I
      am assuming that you don't send mail "from postmaster".

      that said, this won't block all your spam. block _sources_ of spam:

      $ host 89.204.40.160
      160.40.204.89.in-addr.arpa domain name pointer
      160.40.204.89.access.ttknet.ru.


      so use a

      regex=pcre:/etc/postfix/pcre

      smtpd_recipient_restrictions =
      ...
      reject_unauth_destination
      ...
      check_helo_access $regex/access_host
      check_reverse_client_hostname_access $regex/access_host


      == access_host
      /^(d\+\W){4}.*\.ttknet\.ru$/ REJECT generic hostname....

      In these spam days, it's no more possible to play mail with "generic"
      hostnames. The above is still "conservative". it'll only take me some
      time to go for a /(d\+\W){4}/.... ;-p
    Your message has been successfully submitted and would be delivered to recipients shortly.