Loading ...
Sorry, an error occurred while loading the content.

RE: Stop spammers using outdated MX records.

Expand Messages
  • Hal Douglas
    Sahil, Thankyou for this, it did indeed do the trick, I ve documented it on the WWW in case anyone else has a similar need:
    Message 1 of 3 , Jun 24, 2010
    • 0 Attachment
      Sahil,

      Thankyou for this, it did indeed do the trick, I've documented it on the
      WWW in case anyone else has a similar need:

      http://sysadministrivia.blogspot.com/2010/06/stopping-spammers-using-old
      -mx-records.html

      I couldn't find the answer using Google, so hopefully someone else will
      be able to now.

      Cheers.

      -----Original Message-----
      From: owner-postfix-users@...
      [mailto:owner-postfix-users@...] On Behalf Of Sahil Tandon
      Sent: Thursday, 24 June 2010 1:06 PM
      To: postfix-users@...
      Subject: Re: Stop spammers using outdated MX records.

      On Thu, 2010-06-24 at 12:47:50 +1000, Hal Douglas wrote:

      > Domain2.edu smtp:[10.2.3.5]
      >
      > Domain2 has recently been signed up for a cloud spam scanning service,

      > so our postfix host is no longer MX for this domain, the spam scanning

      > service is MX and forwards mail to out postfix host. The problem I've

      > encountered is that spammers don't seem to use the updated MX records,

      > they still use the postfix host as if it were MX. So, what I assume I

      > need to do here is tell postfix that for Domain2 only relay mail from
      > the cloud spam scanning service and our networks.

      My understanding is that you want to refuse mail for domain2 recipients
      *unless* it originates from your network or the cloud.

      > How can I do this with postfix? I've searched around these lists and
      > the web in general, the best explanation I can find is this:

      You could use restriction classes but that is unnecessary. Assuming the
      cloud only sends mail to you for domain2, whitelist the cloud's IP
      *after* reject_unauth_destination but *before*, in the same restriction
      list, rejecting all mail addressed to domain2.

      http://www.postfix.org/postconf.5.html#check_client_access
      http://www.postfix.org/postconf.5.html#check_recipient_access
      http://www.postfix.org/access.5.html

      --
      Sahil Tandon <sahil@...>
    Your message has been successfully submitted and would be delivered to recipients shortly.