Loading ...
Sorry, an error occurred while loading the content.

How to stop smtp servers to send us emails

Expand Messages
  • Pierre-Gilles RAYNAUD
    Hi Everyone, I would like to know how to stop/forbid this server to send us their emails The content of received email is Received: from
    Message 1 of 9 , Dec 1, 2012
    • 0 Attachment
      Hi Everyone,

      I would like to know how to stop/forbid this server to send us their emails

      The content of received email is

      Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
      by mail.domain.tld (Postfix) with ESMTP
      for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
      Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
      by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
      for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)

      The contain of mail.log

      Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
      address not listed for hostname web-groupsolweb1.aquaray.com
      Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
      unknown[95.128.42.80]
      Nov 30 00:56:49 serv001 postfix/smtpd[21866]: NOQUEUE:
      client=unknown[95.128.42.80]
      Nov 30 00:56:49 serv001 postfix/smtpd[21871]: connect from
      localhost[127.0.0.1]
      Nov 30 00:56:49 serv001 postfix/smtpd[21871]: D77123A40A:
      client=unknown[95.128.42.80]
      Nov 30 00:56:49 serv001 spampd[20245]: processing message
      <20121126163609.36B3A25F71E@PC-de-thib> for <info@...>
      ORCPT=rfc822;info@...
      Nov 30 00:56:52 serv001 spampd[20245]: clean message
      <20121126163609.36B3A25F71E@PC-de-thib> (-0.27/5.00) from
      <mailing@...> for <info@...>
      ORCPT=rfc822;info@... in 2.26s, 32069 bytes.
      Nov 30 00:56:52 serv001 postfix/cleanup[21872]: D77123A40A:
      message-id=<20121126163609.36B3A25F71E@PC-de-thib>
      Nov 30 00:56:52 serv001 opendkim[1128]: D77123A40A no signing table
      match for `seminaire@...'
      Nov 30 00:56:52 serv001 opendkim[1128]: D77123A40A: no signature data
      Nov 30 00:56:52 serv001 postfix/qmgr[22689]: D77123A40A:
      from=<mailing@...>, size=32487, nrcpt=1 (queue
      active)
      Nov 30 00:56:52 serv001 postfix/smtpd[21866]: proxy-accept:
      END-OF-MESSAGE: 250 2.0.0 Ok: queued as D77123A40A;
      from=<mailing@...> to=<info@...>
      proto=ESMTP helo=<web-groupsolweb1.aquaray.com>
      Nov 30 00:56:52 serv001 postfix/smtpd[21871]: disconnect from
      localhost[127.0.0.1]
      Nov 30 00:56:52 serv001 postfix/smtpd[21866]: disconnect from
      unknown[95.128.42.80]


      #postconf -d mail_version
      mail_version = 2.7.1

      Cheers
      --
      PGR
    • Noel Jones
      ... Add a check_client_access map to reject them. Something like: # main.cf smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_blacklist
      Message 2 of 9 , Dec 1, 2012
      • 0 Attachment
        On 12/1/2012 11:11 AM, Pierre-Gilles RAYNAUD wrote:
        > Hi Everyone,
        >
        > I would like to know how to stop/forbid this server to send us their emails
        >
        > The content of received email is
        >
        > Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
        > by mail.domain.tld (Postfix) with ESMTP
        > for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
        > Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
        > by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
        > for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
        >
        > The contain of mail.log
        >
        > Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
        > address not listed for hostname web-groupsolweb1.aquaray.com
        > Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
        > unknown[95.128.42.80]


        Add a check_client_access map to reject them. Something like:

        # main.cf
        smtpd_client_restrictions =
        check_client_access hash:/etc/postfix/client_blacklist

        # client_blacklist
        95.128.42.80 REJECT listed in client blacklist


        After you edit main.cf, execute "postfix reload"
        after editing client_blacklist, execute "postmap hash: client_blacklist"

        http://www.postfix.org/documentation.html
        http://www.postfix.org/SMTPD_ACCESS_README.html

        If you need more help,
        http://www.postfix.org/DEBUG_README.html#mail


        -- Noel Jones


        > Nov 30 00:56:49 serv001 postfix/smtpd[21866]: NOQUEUE:
        > client=unknown[95.128.42.80]
        > Nov 30 00:56:49 serv001 postfix/smtpd[21871]: connect from
        > localhost[127.0.0.1]
        > Nov 30 00:56:49 serv001 postfix/smtpd[21871]: D77123A40A:
        > client=unknown[95.128.42.80]
        > Nov 30 00:56:49 serv001 spampd[20245]: processing message
        > <20121126163609.36B3A25F71E@PC-de-thib> for <info@...>
        > ORCPT=rfc822;info@...
        > Nov 30 00:56:52 serv001 spampd[20245]: clean message
        > <20121126163609.36B3A25F71E@PC-de-thib> (-0.27/5.00) from
        > <mailing@...> for <info@...>
        > ORCPT=rfc822;info@... in 2.26s, 32069 bytes.
        > Nov 30 00:56:52 serv001 postfix/cleanup[21872]: D77123A40A:
        > message-id=<20121126163609.36B3A25F71E@PC-de-thib>
        > Nov 30 00:56:52 serv001 opendkim[1128]: D77123A40A no signing table
        > match for `seminaire@...'
        > Nov 30 00:56:52 serv001 opendkim[1128]: D77123A40A: no signature data
        > Nov 30 00:56:52 serv001 postfix/qmgr[22689]: D77123A40A:
        > from=<mailing@...>, size=32487, nrcpt=1 (queue
        > active)
        > Nov 30 00:56:52 serv001 postfix/smtpd[21866]: proxy-accept:
        > END-OF-MESSAGE: 250 2.0.0 Ok: queued as D77123A40A;
        > from=<mailing@...> to=<info@...>
        > proto=ESMTP helo=<web-groupsolweb1.aquaray.com>
        > Nov 30 00:56:52 serv001 postfix/smtpd[21871]: disconnect from
        > localhost[127.0.0.1]
        > Nov 30 00:56:52 serv001 postfix/smtpd[21866]: disconnect from
        > unknown[95.128.42.80]
        >
        >
        > #postconf -d mail_version
        > mail_version = 2.7.1
        >
        > Cheers
        > --
        > PGR
        >
      • Pierre-Gilles RAYNAUD
        Hi Everyone, ... Both have been done /etc/postfix$ grep iglobe.be * client-blacklist:.iglobe.be REJECT 555 Spam not tolerated /etc/postfix$ grep
        Message 3 of 9 , Dec 5, 2012
        • 0 Attachment
          Hi Everyone,

          On 01/12/12 18:19, Noel Jones wrote:
          > On 12/1/2012 11:11 AM, PGR wrote:
          >> Hi Everyone,
          >>
          >> I would like to know how to stop/forbid this server to send us their emails
          >>
          >> The content of received email is
          >>
          >> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
          >> by mail.domain.tld (Postfix) with ESMTP
          >> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
          >> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
          >> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
          >> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
          >>
          >> The contain of mail.log
          >>
          >> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
          >> address not listed for hostname web-groupsolweb1.aquaray.com
          >> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
          >> unknown[95.128.42.80]
          >
          > Add a check_client_access map to reject them. Something like:
          >
          > # main.cf
          > smtpd_client_restrictions =
          > check_client_access hash:/etc/postfix/client_blacklist
          >
          > # client_blacklist
          > 95.128.42.80 REJECT listed in client blacklist
          Both have been done

          /etc/postfix$ grep iglobe.be *
          client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

          /etc/postfix$ grep client-blacklist *
          main.cf:smtpd_client_restrictions = permit_mynetworks,
          check_client_access hash:/etc/postfix/client-blacklist,
          reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
          reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname

          and I'm still getting unwanted email (from iglobe.be in this example)

          Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
          by mail.domain.tld (Postfix) with ESMTP
          for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
          Received: from pluto.be-housing.be (unknown [192.168.137.94])
          by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
          for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
          Received: from 84.194.91.122 (localhost [127.0.0.1])
          by pluto.be-housing.be (Postfix) with SMTP id 01744158023
          for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)

          Any suggestions on what is going on my configuration?

          Cheers
          --
          PGR
        • Wietse Venema
          ... Why do you have a . before the domain? Where is this documented? Wietse
          Message 4 of 9 , Dec 6, 2012
          • 0 Attachment
            Pierre-Gilles RAYNAUD:
            > /etc/postfix$ grep iglobe.be *
            > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

            Why do you have a '.' before the domain?
            Where is this documented?

            Wietse
          • Noel Jones
            ... Wow, that doesn t look anything like the example I supplied. The domain form with a leading dot .example.com will only work if you adjust the default
            Message 5 of 9 , Dec 6, 2012
            • 0 Attachment
              On 12/5/2012 11:22 PM, Pierre-Gilles RAYNAUD wrote:
              > Hi Everyone,
              >
              > On 01/12/12 18:19, Noel Jones wrote:
              >> On 12/1/2012 11:11 AM, PGR wrote:
              >>> Hi Everyone,
              >>>
              >>> I would like to know how to stop/forbid this server to send us their emails
              >>>
              >>> The content of received email is
              >>>
              >>> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
              >>> by mail.domain.tld (Postfix) with ESMTP
              >>> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
              >>> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
              >>> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
              >>> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
              >>>
              >>> The contain of mail.log
              >>>
              >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
              >>> address not listed for hostname web-groupsolweb1.aquaray.com
              >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
              >>> unknown[95.128.42.80]
              >>
              >> Add a check_client_access map to reject them. Something like:
              >>
              >> # main.cf
              >> smtpd_client_restrictions =
              >> check_client_access hash:/etc/postfix/client_blacklist
              >>
              >> # client_blacklist
              >> 95.128.42.80 REJECT listed in client blacklist
              > Both have been done
              >
              > /etc/postfix$ grep iglobe.be *
              > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

              Wow, that doesn't look anything like the example I supplied.

              The domain form with a leading dot ".example.com" will only work if
              you adjust the default setting of parent_domain_matches_subdomains.
              I think most folks use the default setting and "example.com"; use
              whichever you prefer.

              Don't make up reject codes; the "555" you specify is not valid.
              Just use "REJECT reason" and let postfix decide the proper code.

              Use example.com instead of someone's name.



              -- Noel Jones

              >
              > /etc/postfix$ grep client-blacklist *
              > main.cf:smtpd_client_restrictions = permit_mynetworks,
              > check_client_access hash:/etc/postfix/client-blacklist,
              > reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
              > reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname
              >
              > and I'm still getting unwanted email (from iglobe.be in this example)
              >
              > Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
              > by mail.domain.tld (Postfix) with ESMTP
              > for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
              > Received: from pluto.be-housing.be (unknown [192.168.137.94])
              > by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
              > for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
              > Received: from 84.194.91.122 (localhost [127.0.0.1])
              > by pluto.be-housing.be (Postfix) with SMTP id 01744158023
              > for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)
              >
              > Any suggestions on what is going on my configuration?
              >
              > Cheers
              > --
              > PGR
              >
            • Pierre-Gilles RAYNAUD
              Hi Wietse, ... Found on many posts explaining how to build blacklist or whitelist for access restrictions (check_xxxx_access= hash:/yyyyy) I don t think it was
              Message 6 of 9 , Dec 6, 2012
              • 0 Attachment
                Hi Wietse,

                On 06/12/12 12:52, Wietse Venema wrote:
                > Pierre-Gilles RAYNAUD:
                >> /etc/postfix$ grep iglobe.be *
                >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
                > Why do you have a '.' before the domain?
                > Where is this documented?
                >
                > Wietse
                Found on many posts explaining how to build blacklist or whitelist for
                access restrictions (check_xxxx_access= hash:/yyyyy)
                I don't think it was on postfix website but due to the number of blogs,
                posts using this syntax notation to exclude a domain, I assume, wrongly
                it seems, that statistically, it couldn't be wrong :(

                Cheers
                --
                PGR
              • Wietse Venema
                ... Blogs are often wrong, or worse, they are incomplete (which is what got you into trouble). When configuring Postfix, you can save time and read the
                Message 7 of 9 , Dec 7, 2012
                • 0 Attachment
                  Pierre-Gilles RAYNAUD:
                  > Hi Wietse,
                  >
                  > On 06/12/12 12:52, Wietse Venema wrote:
                  > > Pierre-Gilles RAYNAUD:
                  > >> /etc/postfix$ grep iglobe.be *
                  > >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
                  > > Why do you have a '.' before the domain?
                  > > Where is this documented?
                  > >
                  > > Wietse
                  > Found on many posts explaining how to build blacklist or whitelist for
                  > access restrictions (check_xxxx_access= hash:/yyyyy)
                  > I don't think it was on postfix website but due to the number of blogs,
                  > posts using this syntax notation to exclude a domain, I assume, wrongly
                  > it seems, that statistically, it couldn't be wrong :(

                  Blogs are often wrong, or worse, they are incomplete (which is what
                  got you into trouble).

                  When configuring Postfix, you can save time and read the documentation
                  for the feature that you try to use.

                  I am not going to dictate here what you should do. RTFM instead.

                  Wietse
                • Pierre-Gilles RAYNAUD
                  Hi Wietse, 2012/12/7 Wietse Venema ... You are right when you are writting that blogs and posts may be incomplete and wrong, but this is
                  Message 8 of 9 , Dec 7, 2012
                  • 0 Attachment
                    Hi Wietse,




                    2012/12/7 Wietse Venema <wietse@...>
                    Pierre-Gilles RAYNAUD:
                    > Hi Wietse,
                    >
                    > On 06/12/12 12:52, Wietse Venema wrote:
                    > > Pierre-Gilles RAYNAUD:
                    > >> /etc/postfix$ grep iglobe.be *
                    > >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
                    > > Why do you have a '.' before the domain?
                    > > Where is this documented?
                    > >
                    > >     Wietse
                    > Found on many posts explaining how to build blacklist or whitelist for
                    > access restrictions (check_xxxx_access= hash:/yyyyy)
                    > I don't think it was on postfix website but due to the number of blogs,
                    > posts using this syntax notation to exclude a domain, I assume, wrongly
                    > it seems, that statistically, it couldn't be wrong :(

                    Blogs are often wrong, or worse, they are incomplete (which is what
                    got you into trouble).

                    When configuring Postfix, you can save time and read the documentation
                    for the feature that you try to use.

                    I am not going to dictate here what you should do. RTFM instead.

                            Wietse

                    Thank you for your time and answer.

                    You are right when you are writting that blogs and posts may be incomplete and wrong, but this is not always the case
                    Without any critics, the Postfix documentation is done by and for MTA experts, not unexperimented user like me.

                    We (as a small company) have started to use Postfix because we were unhappy with the hosting solution we have been using during 10 years and when we decided to have our own mails server (we called it like this ;) ), we had to get knowledge on this matters and at the first beginning, some blogs were very helpfull when we awere in front a shell prompt in order to do. 
                    We have learnt a lot since day 1, reading blogs, posts and the Postfix documentation reference, and also by making mistakes like the one we have just did.

                    By the way, in several months, perhaps we will be able to use to its full extend, some Postfix features we need in the emails area.
                    This will only be possible because someone, You, has created an open source apllication like Postfix.

                    Cheers
                    --
                    PGR
                  • mouss
                    ... vy default, parent_domain_matches_subdomains contains smtpd_access_maps . this implies that you should use iglobe.be without a dot. my recommendation
                    Message 9 of 9 , Dec 8, 2012
                    • 0 Attachment
                      Le 06/12/2012 06:22, Pierre-Gilles RAYNAUD a écrit :
                      > Hi Everyone,
                      >
                      > On 01/12/12 18:19, Noel Jones wrote:
                      >> On 12/1/2012 11:11 AM, PGR wrote:
                      >>> Hi Everyone,
                      >>>
                      >>> I would like to know how to stop/forbid this server to send us their emails
                      >>>
                      >>> The content of received email is
                      >>>
                      >>> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
                      >>> by mail.domain.tld (Postfix) with ESMTP
                      >>> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
                      >>> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
                      >>> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
                      >>> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
                      >>>
                      >>> The contain of mail.log
                      >>>
                      >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
                      >>> address not listed for hostname web-groupsolweb1.aquaray.com
                      >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
                      >>> unknown[95.128.42.80]
                      >> Add a check_client_access map to reject them. Something like:
                      >>
                      >> # main.cf
                      >> smtpd_client_restrictions =
                      >> check_client_access hash:/etc/postfix/client_blacklist
                      >>
                      >> # client_blacklist
                      >> 95.128.42.80 REJECT listed in client blacklist
                      > Both have been done
                      >
                      > /etc/postfix$ grep iglobe.be *
                      > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

                      vy default, parent_domain_matches_subdomains contains
                      "smtpd_access_maps". this implies that you should use "iglobe.be"
                      without a dot.

                      my recommendation is: use two entries, one with a leadin dot and one
                      without:

                      .iglobe.be REJECT ....
                      iglobe.be REJECT ...

                      This way, the domain is blocked whatever the value of
                      parent_domain_matches_subdomains is:
                      http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

                      note that this check depends on DNS. you can add checks based on the IP
                      address.

                      check_client_access cidr:/etc/postfix/client-bl.cidr

                      and in that file:

                      #reject 62.182.56.160 - 62.182.56.175
                      62.182.56.160/28 REJECT ...
                      # this doesn't include the IPs 62.182.56.176 - 62.182.56.187
                      # but that makes many "cidr blocks".
                      # if you feel a little angry, extend the block up to 62.182.56.191.
                      #62.182.56.160/27 REJECT ....
                      # if you are very angry, just block the /24.




                      >
                      > /etc/postfix$ grep client-blacklist *
                      > main.cf:smtpd_client_restrictions = permit_mynetworks,
                      > check_client_access hash:/etc/postfix/client-blacklist,
                      > reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
                      > reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname
                      >
                      > and I'm still getting unwanted email (from iglobe.be in this example)
                      >
                      > Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
                      > by mail.domain.tld (Postfix) with ESMTP
                      > for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
                      > Received: from pluto.be-housing.be (unknown [192.168.137.94])
                      > by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
                      > for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
                      > Received: from 84.194.91.122 (localhost [127.0.0.1])
                      > by pluto.be-housing.be (Postfix) with SMTP id 01744158023
                      > for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)
                      >
                      > Any suggestions on what is going on my configuration?
                      >
                      > Cheers
                      > --
                      > PGR
                    Your message has been successfully submitted and would be delivered to recipients shortly.