Loading ...
Sorry, an error occurred while loading the content.

Re: How to stop smtp servers to send us emails

Expand Messages
  • Noel Jones
    ... Add a check_client_access map to reject them. Something like: # main.cf smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_blacklist
    Message 1 of 9 , Dec 1, 2012
    • 0 Attachment
      On 12/1/2012 11:11 AM, Pierre-Gilles RAYNAUD wrote:
      > Hi Everyone,
      >
      > I would like to know how to stop/forbid this server to send us their emails
      >
      > The content of received email is
      >
      > Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
      > by mail.domain.tld (Postfix) with ESMTP
      > for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
      > Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
      > by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
      > for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
      >
      > The contain of mail.log
      >
      > Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
      > address not listed for hostname web-groupsolweb1.aquaray.com
      > Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
      > unknown[95.128.42.80]


      Add a check_client_access map to reject them. Something like:

      # main.cf
      smtpd_client_restrictions =
      check_client_access hash:/etc/postfix/client_blacklist

      # client_blacklist
      95.128.42.80 REJECT listed in client blacklist


      After you edit main.cf, execute "postfix reload"
      after editing client_blacklist, execute "postmap hash: client_blacklist"

      http://www.postfix.org/documentation.html
      http://www.postfix.org/SMTPD_ACCESS_README.html

      If you need more help,
      http://www.postfix.org/DEBUG_README.html#mail


      -- Noel Jones


      > Nov 30 00:56:49 serv001 postfix/smtpd[21866]: NOQUEUE:
      > client=unknown[95.128.42.80]
      > Nov 30 00:56:49 serv001 postfix/smtpd[21871]: connect from
      > localhost[127.0.0.1]
      > Nov 30 00:56:49 serv001 postfix/smtpd[21871]: D77123A40A:
      > client=unknown[95.128.42.80]
      > Nov 30 00:56:49 serv001 spampd[20245]: processing message
      > <20121126163609.36B3A25F71E@PC-de-thib> for <info@...>
      > ORCPT=rfc822;info@...
      > Nov 30 00:56:52 serv001 spampd[20245]: clean message
      > <20121126163609.36B3A25F71E@PC-de-thib> (-0.27/5.00) from
      > <mailing@...> for <info@...>
      > ORCPT=rfc822;info@... in 2.26s, 32069 bytes.
      > Nov 30 00:56:52 serv001 postfix/cleanup[21872]: D77123A40A:
      > message-id=<20121126163609.36B3A25F71E@PC-de-thib>
      > Nov 30 00:56:52 serv001 opendkim[1128]: D77123A40A no signing table
      > match for `seminaire@...'
      > Nov 30 00:56:52 serv001 opendkim[1128]: D77123A40A: no signature data
      > Nov 30 00:56:52 serv001 postfix/qmgr[22689]: D77123A40A:
      > from=<mailing@...>, size=32487, nrcpt=1 (queue
      > active)
      > Nov 30 00:56:52 serv001 postfix/smtpd[21866]: proxy-accept:
      > END-OF-MESSAGE: 250 2.0.0 Ok: queued as D77123A40A;
      > from=<mailing@...> to=<info@...>
      > proto=ESMTP helo=<web-groupsolweb1.aquaray.com>
      > Nov 30 00:56:52 serv001 postfix/smtpd[21871]: disconnect from
      > localhost[127.0.0.1]
      > Nov 30 00:56:52 serv001 postfix/smtpd[21866]: disconnect from
      > unknown[95.128.42.80]
      >
      >
      > #postconf -d mail_version
      > mail_version = 2.7.1
      >
      > Cheers
      > --
      > PGR
      >
    • Pierre-Gilles RAYNAUD
      Hi Everyone, ... Both have been done /etc/postfix$ grep iglobe.be * client-blacklist:.iglobe.be REJECT 555 Spam not tolerated /etc/postfix$ grep
      Message 2 of 9 , Dec 5, 2012
      • 0 Attachment
        Hi Everyone,

        On 01/12/12 18:19, Noel Jones wrote:
        > On 12/1/2012 11:11 AM, PGR wrote:
        >> Hi Everyone,
        >>
        >> I would like to know how to stop/forbid this server to send us their emails
        >>
        >> The content of received email is
        >>
        >> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
        >> by mail.domain.tld (Postfix) with ESMTP
        >> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
        >> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
        >> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
        >> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
        >>
        >> The contain of mail.log
        >>
        >> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
        >> address not listed for hostname web-groupsolweb1.aquaray.com
        >> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
        >> unknown[95.128.42.80]
        >
        > Add a check_client_access map to reject them. Something like:
        >
        > # main.cf
        > smtpd_client_restrictions =
        > check_client_access hash:/etc/postfix/client_blacklist
        >
        > # client_blacklist
        > 95.128.42.80 REJECT listed in client blacklist
        Both have been done

        /etc/postfix$ grep iglobe.be *
        client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

        /etc/postfix$ grep client-blacklist *
        main.cf:smtpd_client_restrictions = permit_mynetworks,
        check_client_access hash:/etc/postfix/client-blacklist,
        reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
        reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname

        and I'm still getting unwanted email (from iglobe.be in this example)

        Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
        by mail.domain.tld (Postfix) with ESMTP
        for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
        Received: from pluto.be-housing.be (unknown [192.168.137.94])
        by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
        for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
        Received: from 84.194.91.122 (localhost [127.0.0.1])
        by pluto.be-housing.be (Postfix) with SMTP id 01744158023
        for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)

        Any suggestions on what is going on my configuration?

        Cheers
        --
        PGR
      • Wietse Venema
        ... Why do you have a . before the domain? Where is this documented? Wietse
        Message 3 of 9 , Dec 6, 2012
        • 0 Attachment
          Pierre-Gilles RAYNAUD:
          > /etc/postfix$ grep iglobe.be *
          > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

          Why do you have a '.' before the domain?
          Where is this documented?

          Wietse
        • Noel Jones
          ... Wow, that doesn t look anything like the example I supplied. The domain form with a leading dot .example.com will only work if you adjust the default
          Message 4 of 9 , Dec 6, 2012
          • 0 Attachment
            On 12/5/2012 11:22 PM, Pierre-Gilles RAYNAUD wrote:
            > Hi Everyone,
            >
            > On 01/12/12 18:19, Noel Jones wrote:
            >> On 12/1/2012 11:11 AM, PGR wrote:
            >>> Hi Everyone,
            >>>
            >>> I would like to know how to stop/forbid this server to send us their emails
            >>>
            >>> The content of received email is
            >>>
            >>> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
            >>> by mail.domain.tld (Postfix) with ESMTP
            >>> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
            >>> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
            >>> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
            >>> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
            >>>
            >>> The contain of mail.log
            >>>
            >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
            >>> address not listed for hostname web-groupsolweb1.aquaray.com
            >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
            >>> unknown[95.128.42.80]
            >>
            >> Add a check_client_access map to reject them. Something like:
            >>
            >> # main.cf
            >> smtpd_client_restrictions =
            >> check_client_access hash:/etc/postfix/client_blacklist
            >>
            >> # client_blacklist
            >> 95.128.42.80 REJECT listed in client blacklist
            > Both have been done
            >
            > /etc/postfix$ grep iglobe.be *
            > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

            Wow, that doesn't look anything like the example I supplied.

            The domain form with a leading dot ".example.com" will only work if
            you adjust the default setting of parent_domain_matches_subdomains.
            I think most folks use the default setting and "example.com"; use
            whichever you prefer.

            Don't make up reject codes; the "555" you specify is not valid.
            Just use "REJECT reason" and let postfix decide the proper code.

            Use example.com instead of someone's name.



            -- Noel Jones

            >
            > /etc/postfix$ grep client-blacklist *
            > main.cf:smtpd_client_restrictions = permit_mynetworks,
            > check_client_access hash:/etc/postfix/client-blacklist,
            > reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
            > reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname
            >
            > and I'm still getting unwanted email (from iglobe.be in this example)
            >
            > Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
            > by mail.domain.tld (Postfix) with ESMTP
            > for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
            > Received: from pluto.be-housing.be (unknown [192.168.137.94])
            > by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
            > for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
            > Received: from 84.194.91.122 (localhost [127.0.0.1])
            > by pluto.be-housing.be (Postfix) with SMTP id 01744158023
            > for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)
            >
            > Any suggestions on what is going on my configuration?
            >
            > Cheers
            > --
            > PGR
            >
          • Pierre-Gilles RAYNAUD
            Hi Wietse, ... Found on many posts explaining how to build blacklist or whitelist for access restrictions (check_xxxx_access= hash:/yyyyy) I don t think it was
            Message 5 of 9 , Dec 6, 2012
            • 0 Attachment
              Hi Wietse,

              On 06/12/12 12:52, Wietse Venema wrote:
              > Pierre-Gilles RAYNAUD:
              >> /etc/postfix$ grep iglobe.be *
              >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
              > Why do you have a '.' before the domain?
              > Where is this documented?
              >
              > Wietse
              Found on many posts explaining how to build blacklist or whitelist for
              access restrictions (check_xxxx_access= hash:/yyyyy)
              I don't think it was on postfix website but due to the number of blogs,
              posts using this syntax notation to exclude a domain, I assume, wrongly
              it seems, that statistically, it couldn't be wrong :(

              Cheers
              --
              PGR
            • Wietse Venema
              ... Blogs are often wrong, or worse, they are incomplete (which is what got you into trouble). When configuring Postfix, you can save time and read the
              Message 6 of 9 , Dec 7, 2012
              • 0 Attachment
                Pierre-Gilles RAYNAUD:
                > Hi Wietse,
                >
                > On 06/12/12 12:52, Wietse Venema wrote:
                > > Pierre-Gilles RAYNAUD:
                > >> /etc/postfix$ grep iglobe.be *
                > >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
                > > Why do you have a '.' before the domain?
                > > Where is this documented?
                > >
                > > Wietse
                > Found on many posts explaining how to build blacklist or whitelist for
                > access restrictions (check_xxxx_access= hash:/yyyyy)
                > I don't think it was on postfix website but due to the number of blogs,
                > posts using this syntax notation to exclude a domain, I assume, wrongly
                > it seems, that statistically, it couldn't be wrong :(

                Blogs are often wrong, or worse, they are incomplete (which is what
                got you into trouble).

                When configuring Postfix, you can save time and read the documentation
                for the feature that you try to use.

                I am not going to dictate here what you should do. RTFM instead.

                Wietse
              • Pierre-Gilles RAYNAUD
                Hi Wietse, 2012/12/7 Wietse Venema ... You are right when you are writting that blogs and posts may be incomplete and wrong, but this is
                Message 7 of 9 , Dec 7, 2012
                • 0 Attachment
                  Hi Wietse,




                  2012/12/7 Wietse Venema <wietse@...>
                  Pierre-Gilles RAYNAUD:
                  > Hi Wietse,
                  >
                  > On 06/12/12 12:52, Wietse Venema wrote:
                  > > Pierre-Gilles RAYNAUD:
                  > >> /etc/postfix$ grep iglobe.be *
                  > >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
                  > > Why do you have a '.' before the domain?
                  > > Where is this documented?
                  > >
                  > >     Wietse
                  > Found on many posts explaining how to build blacklist or whitelist for
                  > access restrictions (check_xxxx_access= hash:/yyyyy)
                  > I don't think it was on postfix website but due to the number of blogs,
                  > posts using this syntax notation to exclude a domain, I assume, wrongly
                  > it seems, that statistically, it couldn't be wrong :(

                  Blogs are often wrong, or worse, they are incomplete (which is what
                  got you into trouble).

                  When configuring Postfix, you can save time and read the documentation
                  for the feature that you try to use.

                  I am not going to dictate here what you should do. RTFM instead.

                          Wietse

                  Thank you for your time and answer.

                  You are right when you are writting that blogs and posts may be incomplete and wrong, but this is not always the case
                  Without any critics, the Postfix documentation is done by and for MTA experts, not unexperimented user like me.

                  We (as a small company) have started to use Postfix because we were unhappy with the hosting solution we have been using during 10 years and when we decided to have our own mails server (we called it like this ;) ), we had to get knowledge on this matters and at the first beginning, some blogs were very helpfull when we awere in front a shell prompt in order to do. 
                  We have learnt a lot since day 1, reading blogs, posts and the Postfix documentation reference, and also by making mistakes like the one we have just did.

                  By the way, in several months, perhaps we will be able to use to its full extend, some Postfix features we need in the emails area.
                  This will only be possible because someone, You, has created an open source apllication like Postfix.

                  Cheers
                  --
                  PGR
                • mouss
                  ... vy default, parent_domain_matches_subdomains contains smtpd_access_maps . this implies that you should use iglobe.be without a dot. my recommendation
                  Message 8 of 9 , Dec 8, 2012
                  • 0 Attachment
                    Le 06/12/2012 06:22, Pierre-Gilles RAYNAUD a écrit :
                    > Hi Everyone,
                    >
                    > On 01/12/12 18:19, Noel Jones wrote:
                    >> On 12/1/2012 11:11 AM, PGR wrote:
                    >>> Hi Everyone,
                    >>>
                    >>> I would like to know how to stop/forbid this server to send us their emails
                    >>>
                    >>> The content of received email is
                    >>>
                    >>> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
                    >>> by mail.domain.tld (Postfix) with ESMTP
                    >>> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
                    >>> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
                    >>> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
                    >>> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
                    >>>
                    >>> The contain of mail.log
                    >>>
                    >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
                    >>> address not listed for hostname web-groupsolweb1.aquaray.com
                    >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
                    >>> unknown[95.128.42.80]
                    >> Add a check_client_access map to reject them. Something like:
                    >>
                    >> # main.cf
                    >> smtpd_client_restrictions =
                    >> check_client_access hash:/etc/postfix/client_blacklist
                    >>
                    >> # client_blacklist
                    >> 95.128.42.80 REJECT listed in client blacklist
                    > Both have been done
                    >
                    > /etc/postfix$ grep iglobe.be *
                    > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

                    vy default, parent_domain_matches_subdomains contains
                    "smtpd_access_maps". this implies that you should use "iglobe.be"
                    without a dot.

                    my recommendation is: use two entries, one with a leadin dot and one
                    without:

                    .iglobe.be REJECT ....
                    iglobe.be REJECT ...

                    This way, the domain is blocked whatever the value of
                    parent_domain_matches_subdomains is:
                    http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

                    note that this check depends on DNS. you can add checks based on the IP
                    address.

                    check_client_access cidr:/etc/postfix/client-bl.cidr

                    and in that file:

                    #reject 62.182.56.160 - 62.182.56.175
                    62.182.56.160/28 REJECT ...
                    # this doesn't include the IPs 62.182.56.176 - 62.182.56.187
                    # but that makes many "cidr blocks".
                    # if you feel a little angry, extend the block up to 62.182.56.191.
                    #62.182.56.160/27 REJECT ....
                    # if you are very angry, just block the /24.




                    >
                    > /etc/postfix$ grep client-blacklist *
                    > main.cf:smtpd_client_restrictions = permit_mynetworks,
                    > check_client_access hash:/etc/postfix/client-blacklist,
                    > reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
                    > reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname
                    >
                    > and I'm still getting unwanted email (from iglobe.be in this example)
                    >
                    > Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
                    > by mail.domain.tld (Postfix) with ESMTP
                    > for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
                    > Received: from pluto.be-housing.be (unknown [192.168.137.94])
                    > by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
                    > for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
                    > Received: from 84.194.91.122 (localhost [127.0.0.1])
                    > by pluto.be-housing.be (Postfix) with SMTP id 01744158023
                    > for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)
                    >
                    > Any suggestions on what is going on my configuration?
                    >
                    > Cheers
                    > --
                    > PGR
                  Your message has been successfully submitted and would be delivered to recipients shortly.