Loading ...
Sorry, an error occurred while loading the content.

Re: How to stop smtp servers to send us emails

Expand Messages
  • Pierre-Gilles RAYNAUD
    Hi Everyone, ... Both have been done /etc/postfix$ grep iglobe.be * client-blacklist:.iglobe.be REJECT 555 Spam not tolerated /etc/postfix$ grep
    Message 1 of 9 , Dec 5, 2012
    • 0 Attachment
      Hi Everyone,

      On 01/12/12 18:19, Noel Jones wrote:
      > On 12/1/2012 11:11 AM, PGR wrote:
      >> Hi Everyone,
      >>
      >> I would like to know how to stop/forbid this server to send us their emails
      >>
      >> The content of received email is
      >>
      >> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
      >> by mail.domain.tld (Postfix) with ESMTP
      >> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
      >> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
      >> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
      >> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
      >>
      >> The contain of mail.log
      >>
      >> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
      >> address not listed for hostname web-groupsolweb1.aquaray.com
      >> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
      >> unknown[95.128.42.80]
      >
      > Add a check_client_access map to reject them. Something like:
      >
      > # main.cf
      > smtpd_client_restrictions =
      > check_client_access hash:/etc/postfix/client_blacklist
      >
      > # client_blacklist
      > 95.128.42.80 REJECT listed in client blacklist
      Both have been done

      /etc/postfix$ grep iglobe.be *
      client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

      /etc/postfix$ grep client-blacklist *
      main.cf:smtpd_client_restrictions = permit_mynetworks,
      check_client_access hash:/etc/postfix/client-blacklist,
      reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
      reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname

      and I'm still getting unwanted email (from iglobe.be in this example)

      Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
      by mail.domain.tld (Postfix) with ESMTP
      for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
      Received: from pluto.be-housing.be (unknown [192.168.137.94])
      by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
      for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
      Received: from 84.194.91.122 (localhost [127.0.0.1])
      by pluto.be-housing.be (Postfix) with SMTP id 01744158023
      for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)

      Any suggestions on what is going on my configuration?

      Cheers
      --
      PGR
    • Wietse Venema
      ... Why do you have a . before the domain? Where is this documented? Wietse
      Message 2 of 9 , Dec 6, 2012
      • 0 Attachment
        Pierre-Gilles RAYNAUD:
        > /etc/postfix$ grep iglobe.be *
        > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

        Why do you have a '.' before the domain?
        Where is this documented?

        Wietse
      • Noel Jones
        ... Wow, that doesn t look anything like the example I supplied. The domain form with a leading dot .example.com will only work if you adjust the default
        Message 3 of 9 , Dec 6, 2012
        • 0 Attachment
          On 12/5/2012 11:22 PM, Pierre-Gilles RAYNAUD wrote:
          > Hi Everyone,
          >
          > On 01/12/12 18:19, Noel Jones wrote:
          >> On 12/1/2012 11:11 AM, PGR wrote:
          >>> Hi Everyone,
          >>>
          >>> I would like to know how to stop/forbid this server to send us their emails
          >>>
          >>> The content of received email is
          >>>
          >>> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
          >>> by mail.domain.tld (Postfix) with ESMTP
          >>> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
          >>> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
          >>> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
          >>> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
          >>>
          >>> The contain of mail.log
          >>>
          >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
          >>> address not listed for hostname web-groupsolweb1.aquaray.com
          >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
          >>> unknown[95.128.42.80]
          >>
          >> Add a check_client_access map to reject them. Something like:
          >>
          >> # main.cf
          >> smtpd_client_restrictions =
          >> check_client_access hash:/etc/postfix/client_blacklist
          >>
          >> # client_blacklist
          >> 95.128.42.80 REJECT listed in client blacklist
          > Both have been done
          >
          > /etc/postfix$ grep iglobe.be *
          > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

          Wow, that doesn't look anything like the example I supplied.

          The domain form with a leading dot ".example.com" will only work if
          you adjust the default setting of parent_domain_matches_subdomains.
          I think most folks use the default setting and "example.com"; use
          whichever you prefer.

          Don't make up reject codes; the "555" you specify is not valid.
          Just use "REJECT reason" and let postfix decide the proper code.

          Use example.com instead of someone's name.



          -- Noel Jones

          >
          > /etc/postfix$ grep client-blacklist *
          > main.cf:smtpd_client_restrictions = permit_mynetworks,
          > check_client_access hash:/etc/postfix/client-blacklist,
          > reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
          > reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname
          >
          > and I'm still getting unwanted email (from iglobe.be in this example)
          >
          > Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
          > by mail.domain.tld (Postfix) with ESMTP
          > for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
          > Received: from pluto.be-housing.be (unknown [192.168.137.94])
          > by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
          > for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
          > Received: from 84.194.91.122 (localhost [127.0.0.1])
          > by pluto.be-housing.be (Postfix) with SMTP id 01744158023
          > for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)
          >
          > Any suggestions on what is going on my configuration?
          >
          > Cheers
          > --
          > PGR
          >
        • Pierre-Gilles RAYNAUD
          Hi Wietse, ... Found on many posts explaining how to build blacklist or whitelist for access restrictions (check_xxxx_access= hash:/yyyyy) I don t think it was
          Message 4 of 9 , Dec 6, 2012
          • 0 Attachment
            Hi Wietse,

            On 06/12/12 12:52, Wietse Venema wrote:
            > Pierre-Gilles RAYNAUD:
            >> /etc/postfix$ grep iglobe.be *
            >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
            > Why do you have a '.' before the domain?
            > Where is this documented?
            >
            > Wietse
            Found on many posts explaining how to build blacklist or whitelist for
            access restrictions (check_xxxx_access= hash:/yyyyy)
            I don't think it was on postfix website but due to the number of blogs,
            posts using this syntax notation to exclude a domain, I assume, wrongly
            it seems, that statistically, it couldn't be wrong :(

            Cheers
            --
            PGR
          • Wietse Venema
            ... Blogs are often wrong, or worse, they are incomplete (which is what got you into trouble). When configuring Postfix, you can save time and read the
            Message 5 of 9 , Dec 7, 2012
            • 0 Attachment
              Pierre-Gilles RAYNAUD:
              > Hi Wietse,
              >
              > On 06/12/12 12:52, Wietse Venema wrote:
              > > Pierre-Gilles RAYNAUD:
              > >> /etc/postfix$ grep iglobe.be *
              > >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
              > > Why do you have a '.' before the domain?
              > > Where is this documented?
              > >
              > > Wietse
              > Found on many posts explaining how to build blacklist or whitelist for
              > access restrictions (check_xxxx_access= hash:/yyyyy)
              > I don't think it was on postfix website but due to the number of blogs,
              > posts using this syntax notation to exclude a domain, I assume, wrongly
              > it seems, that statistically, it couldn't be wrong :(

              Blogs are often wrong, or worse, they are incomplete (which is what
              got you into trouble).

              When configuring Postfix, you can save time and read the documentation
              for the feature that you try to use.

              I am not going to dictate here what you should do. RTFM instead.

              Wietse
            • Pierre-Gilles RAYNAUD
              Hi Wietse, 2012/12/7 Wietse Venema ... You are right when you are writting that blogs and posts may be incomplete and wrong, but this is
              Message 6 of 9 , Dec 7, 2012
              • 0 Attachment
                Hi Wietse,




                2012/12/7 Wietse Venema <wietse@...>
                Pierre-Gilles RAYNAUD:
                > Hi Wietse,
                >
                > On 06/12/12 12:52, Wietse Venema wrote:
                > > Pierre-Gilles RAYNAUD:
                > >> /etc/postfix$ grep iglobe.be *
                > >> client-blacklist:.iglobe.be REJECT 555 Spam not tolerated
                > > Why do you have a '.' before the domain?
                > > Where is this documented?
                > >
                > >     Wietse
                > Found on many posts explaining how to build blacklist or whitelist for
                > access restrictions (check_xxxx_access= hash:/yyyyy)
                > I don't think it was on postfix website but due to the number of blogs,
                > posts using this syntax notation to exclude a domain, I assume, wrongly
                > it seems, that statistically, it couldn't be wrong :(

                Blogs are often wrong, or worse, they are incomplete (which is what
                got you into trouble).

                When configuring Postfix, you can save time and read the documentation
                for the feature that you try to use.

                I am not going to dictate here what you should do. RTFM instead.

                        Wietse

                Thank you for your time and answer.

                You are right when you are writting that blogs and posts may be incomplete and wrong, but this is not always the case
                Without any critics, the Postfix documentation is done by and for MTA experts, not unexperimented user like me.

                We (as a small company) have started to use Postfix because we were unhappy with the hosting solution we have been using during 10 years and when we decided to have our own mails server (we called it like this ;) ), we had to get knowledge on this matters and at the first beginning, some blogs were very helpfull when we awere in front a shell prompt in order to do. 
                We have learnt a lot since day 1, reading blogs, posts and the Postfix documentation reference, and also by making mistakes like the one we have just did.

                By the way, in several months, perhaps we will be able to use to its full extend, some Postfix features we need in the emails area.
                This will only be possible because someone, You, has created an open source apllication like Postfix.

                Cheers
                --
                PGR
              • mouss
                ... vy default, parent_domain_matches_subdomains contains smtpd_access_maps . this implies that you should use iglobe.be without a dot. my recommendation
                Message 7 of 9 , Dec 8, 2012
                • 0 Attachment
                  Le 06/12/2012 06:22, Pierre-Gilles RAYNAUD a écrit :
                  > Hi Everyone,
                  >
                  > On 01/12/12 18:19, Noel Jones wrote:
                  >> On 12/1/2012 11:11 AM, PGR wrote:
                  >>> Hi Everyone,
                  >>>
                  >>> I would like to know how to stop/forbid this server to send us their emails
                  >>>
                  >>> The content of received email is
                  >>>
                  >>> Received: from web-groupsolweb1.aquaray.com (unknown [95.128.42.80])
                  >>> by mail.domain.tld (Postfix) with ESMTP
                  >>> for <info@...>; Fri, 30 Nov 2012 00:56:49 +0100 (CET)
                  >>> Received: from PC-de-thib (2.147.3.109.rev.sfr.net [109.3.147.2])
                  >>> by web-groupsolweb1.aquaray.com (Postfix) with SMTP id E4515974A2C
                  >>> for <info@...>; Tue, 27 Nov 2012 03:59:06 +0100 (CET)
                  >>>
                  >>> The contain of mail.log
                  >>>
                  >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: warning: 95.128.42.80:
                  >>> address not listed for hostname web-groupsolweb1.aquaray.com
                  >>> Nov 30 00:56:49 serv001 postfix/smtpd[21866]: connect from
                  >>> unknown[95.128.42.80]
                  >> Add a check_client_access map to reject them. Something like:
                  >>
                  >> # main.cf
                  >> smtpd_client_restrictions =
                  >> check_client_access hash:/etc/postfix/client_blacklist
                  >>
                  >> # client_blacklist
                  >> 95.128.42.80 REJECT listed in client blacklist
                  > Both have been done
                  >
                  > /etc/postfix$ grep iglobe.be *
                  > client-blacklist:.iglobe.be REJECT 555 Spam not tolerated

                  vy default, parent_domain_matches_subdomains contains
                  "smtpd_access_maps". this implies that you should use "iglobe.be"
                  without a dot.

                  my recommendation is: use two entries, one with a leadin dot and one
                  without:

                  .iglobe.be REJECT ....
                  iglobe.be REJECT ...

                  This way, the domain is blocked whatever the value of
                  parent_domain_matches_subdomains is:
                  http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

                  note that this check depends on DNS. you can add checks based on the IP
                  address.

                  check_client_access cidr:/etc/postfix/client-bl.cidr

                  and in that file:

                  #reject 62.182.56.160 - 62.182.56.175
                  62.182.56.160/28 REJECT ...
                  # this doesn't include the IPs 62.182.56.176 - 62.182.56.187
                  # but that makes many "cidr blocks".
                  # if you feel a little angry, extend the block up to 62.182.56.191.
                  #62.182.56.160/27 REJECT ....
                  # if you are very angry, just block the /24.




                  >
                  > /etc/postfix$ grep client-blacklist *
                  > main.cf:smtpd_client_restrictions = permit_mynetworks,
                  > check_client_access hash:/etc/postfix/client-blacklist,
                  > reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net,
                  > reject_rbl_client zen.spamhaus.org,reject_unknown_reverse_client_hostname
                  >
                  > and I'm still getting unwanted email (from iglobe.be in this example)
                  >
                  > Received: from paganini.iglobe.be (diegem.iglobe.be [62.182.56.170])
                  > by mail.domain.tld (Postfix) with ESMTP
                  > for <user@...>; Wed, 5 Dec 2012 12:51:37 +0100 (CET)
                  > Received: from pluto.be-housing.be (unknown [192.168.137.94])
                  > by paganini.iglobe.be (Postfix) with ESMTP id 69C6688B77
                  > for <user@...>; Wed, 5 Dec 2012 12:51:39 +0100 (CET)
                  > Received: from 84.194.91.122 (localhost [127.0.0.1])
                  > by pluto.be-housing.be (Postfix) with SMTP id 01744158023
                  > for <user@...>; Wed, 5 Dec 2012 12:51:36 +0100 (CET)
                  >
                  > Any suggestions on what is going on my configuration?
                  >
                  > Cheers
                  > --
                  > PGR
                Your message has been successfully submitted and would be delivered to recipients shortly.