Prev: (solved) Installing smtp auth did not help my spam issue Belowis example
Next: postmap -q and ldap
From: Josh Cason on 23 Jun 2010 16:54
A while back I setup a helo.regexp file. I have changed it around a
bit. I'm trying to stop e-mail that is sent to/from the same e-mail
address but not my system. The idea was if they are sending mail to
themselves from my ip address. It would be blocked.


Example from my test server:

/^webserv\.idahofur\.com$/ 550 Don't use my own hostname
/^216\.201\.76\.183$/ 550 Don't use my own IP address
/^[0-9.]+$/ 550 Your software is not RFC 2821 compliant
/^[0-9]+(\.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant




Example from my log:

Jun 13 20:10:45 primary postfix/smtpd[1322]: connect from
exprod6mx190.postini.com[64.18.1.42]
Jun 13 20:10:47 primary postfix/smtpd[1322]: AB47810D8005:
client=exprod6mx190.postini.com[64.18.1.42]
Jun 13 20:10:49 primary postfix/cleanup[1325]: AB47810D8005: hold:
header Received: from psmtp.com (exprod6mx190.postini.com$
Jun 13 20:10:49 primary postfix/cleanup[1325]: AB47810D8005:
message-id=<20100614021047.AB47810D8005(a)primary.mychoice.cc>
Jun 13 20:10:49 primary MailScanner[28889]: New Batch: Scanning 1
messages, 12557 bytes
Jun 13 20:10:49 primary MailScanner[28889]: Spam Checks: Starting
Jun 13 20:10:49 primary MailScanner[28889]: Expired 1 records from the
SpamAssassin cache
Jun 13 20:10:49 primary postfix/smtpd[1322]: disconnect from
exprod6mx190.postini.com[64.18.1.42]
Jun 13 20:10:50 primary MailScanner[28889]: Virus and Content
Scanning: Starting
Jun 13 20:10:55 primary MailScanner[28889]: Requeue:
AB47810D8005.4CC84 to EA43910D8139
Jun 13 20:10:55 primary MailScanner[28889]: Uninfected: Delivered 1 messages
Jun 13 20:10:55 primary postfix/qmgr[20454]: EA43910D8139:
from=<meusborn(a)testcompany.net>, size=11920, nrcpt=1 (queue active)
Jun 13 20:10:55 primary MailScanner[28889]: MailScanner child dying of old age
Jun 13 20:10:55 primary postfix/virtual[1337]: EA43910D8139:
to=<meusborn(a)testcompany.net>, relay=virtual, delay=8.9, delays=8$
Jun 13 20:10:55 primary postfix/qmgr[20454]: EA43910D8139: removed

Thanks,

Josh


--
This message has been scanned for viruses and
dangerous content by Mychoice, and is
believed to be clean.

From: mouss on 23 Jun 2010 18:20
Josh Cason a �crit :
> A while back I setup a helo.regexp file. I have changed it around a bit.
> I'm trying to stop e-mail that is sent to/from the same e-mail address
> but not my system. The idea was if they are sending mail to themselves
> from my ip address. It would be blocked.
>
>
> Example from my test server:
>
> /^webserv\.idahofur\.com$/ 550 Don't use my own hostname
> /^216\.201\.76\.183$/ 550 Don't use my own IP address
> /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant
> /^[0-9]+(\.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant
>
>
>
>
> Example from my log:
>
> Jun 13 20:10:45 primary postfix/smtpd[1322]: connect from
> exprod6mx190.postini.com[64.18.1.42]


This mail is coming from postini. if you use postini, there's nothing
you can do with the envelope (and even if you do content filtering, you
shouldn't reject mail. it's too late). if you don't use postini, then
please be kind and show your 'postconf -n' output and explain what you
think is not working as you would like. your post shows no problem.

> Jun 13 20:10:47 primary postfix/smtpd[1322]: AB47810D8005:
> client=exprod6mx190.postini.com[64.18.1.42]
> Jun 13 20:10:49 primary postfix/cleanup[1325]: AB47810D8005: hold:
> header Received: from psmtp.com (exprod6mx190.postini.com$
> Jun 13 20:10:49 primary postfix/cleanup[1325]: AB47810D8005:
> message-id=<20100614021047.AB47810D8005(a)primary.mychoice.cc>
> Jun 13 20:10:49 primary MailScanner[28889]: New Batch: Scanning 1
> messages, 12557 bytes
> Jun 13 20:10:49 primary MailScanner[28889]: Spam Checks: Starting
> Jun 13 20:10:49 primary MailScanner[28889]: Expired 1 records from the
> SpamAssassin cache
> Jun 13 20:10:49 primary postfix/smtpd[1322]: disconnect from
> exprod6mx190.postini.com[64.18.1.42]
> Jun 13 20:10:50 primary MailScanner[28889]: Virus and Content Scanning:
> Starting
> Jun 13 20:10:55 primary MailScanner[28889]: Requeue: AB47810D8005.4CC84
> to EA43910D8139
> Jun 13 20:10:55 primary MailScanner[28889]: Uninfected: Delivered 1
> messages
> Jun 13 20:10:55 primary postfix/qmgr[20454]: EA43910D8139:
> from=<meusborn(a)testcompany.net>, size=11920, nrcpt=1 (queue active)
> Jun 13 20:10:55 primary MailScanner[28889]: MailScanner child dying of
> old age
> Jun 13 20:10:55 primary postfix/virtual[1337]: EA43910D8139:
> to=<meusborn(a)testcompany.net>, relay=virtual, delay=8.9, delays=8$
> Jun 13 20:10:55 primary postfix/qmgr[20454]: EA43910D8139: removed
>
> Thanks,
>
> Josh
>
>

From: Victor Duchovni on 24 Jun 2010 00:02
On Thu, Jun 24, 2010 at 12:20:23AM +0200, mouss wrote:

> This mail is coming from postini. if you use postini, there's nothing
> you can do with the envelope (and even if you do content filtering, you
> shouldn't reject mail. it's too late).

Postini implement an SMTP proxy, not a store-and-forward relay,
so rejecting mail is still OK, but client IP checks are not very
useful, checks based on the envelope sender domain, ... may
still be useful in some cases.

--
Viktor.

From: mouss on 24 Jun 2010 17:47
Victor Duchovni a �crit :
> On Thu, Jun 24, 2010 at 12:20:23AM +0200, mouss wrote:
>
>> This mail is coming from postini. if you use postini, there's nothing
>> you can do with the envelope (and even if you do content filtering, you
>> shouldn't reject mail. it's too late).
>
> Postini implement an SMTP proxy, not a store-and-forward relay,

is that always true? don't they queue mail if the destination site
responds with a 4xx?


> so rejecting mail is still OK, but client IP checks are not very
> useful, checks based on the envelope sender domain, ... may
> still be useful in some cases.
>

From: Victor Duchovni on 24 Jun 2010 23:08
On Thu, Jun 24, 2010 at 11:47:12PM +0200, mouss wrote:

> Victor Duchovni a ?crit :
> > On Thu, Jun 24, 2010 at 12:20:23AM +0200, mouss wrote:
> >
> >> This mail is coming from postini. if you use postini, there's nothing
> >> you can do with the envelope (and even if you do content filtering, you
> >> shouldn't reject mail. it's too late).
> >
> > Postini implement an SMTP proxy, not a store-and-forward relay,
>
> is that always true? don't they queue mail if the destination site
> responds with a 4xx?

I believe they don't, but my information could be stale. The service
they offer is primarily an SMTP proxy service.

--
Viktor.

 |  Next  |  Last
Pages: 1 2
Prev: (solved) Installing smtp auth did not help my spam issue Belowis example
Next: postmap -q and ldap