Prev: how to specify a "default key" in access(5)
Next: how to deny incoming mail from specific domain
From: Aggelos on 15 Feb 2010 05:57
I want to deny incoming mail from domain blu0.hotmail.com.

I have put in /etc/postfix/sender_access the following line:
blu0.hotmail.com 554 Spam is not welcome

and then I run
postmap /etc/postfix/sender_access

and
postfix reload

Is that enough?

From: /dev/rob0 on 15 Feb 2010 07:44
Ahh, someone here today with a Postfix question, not a Cisco one! ;)

On Mon, Feb 15, 2010 at 12:57:40PM +0200, Aggelos wrote:
> I want to deny incoming mail from domain blu0.hotmail.com.

"From domain" means what? Sender address(a)blu0.hotmail.com ?

> I have put in /etc/postfix/sender_access the following line:
> blu0.hotmail.com 554 Spam is not welcome
>
> and then I run
> postmap /etc/postfix/sender_access

Is there something magical about this /etc/postfix/sender_access
filename that you are not telling us?

> and
> postfix reload
>
> Is that enough?

Not even close.

You must first understand how Postfix smtpd(8) access restrictions
work. See: http://www.postfix.org/SMTPD_ACCESS_README.html
as a starting point.

Since the text of your rejection implies that spam is the problem
you're trying to address, you really need to understand more about
spam and spammers, too. Here is a good overview:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

From: Aggelos on 15 Feb 2010 16:23
on 02/15/2010 02:44 PM /dev/rob0 wrote the following:
> Ahh, someone here today with a Postfix question, not a Cisco one! ;)
>
> On Mon, Feb 15, 2010 at 12:57:40PM +0200, Aggelos wrote:
>> I want to deny incoming mail from domain blu0.hotmail.com.
>
> "From domain" means what? Sender address(a)blu0.hotmail.com ?

Actually I want to deny all mail that has in the source something like
the following:

Received: from blu0-omc1-s16.blu0.hotmail.com


>
>> I have put in /etc/postfix/sender_access the following line:
>> blu0.hotmail.com 554 Spam is not welcome
>>
>> and then I run
>> postmap /etc/postfix/sender_access
>
> Is there something magical about this /etc/postfix/sender_access
> filename that you are not telling us?
>
>> and
>> postfix reload
>>
>> Is that enough?
>
> Not even close.
>
> You must first understand how Postfix smtpd(8) access restrictions
> work. See: http://www.postfix.org/SMTPD_ACCESS_README.html
> as a starting point.
>
> Since the text of your rejection implies that spam is the problem
> you're trying to address, you really need to understand more about
> spam and spammers, too. Here is a good overview:
> http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

Here is what I have at the end of the main.cf :


allow_percent_hack = no
body_checks = regexp:/etc/postfix/body_checks
config_directory = /etc/postfix
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
smtpd_helo_required = yes

smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
reject_unknown_recipient_domain,
check_sender_access hash:/etc/postfix/sender_access,
check_helo_access hash:/etc/postfix/helo_access,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unauth_pipelining,
check_client_access hash:/etc/postfix/client_access,
reject_unknown_client,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client dnsbl.sorbs.net
strict_rfc821_envelopes = yes
swap_bangpath = no
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unlisted_recipient_reject_code = 554

From: Aggelos on 15 Feb 2010 16:41
I get fake sender (blizzard.com) mails like so:

From - Mon Feb 15 12:36:41 2010
X-Account-Key: account19
X-UIDL: af3fd81a824190cb
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:

Return-Path: <steven_m_crook(a)hotmail.com>
X-Original-To: <user(a)my.domain.org>
Delivered-To: <user(a)my.domain.org>
Received: from blu0-omc1-s16.blu0.hotmail.com
(blu0-omc1-s16.blu0.hotmail.com [65.55.116.27])
by <mysmpt.my.domain.org> (Postfix) with ESMTP id 33C04FB9D
for <user(a)my.domain.org>; Mon, 15 Feb 2010 12:14:49 +0200 (EET)
Received: from BLU0-SMTP25 ([65.55.116.9]) by
blu0-omc1-s16.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 15 Feb 2010 02:14:46 -0800
X-Originating-IP: [222.69.163.146]
X-Originating-Email: [steven_m_crook(a)hotmail.com]
Message-ID: <BLU0-SMTP25C0AE687AA29C4655D059C74A0(a)phx.gbl>
Received: from zjg ([222.69.163.146]) by BLU0-SMTP25.blu0.hotmail.com
over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 15 Feb 2010 02:14:45 -0800
Reply-To: <wowaccountadmin(a)admin-blizzard.com>
Date: Mon, 15 Feb 2010 06:18:19 +0800
From: "wowaccountadmin" <wowaccountadmin(a)blizzard.com>
To: <user(a)my.domain.org>
Subject: World of Warcraft - Warning
X-mailer: Foxmail 6, 15, 201, 22
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=====003_Dragon137305138608_====="
X-OriginalArrivalTime: 15 Feb 2010 10:14:45.0979 (UTC)
FILETIME=[B2C67AB0:01CAAE27]

This is a multi-part message in MIME format.

--=====003_Dragon137305138608_=====
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: base64

From: LuKreme on 15 Feb 2010 16:56
On 15-Feb-2010, at 14:41, Aggelos wrote:
>
> Return-Path: <steven_m_crook(a)hotmail.com>
> X-Original-To: <user(a)my.domain.org>
> Delivered-To: <user(a)my.domain.org>
> Received: from blu0-omc1-s16.blu0.hotmail.com
> (blu0-omc1-s16.blu0.hotmail.com [65.55.116.27])
> by <mysmpt.my.domain.org> (Postfix) with ESMTP id 33C04FB9D
> for <user(a)my.domain.org>; Mon, 15 Feb 2010 12:14:49 +0200 (EET)
> Received: from BLU0-SMTP25 ([65.55.116.9]) by
> blu0-omc1-s16.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
> Mon, 15 Feb 2010 02:14:46 -0800
> X-Originating-IP: [222.69.163.146]
> X-Originating-Email: [steven_m_crook(a)hotmail.com]
> Message-ID: <BLU0-SMTP25C0AE687AA29C4655D059C74A0(a)phx.gbl>
> Received: from zjg ([222.69.163.146]) by BLU0-SMTP25.blu0.hotmail.com
> over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
> Mon, 15 Feb 2010 02:14:45 -0800
> Reply-To: <wowaccountadmin(a)admin-blizzard.com>
> Date: Mon, 15 Feb 2010 06:18:19 +0800
> From: "wowaccountadmin" <wowaccountadmin(a)blizzard.com>

Just as a unrelated point, forward these messages (as attachments or at least with complete headers) to hacks(a)blizzard.com.

They DO go after these sites.

I've fed a couple of dozen to bayes and they no longer get through.

You could also do something like

uri URI_BLIZZARD /\bblizzard\.com\b/i
mimeheader MH_BLIZZARD Content-Transfer-Encoding: base64
meta SPOOF_BLIZZARD (URI_BLIZZARD && MH_BLIZZARD)
score SPOOF_BLIZZARD 1.0

(untested, but something like that)

--
'Oook?'
'I like to listen to a man who likes to talk! Whoops! Sawdust and treacle! Put that in your herring and smoke it!'
'I don't think he wants one,' said Ponder. --Lords and Ladies

 |  Next  |  Last
Pages: 1 2
Prev: how to specify a "default key" in access(5)
Next: how to deny incoming mail from specific domain