want to get rid of the zombies please
in [Postfix]
|
Prev: Block all incoming email for a specific local user
Next: 552 Requested mail action aborted: exceeded storage allocation
From: joe on 4 Jun 2007 18:45 Hello is there a way other than rbl client to reject zombies. I have a few on my mail server and would like to allow only sasl authenticated clients to send emal from my domains to my domains, with out specifying any valid ips. This zombies keep blasting email to my local emails all day. I found some examples using zombie.dnsbl.sorbs.net, not sure if this this the only way out.
From: ivakras1 on 5 Jun 2007 03:19 On 5 , 02:45, joe <jcha...(a)gmail.com> wrote: > Hello is there a way other than rbl client to reject zombies. I have a > few on my mail server and would like to allow only sasl authenticated > clients to send emal from my domains to my domains, with out > specifying any valid ips. This zombies keep blasting email to my > local emails all day. I found some examples using > zombie.dnsbl.sorbs.net, not sure if this this the only way out. I use that way: ## grep check_client_access /etc/postfix/main.cf check_client_access regexp:/etc/postfix/servers_check_regex, ## cat /etc/postfix/servers_check_regex /.*\.nicmail\.ru/ OK ........ /.*eme-pm\.com/ OK /.*[shax]dsl.*/ REJECT Kill yourself about the wall /client.*\..*\..*/ REJECT Kill yourself about the wall /cable.*\..*\..*/ REJECT Kill yourself about the wall /pool.*\..*\..*/ REJECT Kill yourself about the wall /dial.*\..*\..*/ REJECT Kill yourself about the wall /ppp.*\..*\..*/ REJECT Kill yourself about the wall /dslam.*\..*\..*/ REJECT Kill yourself about the wall /node.*\..*\..*/ REJECT Kill yourself about the wall /.*klimatstroy.*/ REJECT Kill yourself about the wall /.*dynamic.*/ REJECT Kill yourself about the wall /.*broadband.*/ REJECT Kill yourself about the wall /.*\.rr\.com/ REJECT Kill yourself about the wall /.*dhcp.*/ REJECT Kill yourself about the wall /.*dnxk\.com.*/ REJECT Kill yourself about the wall /.*orange\.fr/ REJECT Kill yourself about the wall /.*net-streams\.fr/ REJECT Kill yourself about the wall /.*charter\.com/ REJECT Kill yourself about the wall /.*outblaze\.com/ REJECT Kill yourself about the wall All restrictions is: smtpd_recipient_restrictions = #recipient permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, regexp:/etc/postfix/recipient_check_regex, #client check_client_access regexp:/etc/postfix/servers_check_regex, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, #sender check_sender_access regexp:/etc/postfix/sender_rest_regexp, check_policy_service inet:127.0.0.1:139, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unverified_sender It may be useful. And it realy works!
From: joe on 5 Jun 2007 08:55 Thanks but that is a little bet too hardcore for me. I am currently using a bash script that counts the items in mailq every minute, if it goes up over a certain limit it swaps my rbl to zen otherwise it uses the openrealys database. On Jun 5, 3:19 am, ivakr...(a)gmail.com wrote: > On 5 , 02:45, joe <jcha...(a)gmail.com> wrote: > > > Hello is there a way other than rbl client to reject zombies. I have a > > few on my mail server and would like to allow only sasl authenticated > > clients to send emal from my domains to my domains, with out > > specifying any valid ips. This zombies keep blasting email to my > > local emails all day. I found some examples using > > zombie.dnsbl.sorbs.net, not sure if this this the only way out. > > I use that way: > ## grep check_client_access /etc/postfix/main.cf > check_client_access regexp:/etc/postfix/servers_check_regex, > ## cat /etc/postfix/servers_check_regex > /.*\.nicmail\.ru/ OK > ....... > /.*eme-pm\.com/ OK > > /.*[shax]dsl.*/ REJECT Kill yourself about the wall > /client.*\..*\..*/ REJECT Kill yourself about the wall > /cable.*\..*\..*/ REJECT Kill yourself about the wall > /pool.*\..*\..*/ REJECT Kill yourself about the wall > /dial.*\..*\..*/ REJECT Kill yourself about the wall > /ppp.*\..*\..*/ REJECT Kill yourself about the wall > /dslam.*\..*\..*/ REJECT Kill yourself about the wall > /node.*\..*\..*/ REJECT Kill yourself about the wall > /.*klimatstroy.*/ REJECT Kill yourself about the wall > /.*dynamic.*/ REJECT Kill yourself about the wall > /.*broadband.*/ REJECT Kill yourself about the wall > /.*\.rr\.com/ REJECT Kill yourself about the wall > /.*dhcp.*/ REJECT Kill yourself about the wall > /.*dnxk\.com.*/ REJECT Kill yourself about the wall > /.*orange\.fr/ REJECT Kill yourself about the wall > /.*net-streams\.fr/ REJECT Kill yourself about the wall > /.*charter\.com/ REJECT Kill yourself about the wall > /.*outblaze\.com/ REJECT Kill yourself about the wall > > All restrictions is: > smtpd_recipient_restrictions = > #recipient > permit_mynetworks, > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > regexp:/etc/postfix/recipient_check_regex, > #client > check_client_access regexp:/etc/postfix/servers_check_regex, > reject_unauth_destination, > reject_invalid_hostname, > reject_unauth_pipelining, > reject_rbl_client list.dsbl.org, > reject_rbl_client bl.spamcop.net, > #sender > check_sender_access regexp:/etc/postfix/sender_rest_regexp, > check_policy_service inet:127.0.0.1:139, > reject_non_fqdn_sender, > reject_unknown_sender_domain, > reject_unverified_sender > > It may be useful. And it realy works!
From: ivakras1 on 6 Jun 2007 00:14 I mean zombies came from hostnames containing dynamic,dhcp,pool, and other words. Just filter hostname and reject if found one of them. On 5 , 16:55, joe <jcha...(a)gmail.com> wrote: > Thanks but that is a little bet too hardcore for me. I am currently > using a bash script that counts the items in mailq every minute, if it > goes up over a certain limit it swaps my rbl to zen otherwise it uses > the openrealys database. > > On Jun 5, 3:19 am, ivakr...(a)gmail.com wrote: > > > On 5 , 02:45, joe <jcha...(a)gmail.com> wrote: > > > > Hello is there a way other than rbl client to reject zombies. I have a > > > few on my mail server and would like to allow only sasl authenticated > > > clients to send emal from my domains to my domains, with out > > > specifying any valid ips. This zombies keep blasting email to my > > > local emails all day. I found some examples using > > > zombie.dnsbl.sorbs.net, not sure if this this the only way out. > > > I use that way: > > ## grep check_client_access /etc/postfix/main.cf > > check_client_access regexp:/etc/postfix/servers_check_regex, > > ## cat /etc/postfix/servers_check_regex > > /.*\.nicmail\.ru/ OK > > ....... > > /.*eme-pm\.com/ OK > > > /.*[shax]dsl.*/ REJECT Kill yourself about the wall > > /client.*\..*\..*/ REJECT Kill yourself about the wall > > /cable.*\..*\..*/ REJECT Kill yourself about the wall > > /pool.*\..*\..*/ REJECT Kill yourself about the wall > > /dial.*\..*\..*/ REJECT Kill yourself about the wall > > /ppp.*\..*\..*/ REJECT Kill yourself about the wall > > /dslam.*\..*\..*/ REJECT Kill yourself about the wall > > /node.*\..*\..*/ REJECT Kill yourself about the wall > > /.*klimatstroy.*/ REJECT Kill yourself about the wall > > /.*dynamic.*/ REJECT Kill yourself about the wall > > /.*broadband.*/ REJECT Kill yourself about the wall > > /.*\.rr\.com/ REJECT Kill yourself about the wall > > /.*dhcp.*/ REJECT Kill yourself about the wall > > /.*dnxk\.com.*/ REJECT Kill yourself about the wall > > /.*orange\.fr/ REJECT Kill yourself about the wall > > /.*net-streams\.fr/ REJECT Kill yourself about the wall > > /.*charter\.com/ REJECT Kill yourself about the wall > > /.*outblaze\.com/ REJECT Kill yourself about the wall > > > All restrictions is: > > smtpd_recipient_restrictions = > > #recipient > > permit_mynetworks, > > reject_non_fqdn_recipient, > > reject_unknown_recipient_domain, > > regexp:/etc/postfix/recipient_check_regex, > > #client > > check_client_access regexp:/etc/postfix/servers_check_regex, > > reject_unauth_destination, > > reject_invalid_hostname, > > reject_unauth_pipelining, > > reject_rbl_client list.dsbl.org, > > reject_rbl_client bl.spamcop.net, > > #sender > > check_sender_access regexp:/etc/postfix/sender_rest_regexp, > > check_policy_service inet:127.0.0.1:139, > > reject_non_fqdn_sender, > > reject_unknown_sender_domain, > > reject_unverified_sender > > > It may be useful. And it realy works!
From: joe on 8 Jun 2007 13:44
got it very easy but no so ovious just black list emails like john(a)somedomain.com or the whole domain after the sas auth in the senders policy smtpd_sender_restrictions = permit_sasl_authenticated,permit_mynetworks,check_client_access hash:/etc/postfix/spoof_access,check_sender_access hash:/etc/postfix/ spoof_access |