Block spam messages to Unknown receiver

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Block spam messages to Unknown receiver

Eugene Podshivalov
Hi,
Is there a way to block spam messages like this?
Probably "receiver=<UNKNOWN>" spf param might be the clue.
postfix/smtpd[15571]: connect from a.benient.com[198.144.154.163]
postfix/smtpd[15571]: Anonymous TLS connection established from a.benient.com[198.144.154.163]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
policyd-spf[15576]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=198.144.154.163; helo=a.benient.com; envelope-from=[hidden email]; receiver=<UNKNOWN>
postfix/smtpd[15571]: A08363F55C: client=a.benient.com[198.144.154.163]
postfix/cleanup[15578]: A08363F55C: message-id=<F5ABB69D843DC3327E28B32E1F199882@twk>
opendkim[690]: A08363F55C: s=benient d=benient.com SSL
postfix/qmgr[24766]: A08363F55C: from=<[hidden email]>, size=18601, nrcpt=1 (queue active)
Thanks!

Без вирусов. www.avast.ru
Reply | Threaded
Open this post in threaded view
|

Re: Block spam messages to Unknown receiver

Matus UHLAR - fantomas
On 06.11.20 11:10, Eugene Podshivalov wrote:
>Is there a way to block spam messages like this?

how do you know it's spam?

>Probably "receiver=<UNKNOWN>" spf param might be the clue.

technically, you can configure your policy server to block such mail.
But it's likely a bad idea.

>policyd-spf[15576]: prepend Received-SPF: Pass (mailfrom)
>identity=mailfrom; client-ip=198.144.154.163; helo=a.benient.com;
>envelope-from=[hidden email]; receiver=<UNKNOWN>

read policyd-spf documentation.
It apparently did not start processing the recipient yet.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
Reply | Threaded
Open this post in threaded view
|

Re: Block spam messages to Unknown receiver

David Bürgin
In reply to this post by Eugene Podshivalov
Eugene Podshivalov:
> Is there a way to block spam messages like this?
> Probably "receiver=<UNKNOWN>" spf param might be the clue.

From RFC 7208, 9.1:

> receiver       the host name of the SPF verifier

So not what you think it is.

Ciao
Reply | Threaded
Open this post in threaded view
|

Re: Block spam messages to Unknown receiver

Benny Pedersen-2
In reply to this post by Matus UHLAR - fantomas
Matus UHLAR - fantomas skrev den 2020-11-06 09:37:

>> policyd-spf[15576]: prepend Received-SPF: Pass (mailfrom)
>> identity=mailfrom; client-ip=198.144.154.163; helo=a.benient.com;
>> envelope-from=[hidden email]; receiver=<UNKNOWN>
>
> read policyd-spf documentation.
> It apparently did not start processing the recipient yet.

policyd-spf have an option to leave out recipient email, its not a sign
of spam or not spam