Domain is spam sender reject

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Domain is spam sender reject

Alex Regan
Hi,

I'm trying to understand where this message is coming from. The IP
resolves to a google address, and is blacklisted on sorbs and others,
but postscreen also says it was whitelisted here.

I'm not directly rejecting this IP on my system and also don't see
"Domain is spam" anywhere.

Can someone help me understand how this IP is being rejected?

Jan 22 05:51:11 mail03 postfix/postscreen[21814]: CONNECT from
[209.85.216.174]:39727 to [68.195.123.45]:25
Jan 22 05:51:11 mail03 postfix/postscreen[21814]: WHITELISTED
[209.85.216.174]:39727
Jan 22 05:51:11 mail03 postfix/smtpd[21852]: NOQUEUE: reject: RCPT
from mail-qt0-f174.google.com[209.85.216.174]: 554 5.7.1
<[hidden email]>: Sender address rejected: Domain is spam;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<mail-qt0-f174.google.com>
Jan 22 05:51:11 mail03 postfix/smtpd[21852]: disconnect from
mail-qt0-f174.google.com[209.85.216.174] ehlo=2 starttls=1 mail=1
rcpt=0/1 data=0/1 quit=1 commands=5/7

I have many other instances of having received mail from this IP
without incident. Is it related to this domain?

Below is my smtpd_sender_restrictions

smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/sender_checks, check_sender_access
pcre:/etc/postfix/sender_checks.pcre, check_sender_access
hash:/etc/postfix/spamsources, check_sender_access
hash:/etc/postfix/sender_access_wombat, check_sender_ns_access
hash:/etc/postfix/blacklist_ns.cf, reject_unknown_sender_domain

The spamsources file is a blacklist of domains like xyz with 500 and
blacklist_ns.cf rejects name servers like fastpark.net andd
sedoparking.com.
Reply | Threaded
Open this post in threaded view
|

Re: Domain is spam sender reject

Matus UHLAR - fantomas
On 25.01.18 09:13, Alex wrote:

>I'm trying to understand where this message is coming from. The IP
>resolves to a google address, and is blacklisted on sorbs and others,
>but postscreen also says it was whitelisted here.
>
>I'm not directly rejecting this IP on my system and also don't see
>"Domain is spam" anywhere.
>
>Can someone help me understand how this IP is being rejected?
>
>Jan 22 05:51:11 mail03 postfix/postscreen[21814]: CONNECT from
>[209.85.216.174]:39727 to [68.195.123.45]:25
>Jan 22 05:51:11 mail03 postfix/postscreen[21814]: WHITELISTED
>[209.85.216.174]:39727
>Jan 22 05:51:11 mail03 postfix/smtpd[21852]: NOQUEUE: reject: RCPT
>from mail-qt0-f174.google.com[209.85.216.174]: 554 5.7.1
><[hidden email]>: Sender address rejected: Domain is spam;
>from=<[hidden email]> to=<[hidden email]> proto=ESMTP
>helo=<mail-qt0-f174.google.com>
>Jan 22 05:51:11 mail03 postfix/smtpd[21852]: disconnect from
>mail-qt0-f174.google.com[209.85.216.174] ehlo=2 starttls=1 mail=1
>rcpt=0/1 data=0/1 quit=1 commands=5/7
>
>I have many other instances of having received mail from this IP
>without incident. Is it related to this domain?
>
>Below is my smtpd_sender_restrictions

you apparently need to send other _restrictions - the message can be
rejected in any of those.
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
Reply | Threaded
Open this post in threaded view
|

Re: Domain is spam sender reject

Alex Regan
Hi,

On Thu, Jan 25, 2018 at 9:45 AM, Matus UHLAR - fantomas
<[hidden email]> wrote:

> On 25.01.18 09:13, Alex wrote:
>>
>> I'm trying to understand where this message is coming from. The IP
>> resolves to a google address, and is blacklisted on sorbs and others,
>> but postscreen also says it was whitelisted here.
>>
>> I'm not directly rejecting this IP on my system and also don't see
>> "Domain is spam" anywhere.
>>
>> Can someone help me understand how this IP is being rejected?
>>
>> Jan 22 05:51:11 mail03 postfix/postscreen[21814]: CONNECT from
>> [209.85.216.174]:39727 to [68.195.123.45]:25
>> Jan 22 05:51:11 mail03 postfix/postscreen[21814]: WHITELISTED
>> [209.85.216.174]:39727
>> Jan 22 05:51:11 mail03 postfix/smtpd[21852]: NOQUEUE: reject: RCPT
>> from mail-qt0-f174.google.com[209.85.216.174]: 554 5.7.1
>> <[hidden email]>: Sender address rejected: Domain is spam;
>> from=<[hidden email]> to=<[hidden email]> proto=ESMTP
>> helo=<mail-qt0-f174.google.com>
>> Jan 22 05:51:11 mail03 postfix/smtpd[21852]: disconnect from
>> mail-qt0-f174.google.com[209.85.216.174] ehlo=2 starttls=1 mail=1
>> rcpt=0/1 data=0/1 quit=1 commands=5/7
>>
>> I have many other instances of having received mail from this IP
>> without incident. Is it related to this domain?
>>
>> Below is my smtpd_sender_restrictions
>
>
> you apparently need to send other _restrictions - the message can be
> rejected in any of those.

Yes, thank you, I should have included it all originally. I've
searched for '209.85' in all of the local postfix files and the only
occurrence is "209.85.128.0/17   permit" in gmail_whitelist.cidr,
updated regularly.

smtpd_recipient_restrictions =
        reject_non_fqdn_recipient,
        reject_non_fqdn_sender,
        reject_unlisted_recipient,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        reject_unauth_destination,
        reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
        reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
        reject_rhsbl_helo mykey.dbl.dq.spamhaus.net,
        check_sender_access hash:/etc/postfix/check_backscatterer,
        check_helo_access pcre:/etc/postfix/helo_checks.pcre,
        check_helo_access hash:/etc/postfix/helo_checks,
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        check_policy_service unix:private/policy-spf,
        check_policy_service inet:127.0.0.1:2501,
        check_recipient_access pcre:/etc/postfix/relay_recips_access,
        check_recipient_access pcre:/etc/postfix/recipient_checks,
        check_recipient_access pcre:/etc/postfix/relay_recip_checks,
        permit

smtpd_client_restrictions =
        permit_mynetworks,
        check_client_access hash:/etc/postfix/client_checks,
        check_reverse_client_hostname_access
pcre:/etc/postfix/fqrdns-042715a.pcre,
        check_reverse_client_hostname_access
pcre:/etc/postfix/reverse_client_hostname_access.pcre,
        check_client_access cidr:/etc/postfix/client_access_blocklist
        check_client_access cidr:/etc/postfix/ransomware-ipbl
Reply | Threaded
Open this post in threaded view
|

Re: Domain is spam sender reject

Matus UHLAR - fantomas
>> On 25.01.18 09:13, Alex wrote:
>>> Can someone help me understand how this IP is being rejected?

>>> Jan 22 05:51:11 mail03 postfix/smtpd[21852]: NOQUEUE: reject: RCPT
>>> from mail-qt0-f174.google.com[209.85.216.174]: 554 5.7.1
>>> <[hidden email]>: Sender address rejected: Domain is spam;
>>> from=<[hidden email]> to=<[hidden email]> proto=ESMTP
>>> helo=<mail-qt0-f174.google.com>

it's actually not an IP being rejected. "Sender address rejected" means
sender rejection

>On Thu, Jan 25, 2018 at 9:45 AM, Matus UHLAR - fantomas
><[hidden email]> wrote:
>> you apparently need to send other _restrictions - the message can be
>> rejected in any of those.

On 25.01.18 09:56, Alex wrote:
>Yes, thank you, I should have included it all originally. I've
>searched for '209.85' in all of the local postfix files and the only
>occurrence is "209.85.128.0/17   permit" in gmail_whitelist.cidr,
>updated regularly.
>
>smtpd_recipient_restrictions =
>        reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,

check this one

>        check_sender_access hash:/etc/postfix/check_backscatterer,

and this one.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot.
Reply | Threaded
Open this post in threaded view
|

Re: Domain is spam sender reject

Alex Regan
Hi,

On Thu, Jan 25, 2018 at 10:09 AM, Matus UHLAR - fantomas
<[hidden email]> wrote:

>>> On 25.01.18 09:13, Alex wrote:
>>>>
>>>> Can someone help me understand how this IP is being rejected?
>
>
>>>> Jan 22 05:51:11 mail03 postfix/smtpd[21852]: NOQUEUE: reject: RCPT
>>>> from mail-qt0-f174.google.com[209.85.216.174]: 554 5.7.1
>>>> <[hidden email]>: Sender address rejected: Domain is spam;
>>>> from=<[hidden email]> to=<[hidden email]> proto=ESMTP
>>>> helo=<mail-qt0-f174.google.com>
>
>
> it's actually not an IP being rejected. "Sender address rejected" means
> sender rejection

You're referring to the domain suhaskumar.com? I've been unable to
locate that anywhere on my system and it doesn't appear to be
blacklisted.

>> smtpd_recipient_restrictions =
>>        reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
>
> check this one

It's not listed on spamhaus.

>>        check_sender_access hash:/etc/postfix/check_backscatterer,
>
> and this one.

backscatterer operates on IPs, and the 209.85.216.174 isn't listed there either.
Reply | Threaded
Open this post in threaded view
|

Re: Domain is spam sender reject

Noel Jones-2
On 1/25/2018 10:11 AM, Alex wrote:
>>>>> Can someone help me understand how this IP is being rejected?
>>
>>
>>>>> Jan 22 05:51:11 mail03 postfix/smtpd[21852]: NOQUEUE: reject: RCPT
>>>>> from mail-qt0-f174.google.com[209.85.216.174]: 554 5.7.1
>>>>> <[hidden email]>: Sender address rejected: Domain is spam;
>>>>> from=<[hidden email]> to=<[hidden email]> proto=ESMTP
>>>>> helo=<mail-qt0-f174.google.com>
>>

This is almost certainly rejected with a "check_sender_access" rule.

Check all your access tables for the "Domain is spam" string.

>
>>>        check_sender_access hash:/etc/postfix/check_backscatterer,
>>
>> and this one.
>
> backscatterer operates on IPs, and the 209.85.216.174 isn't listed there either.

If this table has IPs in it, then the table isn't doing anything.
check_sender_access operates on the sender email address, not the IP.



grep -il suhaskumar  *
grep -l 'Domain is spam'  *



  -- Noel Jones