Reject mails coming from mailservers whos reverse DNS resolution match a certain pattern

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Reject mails coming from mailservers whos reverse DNS resolution match a certain pattern

Thomas Glanzmann
Hello,
my bank ing-diba is using a marketing company to spam me. They have many
outgoing mail servers and I would like to block them all.

> Received: from mout-1605.artegic.net (mout-1605.artegic.net [144.76.159.198])
>         (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
>         (No client certificate requested)
>         by infra.glanzmann.de (Postfix) with ESMTPS id 379A527D0A8A
>         for <[hidden email]>; Mon,  6 Aug 2018 20:23:32 +0200 (CEST)

So basically I would like to reject email from all mailservers having a reverse
name lookup matching the pattern *.artegic.net How can I obtain that?

Cheers,
        Thomas
Reply | Threaded
Open this post in threaded view
|

Re: Reject mails coming from mailservers whos reverse DNS resolution match a certain pattern

Ansgar Wiechers
On 2018-08-26 Thomas Glanzmann wrote:

> my bank ing-diba is using a marketing company to spam me. They have many
> outgoing mail servers and I would like to block them all.
>
> > Received: from mout-1605.artegic.net (mout-1605.artegic.net [144.76.159.198])
> >         (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
> >         (No client certificate requested)
> >         by infra.glanzmann.de (Postfix) with ESMTPS id 379A527D0A8A
> >         for <[hidden email]>; Mon,  6 Aug 2018 20:23:32 +0200 (CEST)
>
> So basically I would like to reject email from all mailservers having
> a reverse name lookup matching the pattern *.artegic.net How can I
> obtain that?

Add a regular expression client restriction to your restriction list in
main.cf:

smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination
  ...
  check_client_access pcre:/etc/postfix/client_access.pcre
  ...

and define the offending domain in that file:

/\.artegic\.net$/ REJECT Not accepting mail from your domain.

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
Reply | Threaded
Open this post in threaded view
|

Re: Reject mails coming from mailservers whos reverse DNS resolution match a certain pattern

Thomas Glanzmann
Hello Ansgar,

> smtpd_recipient_restrictions =
>   ...
>   check_client_access pcre:/etc/postfix/client_access.pcre

> /\.artegic\.net$/ REJECT Not accepting mail from your domain.

thank you. I put that in my configuration. I already had
check_client_access under smtpd_client_restrictions but as hash. Thank
you for helping me block these spammers.

Cheers,
        Thomas
Reply | Threaded
Open this post in threaded view
|

Re: Reject mails coming from mailservers whos reverse DNS resolution match a certain pattern

Matus UHLAR - fantomas
In reply to this post by Ansgar Wiechers
>On 2018-08-26 Thomas Glanzmann wrote:
>> my bank ing-diba is using a marketing company to spam me. They have many
>> outgoing mail servers and I would like to block them all.
>>
>> > Received: from mout-1605.artegic.net (mout-1605.artegic.net [144.76.159.198])
>> >         (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
>> >         (No client certificate requested)
>> >         by infra.glanzmann.de (Postfix) with ESMTPS id 379A527D0A8A
>> >         for <[hidden email]>; Mon,  6 Aug 2018 20:23:32 +0200 (CEST)
>>
>> So basically I would like to reject email from all mailservers having
>> a reverse name lookup matching the pattern *.artegic.net How can I
>> obtain that?

On 26.08.18 12:04, Ansgar Wiechers wrote:

>Add a regular expression client restriction to your restriction list in
>main.cf:
>
>smtpd_recipient_restrictions =
>  ...
>  check_client_access pcre:/etc/postfix/client_access.pcre
>  ...
>and define the offending domain in that file:
>
>/\.artegic\.net$/ REJECT Not accepting mail from your domain.

for blocking .artegic.net you don't need to use pcre.
simple hash table containing ".artegic.net" would be faster.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901
Reply | Threaded
Open this post in threaded view
|

Re: Reject mails coming from mailservers whos reverse DNS resolution match a certain pattern

Thomas Glanzmann
Hello Matus,

> for blocking .artegic.net you don't need to use pcre.
> simple hash table containing ".artegic.net" would be faster.

I see. Thanks a lot.

Cheers,
        Thomas