client_access maps for smtpd_recipient_restrictions

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

client_access maps for smtpd_recipient_restrictions

Romero, Randy

Sorry to be a bother, but trying to figure out why my “client_access” rules don’t appear to be working.  For the most part I am rejecting a lot of spam, but still some is coming through, but accurately being flagged by my mail program filters.  Maybe it’s short sighted, but I would like to be able to block all non US TLD’s.   I have read various how_tos, but am curious as to why some emails are still slipping by if I’m blocking TLD’s such as .cn or .it? I’m not even sure if what I am looking to do is possible.   Much thanks in advance. 

 

 

Randy Romero

 

 

Postfix version 2.4.6

 

snippet of main.cf

 

smtpd_recipient_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject_unauth_destination,

        reject_invalid_hostname,

        reject_unauth_pipelining,

        reject_non_fqdn_sender,

        reject_unknown_sender_domain,

        reject_non_fqdn_recipient,

        reject_unknown_recipient_domain,

        check_client_access dbm:/etc/opt/csw/postfix/maps/client_access,

        check_helo_access dbm:/etc/opt/csw/postfix/maps/helo_access,

        check_sender_access dbm:/etc/opt/csw/postfix/maps/sender_access,

        check_recipient_access dbm:/etc/opt/csw/postfix/maps/recipient_access,

        reject_rhsbl_client blackhole.securitysage.com,

        reject_rhsbl_sender blackhole.securitysage.com,

        reject_rbl_client blackholes.easynet.nl,

        reject_rbl_client cbl.abuseat.org,

        reject_rbl_client proxies.blackholes.wirehub.net,

        reject_rbl_client bl.spamcop.net,

        reject_rbl_client sbl.spamhaus.org,

        reject_rbl_client opm.blitzed.org,

        reject_rbl_client dnsbl.njabl.org,

        reject_rbl_client list.dsbl.org,

        reject_rbl_client multihop.dsbl.org,

        permit

 

 

 

snippet of client_access file:

83.33.170.157    reject

.am      554 No Soup For You

.an      554 No Soup For You

.ao      554 No Soup For You

.it        554 No Soup For You

 

 

snippet of header  of email getting by:

 

Return-Path: <[hidden email]>

X-Original-To: [hidden email]

Delivered-To: [hidden email]

Received: from localhost (localhost [127.0.0.1])

        by mail.mydomain.com (Postfix) with ESMTP id CA518AC27

        for <[hidden email]>; Tue,  1 Jul 2008 07:47:38 -0400 (EDT)

X-Quarantine-ID: <EZ4UoIAQoU8J>

X-Virus-Scanned: amavisd-new at mydomain.com

X-Spam-Flag: YES

X-Spam-Score: 11.422

X-Spam-Level: ***********

X-Spam-Status: Yes, score=11.422 tagged_above=2 required=6.31

        tests=[URIBL_AB_SURBL=1.613, URIBL_BLACK=1.961, URIBL_JP_SURBL=

2.857,

        URIBL_SBL=2.468, URIBL_SC_SURBL=2.523]

Received: from mail.4way.us ([127.0.0.1])

        by localhost (mail.4way.us [127.0.0.1]) (amavisd-new, port 1002

4)

        with ESMTP id EZ4UoIAQoU8J for <[hidden email]>;

        Tue,  1 Jul 2008 07:47:33 -0400 (EDT)

Received: from host210-100-static.49-88-b.business.telecomitalia.it (ho

st210-100-static.49-88-b.business.telecomitalia.it [88.49.100.210])

        by mail.4way.us (Postfix) with ESMTP id AFD7EAC21

        for <[hidden email]>; Tue,  1 Jul 2008 07:47:26 -0400 (EDT)

To: [hidden email]

Subject: ***SPAM*** Oil prices to soar

From:   nihat <[hidden email]>

Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Date:   Tue, 1 Jul 2008 13:47:32 +0200

Message-ID: <lr.jymagfrqwejoca@Giorgio>

User-Agent: Opera Mail/9.50 (Win32)

 

Get bigger faster no problems with just these wonder pills

http://www.sizesuper.com/

 

 

 

end 

 



CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
Reply | Threaded
Open this post in threaded view
|

Re: client_access maps for smtpd_recipient_restrictions

mouss-2
Romero, Randy wrote:
> Sorry to be a bother, but trying to figure out why my "client_access" rules don't appear to be working.  For the most part I am rejecting a lot of spam, but still some is coming through, but accurately being flagged by my mail program filters.  Maybe it's short sighted, but I would like to be able to block all non US TLD's.  

This is a bit aggressive, but your server, your rules... There are safer
ways to fight spam...

>  I have read various how_tos, but am curious as to why some emails are still slipping by if I'm blocking TLD's such as .cn or .it? I'm not even sure if what I am looking to do is possible.   Much thanks in advance.
>
>
> Randy Romero
>
>
> Postfix version 2.4.6
>
> snippet of main.cf
>
> smtpd_recipient_restrictions =
>         permit_mynetworks,
>         permit_sasl_authenticated,
>         reject_unauth_destination,
>         reject_invalid_hostname,
>         reject_unauth_pipelining,
>         reject_non_fqdn_sender,
>         reject_unknown_sender_domain,
>         reject_non_fqdn_recipient,
>         reject_unknown_recipient_domain,
>         check_client_access dbm:/etc/opt/csw/postfix/maps/client_access,
>         check_helo_access dbm:/etc/opt/csw/postfix/maps/helo_access,
>         check_sender_access dbm:/etc/opt/csw/postfix/maps/sender_access,
>         check_recipient_access dbm:/etc/opt/csw/postfix/maps/recipient_access,
>         reject_rhsbl_client blackhole.securitysage.com,
>         reject_rhsbl_sender blackhole.securitysage.com,
>         reject_rbl_client blackholes.easynet.nl,
>         reject_rbl_client cbl.abuseat.org,
>         reject_rbl_client proxies.blackholes.wirehub.net,
>         reject_rbl_client bl.spamcop.net,
>         reject_rbl_client sbl.spamhaus.org,
>         reject_rbl_client opm.blitzed.org,
>         reject_rbl_client dnsbl.njabl.org,
>         reject_rbl_client list.dsbl.org,
>         reject_rbl_client multihop.dsbl.org,
>         permit
>
>  


1- Please show the output of 'postconf -n' instead of main.cf snippets

2- please take the time to check that the DNSBLs you are queriying are
still active.
    http://spamlinks.net/filter-dnsbl-dead.htm

3- consider using zen.spamhaus.org. it is more effective and safer than
your "blcok non us tld" strategy.


> snippet of client_access file:
> 83.33.170.157    reject
> .am      554 No Soup For You
> .an      554 No Soup For You
> .ao      554 No Soup For You
> .it        554 No Soup For You
>
>  

without 'postconf -n' output, we cannot tell if this is ever used.

> snippet of header  of email getting by:
>  

please show the logs instead of messages.

> Return-Path: <[hidden email]>
> X-Original-To: [hidden email]
> Delivered-To: [hidden email]
> Received: from localhost (localhost [127.0.0.1])
>         by mail.mydomain.com (Postfix) with ESMTP id CA518AC27
>         for <[hidden email]>; Tue,  1 Jul 2008 07:47:38 -0400 (EDT)
> X-Quarantine-ID: <EZ4UoIAQoU8J>
> X-Virus-Scanned: amavisd-new at mydomain.com
> X-Spam-Flag: YES
> X-Spam-Score: 11.422
> X-Spam-Level: ***********
> X-Spam-Status: Yes, score=11.422 tagged_above=2 required=6.31
>         tests=[URIBL_AB_SURBL=1.613, URIBL_BLACK=1.961, URIBL_JP_SURBL=
> 2.857,
>         URIBL_SBL=2.468, URIBL_SC_SURBL=2.523]
> Received: from mail.4way.us ([127.0.0.1])
>         by localhost (mail.4way.us [127.0.0.1]) (amavisd-new, port 1002
> 4)
>         with ESMTP id EZ4UoIAQoU8J for <[hidden email]>;
>         Tue,  1 Jul 2008 07:47:33 -0400 (EDT)
> Received: from host210-100-static.49-88-b.business.telecomitalia.it (ho
> st210-100-static.49-88-b.business.telecomitalia.it [88.49.100.210])
>         by mail.4way.us (Postfix) with ESMTP id AFD7EAC21
>         for <[hidden email]>; Tue,  1 Jul 2008 07:47:26 -0400 (EDT)
> To: [hidden email]
> Subject: ***SPAM*** Oil prices to soar
> From:   nihat <[hidden email]>
> Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Date:   Tue, 1 Jul 2008 13:47:32 +0200
> Message-ID: <lr.jymagfrqwejoca@Giorgio>
> User-Agent: Opera Mail/9.50 (Win32)
>
> Get bigger faster no problems with just these wonder pills
> http://www.sizesuper.com/
>
>
>
> end
>
>
> ________________________________
> CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
>
>