how to deny mail from specific domain

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

how to deny mail from specific domain

Aggelos-2
I want to deny incoming mail from domain blu0.hotmail.com.

I have put in /etc/postfix/sender_access the following line:
blu0.hotmail.com        554 Spam is not welcome

and then I run
postmap /etc/postfix/sender_access

and
postfix reload

Is that enough?
Reply | Threaded
Open this post in threaded view
|

Re: how to deny mail from specific domain

/dev/rob0
Ahh, someone here today with a Postfix question, not a Cisco one! ;)

On Mon, Feb 15, 2010 at 12:57:40PM +0200, Aggelos wrote:
> I want to deny incoming mail from domain blu0.hotmail.com.

"From domain" means what? Sender [hidden email] ?

> I have put in /etc/postfix/sender_access the following line:
> blu0.hotmail.com        554 Spam is not welcome
>
> and then I run
> postmap /etc/postfix/sender_access

Is there something magical about this /etc/postfix/sender_access
filename that you are not telling us?

> and
> postfix reload
>
> Is that enough?

Not even close.

You must first understand how Postfix smtpd(8) access restrictions
work. See: http://www.postfix.org/SMTPD_ACCESS_README.html
as a starting point.

Since the text of your rejection implies that spam is the problem
you're trying to address, you really need to understand more about
spam and spammers, too. Here is a good overview:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: how to deny mail from specific domain

Aggelos-2
on 02/15/2010 02:44 PM /dev/rob0 wrote the following:
> Ahh, someone here today with a Postfix question, not a Cisco one! ;)
>
> On Mon, Feb 15, 2010 at 12:57:40PM +0200, Aggelos wrote:
>> I want to deny incoming mail from domain blu0.hotmail.com.
>
> "From domain" means what? Sender [hidden email] ?

Actually I want to deny all mail that has in the source something like
the following:

Received: from blu0-omc1-s16.blu0.hotmail.com


>
>> I have put in /etc/postfix/sender_access the following line:
>> blu0.hotmail.com        554 Spam is not welcome
>>
>> and then I run
>> postmap /etc/postfix/sender_access
>
> Is there something magical about this /etc/postfix/sender_access
> filename that you are not telling us?
>
>> and
>> postfix reload
>>
>> Is that enough?
>
> Not even close.
>
> You must first understand how Postfix smtpd(8) access restrictions
> work. See: http://www.postfix.org/SMTPD_ACCESS_README.html
> as a starting point.
>
> Since the text of your rejection implies that spam is the problem
> you're trying to address, you really need to understand more about
> spam and spammers, too. Here is a good overview:
> http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

Here is what I have at the end of the main.cf :


allow_percent_hack = no
body_checks = regexp:/etc/postfix/body_checks
config_directory = /etc/postfix
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
smtpd_helo_required = yes

smtpd_recipient_restrictions = permit_mynetworks,
    reject_unauth_destination,
    reject_unknown_recipient_domain,
    check_sender_access hash:/etc/postfix/sender_access,
    check_helo_access hash:/etc/postfix/helo_access,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_unknown_hostname,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_non_fqdn_recipient,
    reject_unauth_pipelining,
    check_client_access hash:/etc/postfix/client_access,
    reject_unknown_client,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client dnsbl.njabl.org,
    reject_rbl_client dnsbl.sorbs.net
strict_rfc821_envelopes = yes
swap_bangpath = no
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unlisted_recipient_reject_code = 554

Reply | Threaded
Open this post in threaded view
|

Re: how to deny mail from specific domain

Aggelos-2
I get fake sender (blizzard.com) mails like so:

From - Mon Feb 15 12:36:41 2010
X-Account-Key: account19
X-UIDL: af3fd81a824190cb
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:

Return-Path: <[hidden email]>
X-Original-To: <[hidden email]>
Delivered-To: <[hidden email]>
Received: from blu0-omc1-s16.blu0.hotmail.com
(blu0-omc1-s16.blu0.hotmail.com [65.55.116.27])
        by <mysmpt.my.domain.org> (Postfix) with ESMTP id 33C04FB9D
        for <[hidden email]>; Mon, 15 Feb 2010 12:14:49 +0200 (EET)
Received: from BLU0-SMTP25 ([65.55.116.9]) by
blu0-omc1-s16.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
         Mon, 15 Feb 2010 02:14:46 -0800
X-Originating-IP: [222.69.163.146]
X-Originating-Email: [[hidden email]]
Message-ID: <[hidden email]>
Received: from zjg ([222.69.163.146]) by BLU0-SMTP25.blu0.hotmail.com
over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
         Mon, 15 Feb 2010 02:14:45 -0800
Reply-To: <[hidden email]>
Date: Mon, 15 Feb 2010 06:18:19 +0800
From: "wowaccountadmin" <[hidden email]>
To: <[hidden email]>
Subject: World of Warcraft - Warning
X-mailer: Foxmail 6, 15, 201, 22
Mime-Version: 1.0
Content-Type: multipart/alternative;
        boundary="=====003_Dragon137305138608_====="
X-OriginalArrivalTime: 15 Feb 2010 10:14:45.0979 (UTC)
FILETIME=[B2C67AB0:01CAAE27]

This is a multi-part message in MIME format.

--=====003_Dragon137305138608_=====
Content-Type: text/plain;
        charset="utf-8"
Content-Transfer-Encoding: base64
Reply | Threaded
Open this post in threaded view
|

Re: how to deny mail from specific domain

@lbutlr
On 15-Feb-2010, at 14:41, Aggelos wrote:

>
> Return-Path: <[hidden email]>
> X-Original-To: <[hidden email]>
> Delivered-To: <[hidden email]>
> Received: from blu0-omc1-s16.blu0.hotmail.com
> (blu0-omc1-s16.blu0.hotmail.com [65.55.116.27])
> by <mysmpt.my.domain.org> (Postfix) with ESMTP id 33C04FB9D
> for <[hidden email]>; Mon, 15 Feb 2010 12:14:49 +0200 (EET)
> Received: from BLU0-SMTP25 ([65.55.116.9]) by
> blu0-omc1-s16.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
> Mon, 15 Feb 2010 02:14:46 -0800
> X-Originating-IP: [222.69.163.146]
> X-Originating-Email: [[hidden email]]
> Message-ID: <[hidden email]>
> Received: from zjg ([222.69.163.146]) by BLU0-SMTP25.blu0.hotmail.com
> over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
> Mon, 15 Feb 2010 02:14:45 -0800
> Reply-To: <[hidden email]>
> Date: Mon, 15 Feb 2010 06:18:19 +0800
> From: "wowaccountadmin" <[hidden email]>

Just as a unrelated point, forward these messages (as attachments or at least with complete headers) to [hidden email].

They DO go after these sites.

I've fed a couple of dozen to bayes and they no longer get through.

You could also do something like

uri URI_BLIZZARD /\bblizzard\.com\b/i
mimeheader MH_BLIZZARD Content-Transfer-Encoding: base64
meta SPOOF_BLIZZARD (URI_BLIZZARD && MH_BLIZZARD)
score SPOOF_BLIZZARD 1.0

(untested, but something like that)

--
'Oook?'
'I like to listen to a man who likes to talk! Whoops! Sawdust and treacle! Put that in your herring and smoke it!'
'I don't think he wants one,' said Ponder. --Lords and Ladies

Reply | Threaded
Open this post in threaded view
|

Re: how to deny mail from specific domain

@lbutlr
On 15-Feb-2010, at 14:56, LuKreme wrote:
>
> uri URI_BLIZZARD /\bblizzard\.com\b/i

Sorry, wrong list. Thought I was reading the spamassassin group.

--
Are you a lucky little lady in the city of light
Or just another lost angel?