|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RES: smtpd_sender_restrictions
From: Carlos Eduardo R. L. de Miranda (cerlm
hotmail.com)
Date: Fri Dec 01 2006 - 06:03:42 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thank you Tonni for all your information. I know that my approach is not the
best but it is what I can do in no time and stop most of the spam that we
are getting every hour.
Another question:
Using REJECT is generating lots of traffic replaing the rejection to the
sender and soon we will be RBLed. How can I avoid the server replay? I tried
DISCARD and it didn't work.
Thank you,
Carlos
> -----Mensagem original-----
> De: owner-postfix-userspostfix.org [mailto:owner-postfix-
> userspostfix.org] Em nome de Tony Earnshaw
> Enviada em: sexta-feira, 1 de dezembro de 2006 06:20
> Cc: postfix-userspostfix.org
> Assunto: Re: smtpd_sender_restrictions
>
> Carlos Eduardo R. L. de Miranda wrote:
>
> > Our server is receiving lots of spam messages from servers with Russian
> > domain.
> > I would like to block every message from Russian domains.
> >
> > Postfix 2.3.3 - Fedora Core 6
> >
> > main.cf
> > smtpd_sender_restrictions = check_sender_access
> hash:/etc/postfix/sender,
> > reject_non_fqdn_sender, reject_unknown_sender_domain
> >
> > sender file:
> > /.**\.ru$/ REJECT text message
>
> The above is wrong and obviously won't block anything from anyone. Do
> you see why? Look again!
>
> This will work (tested with pcretest):
> /^.+.+\.ru$/
>
> > Command: postmap /etc/postfix/sender
> > Service postfix reload
>
> This is a PCRE regexp, don't postmap regexp maps.
>
> What you're proposing to do is fundamentally flawed. A lot of
> Israeli/French/US/BR/you name it bots send spam with .ru tlds in the
> envelope sender data and a lot of Russian bots and spammers send with
> non-Russian tlds. The only possible way to target Russian spammers
> (which this site actively does) is to note the IP number of EACH and
> EVERY spam message that comes in, go to a good whois database (we use
> http://lacnic.net/cgi-bin/lacnic/whois?lg=EN because it's very fast and
> caches all data from RIPE, APNIC, AFRINIC - everywhere) and block IP
> ranges. It'll take you months to build up a good database, but slowly it
> will begin to work and give you much pleasure. An alternative is to
> download a list of all netblocks allocated to Russia from some source (I
> wouldn't know which) and block all of those. But I'd never do that, I
> only block subnets that have actively sent spam to this site - and I
> have multitudes more blocked subnets from other countries than Russia.
>
> > It is no working. The *.ru domains are accepted and delivered to user.
>
> Because you're not blocking them. Don't go this way, anyway ...
>
> > Adding "reject" ending the smtpd_sender_restrictions, is not working
> either.
> > Every message is rejected regardless it origin.
>
> --Tonni
>
> --
> Tonni Earnshaw
> tonni barlaeus.nl
_____
avast! Antivirus <http://www.avast.com> : Outbound message clean.
Virus Database (VPS): 0652-5, 01/12/2006
Tested on: 1/12/2006 09:03:42
avast! - copyright (c) 2000-2006 ALWIL Software.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]