|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
terry.gilsenan
interoil.com
Date: Tue Jan 01 2008 - 20:27:18 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
vg_ushotmail.com wrote:
>
> ----- Original Message ----- From: <terry.gilsenaninteroil.com>
> Cc: <postfix-userspostfix.org>
> Sent: Tuesday, January 01, 2008 9:08 PM
> Subject: Re: being mailbombed..or something
>
>
>> Matthias Schmidt wrote:
>>> Am/On Tue, 1 Jan 2008 20:45:37 -0500 schrieb/wrote Terry Carmen:
>>>
>>>
>>>>>>> 1 merloptlqsixcompanies.com (<>)
>>>>>>> 1 Mikhail-Rowensixcompanies.com (<>)
>>>>>>> 1 Miu_Connollysixcompanies.com (<>)
>>>>>>> 1 Natorywasixcompanies.com (<>)
>>>>>>> (tons and tons of these)
>>>>>>>
>>>>>> Backscatter. Joe-job.
>>>>>>
>>>>> I don't think so.
>>>>> imho it is a bot-net spam-attack.
>>>>>
>>>> Bots are pretty easy to kill. You can refuse to talk to them by
>>>> matching their reverse DNS against a regular expression.
>>>>
>>>> This has also been a huge help.
>>>>
>>>> There's just no reason to accept mail from a Dynamic IP or an IP
>>>> with no reverse DNS, so blocking them cuts WAY down on bots. I
>>>> can't take credit for the list. Most of it was written by someone
>>>> else (sorry, don't remember who). I added the last handful of entries.
>>>>
>>>> Save the text below as spam_ip_regex, and add:
>>>>
>>>> check_client_access regexp:/etc/postfix/spam_ip_regex
>>>>
>>>> and
>>>>
>>>> reject_unknown_reverse_client_hostname
>>>>
>>>> to your smtpd_client_restrictions section.
>>>>
>>>> Postfix can handle a ton of traffic when all it has to do is
>>>> reject. 8-)
>>>>
>>>> Terry
>>>>
>>>>
>>>>
>>>> ####################################################33
>>>> /^dsl.*\..*\..*/i 553 AUTO_DSL Email
>>>> Rejected.
>>>> /[ax]dsl.*\..*\..*/i 553 AUTO_XDSL Email
>>>> Rejected.
>>>> /client.*\..*\..*/i 553 AUTO_CLIENT Email
>>>> Rejected.
>>>> /cable.*\..*\..*/i 553 AUTO_CABLE Email
>>>> Rejected.
>>>> /dial.*\..*\..*/i 553 AUTO_DIAL Email
>>>> Rejected.
>>>> /.*dial[\-]*in.*/i 553 AUTO_DIAL2 Email
>>>> Rejected.
>>>> /ppp.*\..*\..*/i 553 AUTO_PPP Email
>>>> Rejected.
>>>> /dslam.*\..*\..*/i 553 AUTO_DSLAM Email
>>>> Rejected.
>>>> /node.*\..*\..*/i 553 AUTO_NODE Email
>>>> Rejected.
>>>> /.*dial-up.*/i 553
>>>> AUTO_DIAL_UP_ID_PATTERN Email Rejected.
>>>> /.*\.dhcp.*/i 553 AUTO_DHCP_ID_PATTERN
>>>> Email Rejected.
>>>> /.*[0-9]+[\.-][0-9]+[\.-][0-9]+[\.-][0-9]+[\.-]+.*/i 553
>>>> AUTO_DYNAMIC_ID_PATTERN_DOT_DASH Email Rejected.
>>>> /.*[0-9]+[\.-]net[\.-][0-9]+[\.-][0-9]+[\.-][0-9]+[\.-]+.*/i
>>>> 553 AUTO_DYNAMIC_ID_PATTERN_DOT_DASH_NET Email Rejected.
>>>> /.*[0-9]+-[0-9]+-[0-9]+-[0-9]+\..*/i 553
>>>> AUTO_DYNAMIC_ID_PATTERN_DASHES Email Rejected.
>>>> /.*internetdsl.tpnet.pl/i 553
>>>> AUTO_PL_DSL_PATTERN Email Rejected.
>>>> /.*\.cable.net.co\..*/i 553 AUTO_CABLE_DOT_NET
>>>> Email Rejected.
>>>> /.*dynamic.*/i 553 AUTO_DYNAMIC_PATTERN
>>>> Email Rejected.
>>>> /.*ppp.*/i 553 AUTO_PPP_PATTERN Email
>>>> Rejected.
>>>> /.*user.*/i 553 AUTO_USER_PATTERN Email
>>>> Rejected.
>>>>
>>>>
>>>
>>>
>>> with these rules you might also reject legal eMails from servers
>>> running
>>> via dyndns, or?
>>>
>> <snip>
>>
>> Surely that would depend entirely on the recipients interpretation of
>> "legal eMails", eg: my server, my rules.
>>
>> I am of the opinion that people on dynamic connections should ether
>> be relaying emails via their ISP's SmartHost, or connecting to the
>> submission port and authenticating (method not discussed here). Its
>> one or the other.
>>
>> Regards,
>> T
>>
>
> your server, your rules? say "hi" to aol and hotmail, my friend.
*<blink>*
If I want to send email to aol or hotmail, then I need to play by their
rules, if they want to send email to me, then they will play by my
rules. My MX currently accepts about 500k legit emails / day, and
rejects several million connection/delivery attempts / day using various
rules, and DNSBL's etc.
My users appreciate having _useful_ email, and many of the users have
never yet rec'd a single spam. I am somewhat draconian, and the users
know that I am approachable if they suspect a false positive, and on
several occasions I have added temporary manual white-listing, whils at
the same time assisting to educate the sender (or their ISP) in getting
their MTA "fixed"
So I say again, my server, my rules.
Regards,
T
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]