NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2010-06

RE: Stop spammers using outdated MX records.

From: Hal Douglas (halmrc.tas.edu.au)
Date: Fri Jun 25 2010 - 01:05:49 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sahil,

Thankyou for this, it did indeed do the trick, I've documented it on the
WWW in case anyone else has a similar need:

http://sysadministrivia.blogspot.com/2010/06/stopping-spammers-using-old
-mx-records.html

I couldn't find the answer using Google, so hopefully someone else will
be able to now.

Cheers.

-----Original Message-----
From: owner-postfix-userspostfix.org
[mailto:owner-postfix-userspostfix.org] On Behalf Of Sahil Tandon
Sent: Thursday, 24 June 2010 1:06 PM
To: postfix-userspostfix.org
Subject: Re: Stop spammers using outdated MX records.

On Thu, 2010-06-24 at 12:47:50 +1000, Hal Douglas wrote:

> Domain2.edu smtp:[10.2.3.5]
>
> Domain2 has recently been signed up for a cloud spam scanning service,

> so our postfix host is no longer MX for this domain, the spam scanning

> service is MX and forwards mail to out postfix host. The problem I've

> encountered is that spammers don't seem to use the updated MX records,

> they still use the postfix host as if it were MX. So, what I assume I

> need to do here is tell postfix that for Domain2 only relay mail from
> the cloud spam scanning service and our networks.

My understanding is that you want to refuse mail for domain2 recipients
*unless* it originates from your network or the cloud.

> How can I do this with postfix? I've searched around these lists and
> the web in general, the best explanation I can find is this:

You could use restriction classes but that is unnecessary. Assuming the
cloud only sends mail to you for domain2, whitelist the cloud's IP
*after* reject_unauth_destination but *before*, in the same restriction
list, rejecting all mail addressed to domain2.

http://www.postfix.org/postconf.5.html#check_client_access
http://www.postfix.org/postconf.5.html#check_recipient_access
http://www.postfix.org/access.5.html

--
Sahil Tandon <sahilFreeBSD.org>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]