Solved

Block sender e-mail address in Postfix

Posted on 2016-11-05
4
36 Views
Last Modified: 2016-11-09
Good day,
I use an ISP Config Postfix mail server. How do a block a specific spammer's e-mail address or domain to not be able to send mails through this server?  

I read through forums and tried the following. I've added this line in the main.cf file:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/rbl_blacklist

And I've added the following line in the rbl_blacklist file:

grv.co.za REJECT

This domain can still send mail / spam through my server.
0
Comment
Question by:Pieter Lategan
  • 2
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Dr. Klahn
Comment Utility
It is tougher than it looks to do this.

Postfix authenticates based on the contents of the HELO / EHLO and the MAIL FROM fields.  This would be fine if the contents of those fields are truthful, but they don't have to be, and Postfix doesn't reverse authenticate them for various good reasons -- see next para.

Suppose a spammer is sitting on a rented server from bogus-servers.com.  His domain is spammer.org, and the DNS for spammer.org points to his rented server.  Reverse DNS lookup on his IP address will resolve to his server provider's domain, not to him.  And this is true for many, many legitimate systems.  It is also common for a system to authenticate with "smtp.somewhere.com" and find the RDNS is actually something like "smtp-outgoing-3.somewhere.com."  Should that email be rejected because the RDNS does not match?  Probably not.

Now here comes the spammer to our mail server.  He says HELO bucknaked.com.  That's not who he is, but Postfix, not having done a DNS or RDNS lookup, assumes that bucknaked.com is a valid domain sitting on that IP address and says OK.

The spammer follows up with MAIL FROM: spambuddy@fiddlesticks.org.  That's not who he is either, but Postfix is happy to receive it.

In neither case did the spammer provide valid information, but Postfix received the mail anyway.

Doing HELO and MAIL FROM inspection in Postfix with the sender_checks file and access_helo files catches the dull, pedestrian spammers.  But the only way to be 100% sure that no unwanted email comes in is to look at the offender's IP address in the Postfix log and block it.
1
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Look at your mynetwork definition these will define who can send through your server meaning relay a message not destined to a donain your server services.

Did you run the postconf to hash the rbl_blacklist?
rbl_blacklist.db?

Postfix has a test query where you can test your entry would work as you expect.
0
 
LVL 23

Accepted Solution

by:
Dr. Klahn earned 500 total points
Comment Utility
Side note:  This is (a part of) how I have my Postfix configured.

smtpd_sender_restrictions =
  permit_mynetworks,
  check_sender_access regexp:/etc/postfix/sender_checks,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  permit

Open in new window


Note that check_sender_access is a regexp, not a hashed file.  This is simpler to maintain.  There's no need to re-hash the file on a change.  Just restart Postfix to load the new sender_checks.

And the contents of sender_checks:

#
#       Postfix configuration file for MAIL FROM: checking
#

# REJECTIONS BLACKLIST

/^$/                                    550 Missing sender

# Disreputable TLDs

/\.internal$/                           550 Disreputable TLD
/\.stream$/                             550 Disreputable TLD
/\.top$/                                550 Disreputable TLD
/\.vip$/                                550 Disreputable TLD

# Disreputable domains

/instagram\.com$/                       550 Instagram is blacklisted.  Send from another site.
/jsheltonlaw\.com$/                     550 Blacklisted spammer
/mailfinder\.com$/                      550 Spammer
/reachforce\.com$/                      550 Spammer
/redbox\.com$/                          550 Spammer
/springcreekbarbeque\.com$/             550 Spammer

# Specific senders

/sharingservices@aol\.com$/             550 Spammer
/emkoser@gmail\.com$/                   550 Spammer
/mwd@cgsarchiving\.com$/                  550 Spammer
/standardloans@financier\.com$/           550 Spammer
/floodservice@jabme.de$/                        550 Spammer
/test@live\.com$/                         550 Spammer
/info@maxtren\.com$/                      550 Spammer
/test@megapath.net$/                    550 Spammer
/security@review.org$/                  550 Spammer

Open in new window


But blocking using iptables is the only sure fix.  And it keeps the logs clean.
1
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Iptables blocks IPs, it can not block domains.

The postfix sender is the default and is likely what the setup is.
The question deals with dynamically adding senders to be blocked from sending to their recipients, the hash, type table is useful, the reject might not be the right option, try deny

Check the mechanism and entry to see whether it behaves as you expect
.domain
*@domain might be more apt.
Try adding rbl checks that would reject senders based on their ip origin see mxtoolbox.com/blacklists
There are several there that you can use since the domain used in spam mailings are different and relying that all spam is from a domain is in correct.
You could look at using a milter that will be using spamassassin to check the incoming message is not likely spam before accepting/the message into its queue for delivery to local user.
Be cautious as a milter applies to every incoming message.
1

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now