Solved

Block sender e-mail address in Postfix

Posted on 2016-11-05
4
100 Views
Last Modified: 2016-11-09
Good day,
I use an ISP Config Postfix mail server. How do a block a specific spammer's e-mail address or domain to not be able to send mails through this server?  

I read through forums and tried the following. I've added this line in the main.cf file:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/rbl_blacklist

And I've added the following line in the rbl_blacklist file:

grv.co.za REJECT

This domain can still send mail / spam through my server.
0
Comment
Question by:Pieter Lategan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 27

Expert Comment

by:Dr. Klahn
ID: 41875628
It is tougher than it looks to do this.

Postfix authenticates based on the contents of the HELO / EHLO and the MAIL FROM fields.  This would be fine if the contents of those fields are truthful, but they don't have to be, and Postfix doesn't reverse authenticate them for various good reasons -- see next para.

Suppose a spammer is sitting on a rented server from bogus-servers.com.  His domain is spammer.org, and the DNS for spammer.org points to his rented server.  Reverse DNS lookup on his IP address will resolve to his server provider's domain, not to him.  And this is true for many, many legitimate systems.  It is also common for a system to authenticate with "smtp.somewhere.com" and find the RDNS is actually something like "smtp-outgoing-3.somewhere.com."  Should that email be rejected because the RDNS does not match?  Probably not.

Now here comes the spammer to our mail server.  He says HELO bucknaked.com.  That's not who he is, but Postfix, not having done a DNS or RDNS lookup, assumes that bucknaked.com is a valid domain sitting on that IP address and says OK.

The spammer follows up with MAIL FROM: spambuddy@fiddlesticks.org.  That's not who he is either, but Postfix is happy to receive it.

In neither case did the spammer provide valid information, but Postfix received the mail anyway.

Doing HELO and MAIL FROM inspection in Postfix with the sender_checks file and access_helo files catches the dull, pedestrian spammers.  But the only way to be 100% sure that no unwanted email comes in is to look at the offender's IP address in the Postfix log and block it.
1
 
LVL 78

Expert Comment

by:arnold
ID: 41875656
Look at your mynetwork definition these will define who can send through your server meaning relay a message not destined to a donain your server services.

Did you run the postconf to hash the rbl_blacklist?
rbl_blacklist.db?

Postfix has a test query where you can test your entry would work as you expect.
0
 
LVL 27

Accepted Solution

by:
Dr. Klahn earned 500 total points
ID: 41875658
Side note:  This is (a part of) how I have my Postfix configured.

smtpd_sender_restrictions =
  permit_mynetworks,
  check_sender_access regexp:/etc/postfix/sender_checks,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  permit

Open in new window


Note that check_sender_access is a regexp, not a hashed file.  This is simpler to maintain.  There's no need to re-hash the file on a change.  Just restart Postfix to load the new sender_checks.

And the contents of sender_checks:

#
#       Postfix configuration file for MAIL FROM: checking
#

# REJECTIONS BLACKLIST

/^$/                                    550 Missing sender

# Disreputable TLDs

/\.internal$/                           550 Disreputable TLD
/\.stream$/                             550 Disreputable TLD
/\.top$/                                550 Disreputable TLD
/\.vip$/                                550 Disreputable TLD

# Disreputable domains

/instagram\.com$/                       550 Instagram is blacklisted.  Send from another site.
/jsheltonlaw\.com$/                     550 Blacklisted spammer
/mailfinder\.com$/                      550 Spammer
/reachforce\.com$/                      550 Spammer
/redbox\.com$/                          550 Spammer
/springcreekbarbeque\.com$/             550 Spammer

# Specific senders

/sharingservices@aol\.com$/             550 Spammer
/emkoser@gmail\.com$/                   550 Spammer
/mwd@cgsarchiving\.com$/                  550 Spammer
/standardloans@financier\.com$/           550 Spammer
/floodservice@jabme.de$/                        550 Spammer
/test@live\.com$/                         550 Spammer
/info@maxtren\.com$/                      550 Spammer
/test@megapath.net$/                    550 Spammer
/security@review.org$/                  550 Spammer

Open in new window


But blocking using iptables is the only sure fix.  And it keeps the logs clean.
1
 
LVL 78

Expert Comment

by:arnold
ID: 41875694
Iptables blocks IPs, it can not block domains.

The postfix sender is the default and is likely what the setup is.
The question deals with dynamically adding senders to be blocked from sending to their recipients, the hash, type table is useful, the reject might not be the right option, try deny

Check the mechanism and entry to see whether it behaves as you expect
.domain
*@domain might be more apt.
Try adding rbl checks that would reject senders based on their ip origin see mxtoolbox.com/blacklists
There are several there that you can use since the domain used in spam mailings are different and relying that all spam is from a domain is in correct.
You could look at using a milter that will be using spamassassin to check the incoming message is not likely spam before accepting/the message into its queue for delivery to local user.
Be cautious as a milter applies to every incoming message.
1

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question