>I had a dictionary attack this morning and had to remove about 150k >emails with "hi how are you" in the header
where were they, in IMGate or in the mailbox server? >coming from a swbell dsl >client in St.Louis I think These DSL lines are capable of stupendous volumes, and ime, the DSL network providers don't care. That's why I was posting a couple weeks some ideas about regexp for blocking all MTA's that had PTR's with (dsl|cust|pool|dial|...) in them. >. They were all from a random hotmail.com >account. ... then SAV would have rejected every one of them. >Jan 28 07:14:39 scooter postfix/smtpd[21983]: 7B9517BCA5: >client=adsl-65-71-214-5.dsl.stlsmo.swbell.net[65.71.214.5] > >Now I'm trying to "close the barn door". I have a file: >account_control.map that has my valid clients in it like this: > >grep internetworks.net account_control.map > >[EMAIL PROTECTED] OK >[EMAIL PROTECTED] OK >[EMAIL PROTECTED] OK >[EMAIL PROTECTED] OK >[EMAIL PROTECTED] OK and you need this one: #else internetworks.net 553 ACL account_control or in my style #else internetworks.net 553 ACL to_recipients_known recipient is unknown user >in main.cf I have: > >smtpd_recipient_restrictions = > reject_unauth_pipelining, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > hash:/etc/postfix/account_control.map, <<<<<<<<<<<< ... is how to do it in pre-2.0, and this line has to be the penultimate restriction: reject_rbl_client, hash:/etc/postfix/account_control.map, <<<<<<<<<<<< reject Otherwise, as soon as it matches in your position, all other checks are skipped (first match wins) But in postfix 2.0, there is new way that allows one, finally!, to have, as the very first restriction: if not a known user, then reject. else <all other restrictions>, permit see the recently updated: http://www.postfix.org/uce.html#smtpd_recipient_restrictions >grep [EMAIL PROTECTED] account_control.map >yields nothing... egrep -i "Reyne\@internetworks\.net" /path/to/account_control.map and more importantly: postmap -q "[EMAIL PROTECTED]" hash:/path/to/account_control.map and check the #else postmap -q "[EMAIL PROTECTED]" hash:/path/to/account_control.map > ( besides haveing shut off SAV last night) :(( >SAV would have stopped this in it's tracks. yep >Also, I used this script to clear my queue based on the header. thanks. Len
