On 2024-07-30 at 15:28:58 UTC-0400 (Tue, 30 Jul 2024 15:28:58 -0400)
John Thorvald Wodder II via Postfix-users <jwod...@gmail.com>
is rumored to have said:
(I previously posted this request for help on ServerFault but got no
responses, so I'm hoping the official Postfix mailing list will go
better.)
This has always been a better resource, and with the whole StackExchange
world now selling their data to feed LLMs, many have stopped
contributing. It has been reported that users who tried to delete their
past contributions to escape the pseudo-AI maw had their accounts
locked.
Of course, I'm sure this list is also being ingested by that beast via
its many archive sites.
I have an Ubuntu 22.04 cloud VM with Postfix 3.6.4-1ubuntu1.3
installed that I largely use for receiving e-mails sent to addresses
at my personal domain that I provide when signing up for
less-important website accounts. In the past few months, one of these
addresses has been receiving too many unsolicited e-mails from the
same domain that are managing to get through the server's basic spam
defenses. I would like to block these e-mails at the Postfix level,
and I thought I set things up properly, but the e-mails are still
coming through.
The "From" addresses for the spam e-mails all share the same domain
— here "stupidspammers.example" — and they are all sent (per both
the "Received:" headers and the mail logs) from a subdomain of
"spamgateway.nil".
I tried to block the e-mails as follows:
1. I created /etc/postfix/access with the following contents:
stupidspammers.example REJECT
2. I ran `sudo postmap hash:/etc/postfix/access`
3. I added the line "smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/access" to /etc/postfix/main.cf
4. I restarted Postfix with `sudo systemctl restart postfix`
That would be the working solution IF the 'stupidspammers.example'
domain name was used for the SMTP envelope sender. If it is only in the
From header, Postfix won't see that as the sender. Postfix can filter
individual headers with header_checks but that mechanism is very
simplistic.
Minimally redacted logs and samples (headers only) would illuminate the
issue. There is no valid reason to "protect" spammer resources like
domain names and client IPs by replacing them with garbage. Real FACTS
are much better. There is normally nothing in Postfix's logs that needs
redaction except for your own local recipient addresses.
When this setup proved insufficient, I changed the contents of
/etc/postfix/access to "spamgateway.nil REJECT" and repeated steps 2 &
4.
But why did you do that that? We do not know. We don't know where you're
getting those fake names...
If the SMTP client connecting to you has a DNS-verifiable hostname, you
can use that in a map with check_client_access. If it uses a specific
HELO name, you can use a map with check_helo_access. The
check_sender_access directive ONLY checks the envelope sender (the MAIL
FROM argument in SMTP.)
All of this is in the documentation. 'man 5 postconf' will provide most
of the details and the various README files included in the distribution
cover many specific topics more coherently than the giant man page.
The e-mails still kept coming through, so I tried adding the line
".spamgateway.nil REJECT" (with a leading period), but that didn't
help either. I can't figure out what I'm doing wrong.
Logs and samples would help...
For the record, my /etc/postfix/main.cf (with some details removed)
is:
The output of 'postconf -nf' would be easier to analyze, as it only
includes non-defaults and formats nicely.
However, I did not see anything definitively bad in your config, but it
is hard to know what is going wrong as you've replaced domain names in
your description with garbage and not supplied logs or spam samples
which would explain where you got the domains you're actually using to
filter. All I can do is shrug and say "I guess you did it wrong."
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
