On 16.08.24 10:45, Wesley via Postfix-users wrote:
Today one of our users got a lot of messages (100k at least) from three sender 
domains. I doubt they were DoS to the recepient.

The logs seem like (after rejection was setup):

Aug 16 18:37:10 mx postfix/smtpd[40673]: NOQUEUE: reject: RCPT from 
ba-bja.cloudflare-email.net[104.30.10.190]: 554 5.7.1 <cfbounces+ndrd...@targitt.com>: Sender 
address rejected: Access denied; from=<cfbounces+ndrd...@targitt.com> to=<*@*.com> 
proto=ESMTP helo=<ba-bja.cloudflare-email.net>

All those messages are forwarded by cloudflare via their Email Routing function.

I can't reject CF's ip addresses certainly. But thanks to postfix, I can reject 
the specified domains like this kind of configuration:

smtpd_sender_restrictions = inline:{
 { example.com = reject }
 { other.example = reject} }

This works perfect for me.

BTW, as the sample above, does it reject sub.example.com domain as well?

only if your parent_domain_matches_subdomains contains "smtpd_access_maps". I recommend you not putting it there and if you need it, use ".example.com" instead.

http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to