On 16.08.24 10:45, Wesley via Postfix-users wrote:
Today one of our users got a lot of messages (100k at least) from three sender
domains. I doubt they were DoS to the recepient.
The logs seem like (after rejection was setup):
Aug 16 18:37:10 mx postfix/smtpd[40673]: NOQUEUE: reject: RCPT from
ba-bja.cloudflare-email.net[104.30.10.190]: 554 5.7.1 <cfbounces+ndrd...@targitt.com>: Sender
address rejected: Access denied; from=<cfbounces+ndrd...@targitt.com> to=<*@*.com>
proto=ESMTP helo=<ba-bja.cloudflare-email.net>
All those messages are forwarded by cloudflare via their Email Routing function.
I can't reject CF's ip addresses certainly. But thanks to postfix, I can reject
the specified domains like this kind of configuration:
smtpd_sender_restrictions = inline:{
{ example.com = reject }
{ other.example = reject} }
This works perfect for me.
BTW, as the sample above, does it reject sub.example.com domain as well?
only if your parent_domain_matches_subdomains contains "smtpd_access_maps".
I recommend you not putting it there and if you need it, use ".example.com"
instead.
http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org