On 2025-05-29 at 10:30:50 UTC-0400 (Thu, 29 May 2025 16:30:50 +0200)
Enrico Morelli via Postfix-users <more...@cerm.unifi.it>
is rumored to have said:
Dear all,
I've a lot of spam coming from xn--n1agk.095.xn--p1acf or variant of
it, but all ends with .xn--p1acf.
This host is reported when I see the full mail header as:
Received: from xn--n1agk.095.xn--p1acf (xn--n1agk.095.xn--p1acf
[213.202.247.53])
To try to stop it I added in main.cf:
smtpd_sender_restrictions = check_sender_access
regexp:/etc/postfix/sender_access_regexp
.
To block based on clien t hostname or IP address you need
check_client_access.
.
In sender_access_regexp I've added:
/.*\.xn--p1acf$/ REJECT
If I test it with:
# postmap -q "xn--n1agk.095.xn--p1acf" regexp:sender_access_regexp
REJECT
The result is correct.
Indeed, and if the SMTP envelope sender address used that domain, it
would match your mail as well.
I created the db (postmap sender_access_regexp)
You DO NOT need to postmap regexp or pcre maps.
and reloaded postfix.
So why I continue to receive mail coming from the same host?
Because you are blocking based on SMTP envelope sender address rather
then SMTP client host name.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
