On Thu, 29 May 2025 11:01:56 -0400 Bill Cole via Postfix-users <postfix-users@postfix.org> wrote:
> On 2025-05-29 at 10:30:50 UTC-0400 (Thu, 29 May 2025 16:30:50 +0200) > Enrico Morelli via Postfix-users <more...@cerm.unifi.it> > is rumored to have said: > > > Dear all, > > > > I've a lot of spam coming from xn--n1agk.095.xn--p1acf or variant > > of it, but all ends with .xn--p1acf. > > > > This host is reported when I see the full mail header as: > > > > Received: from xn--n1agk.095.xn--p1acf (xn--n1agk.095.xn--p1acf > > [213.202.247.53]) > > > > > > To try to stop it I added in main.cf: > > > > smtpd_sender_restrictions = check_sender_access > > regexp:/etc/postfix/sender_access_regexp > > . > > To block based on clien t hostname or IP address you need > check_client_access. Thank you. I'll try. > > . > > > > In sender_access_regexp I've added: > > /.*\.xn--p1acf$/ REJECT > > > > If I test it with: > > > > # postmap -q "xn--n1agk.095.xn--p1acf" regexp:sender_access_regexp > > REJECT > > > > The result is correct. > > Indeed, and if the SMTP envelope sender address used that domain, it > would match your mail as well. > > > > I created the db (postmap sender_access_regexp) > > You DO NOT need to postmap regexp or pcre maps. > > > and reloaded postfix. > > > > So why I continue to receive mail coming from the same host? > > Because you are blocking based on SMTP envelope sender address rather > then SMTP client host name. > > -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------ _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
