Hi all,
I just had a viagra spam from gprs4f7a24e6.pool.t-umts.hu
(gprs4f7a24e6.pool.t-umts.hu [79.122.36.230] sneak past both of my pcre
checks which should have killed it. Until today they've been working
flawlessly, or so I believe, and I have ample log entries showing
they've been working. Here are my checks, both performed via
smtpd_client_restrictions but without explicit check_client_access:
smtpd_client_restrictions =
pcre:/etc/postfix/access.pcre,
pcre:/etc/postfix/check_client_fqdn.pcre
/etc/postfix/access.pcre
/^.*?(lv|ec|id|ph|at|hu|tr|ee|pl|ro|my|co|tw|br|za|do|cz|bg|by|kr|jp|fr|cn|ru)$/i
550 We do not accept mail from .$1 domains
/etc/postfix/check_client_fqdn.pcre
/\.?(dhcp|dialup|dynamic|ppp|pool)\.?/ REJECT
Dynamic/DSL/Residential not allowed
/\.(dsl|\d+dsl|dsl\d+)\./ REJECT
Dynamic/DSL/Residential not allowed
Logs show both killing spam yesterday. check_client_fqdn.pcre has
already killed some today, but nothing killed by access.pcre yet today.
Any idea what's gone awry? Is there a way I can test the offending
FQrDNS against these two filters from the command line, with postconf or
something? What log data should I be looking for that may tell me why
pcre checks suddenly stopped working, or just didn't work on this
Hungrian Viagra connection?
Disclaimer: Please refrain from subjective comments WRT my blocking of
FQrDNS TLDs. I run a very small domain in the U.S. that will very
likely never receive legit mail from those countries, but has received
spam from them. It's a quick, easy, and effective way to block spam.
It may not be "PC" or to your liking, but please accept the fact that it
works for me.
Thanks.
--
Stan
