On Tue, 13 Mar 2018 23:35:01 -0400 "Bill Cole" <postfixlists-070...@billmail.scconsult.com> wrote:
> On 13 Mar 2018, at 22:51 (-0400), li...@lazygranch.com wrote: > > > I'm getting hit every 10 minutes from this spammer. As you can see > > I am > > rejecting the message. I wonder if the offending email server > > doesn't know the message is being rejected? > > It's not being rejected, it's being deferred. > > > Mar 13 23:28:58 centos-1gb-sfo1-01 postfix/smtpd: NOQUEUE: > > reject: RCPT from unknown[22.214.171.124]: 450 4.7.1 Client host > > rejected: cannot find your reverse hostname, [126.96.36.199]; > > from=<sale...@tradepro.net> to=<li...@lazygranch.com> proto=ESMTP > > helo=<mail.port25.com> > > A '450' response code is explicitly telling the client to try again > later. > > If you are using reject_unknown_reverse_client_hostname, it is mostly > safe to set unknown_client_reject_code to '550' instead of the > default '450' but if you are using reject_unknown_client_hostname > (which is unsafe for most sites) you should not. > > OR: if you don't get any legitimate mail from Hunan, Chongqing, or > Hong Kong you can probably safely block 188.8.131.52/12 from talking > at all to your SMTP port (or just the /13 to limit it to Hunan.) > I knew it had to be something stupid I was doing since the spammers behaved when blocked by the RBLs. I am using reject_unknown_reverse_client_hostname, so I set the code to 550 as you indicated and will see how that works. It also now occurs to me that the MX Tools website can be use to see what annoying IP or host can be blocked by a particular RBL. I've obviously used the MX Tools blacklist checker for my own domains and IP, but not for other servers. The offending IP is on eight blocking lists. Thanks all.