Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] Stopping spam to postmaster@ account?
  • From: Sandy Drobic <suse-linux-e@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 04 Apr 2006 23:00:20 +0200
  • Message-id: <4432DE64.8020601@xxxxxxxxxxxxxxxxxxxxxxx>
david rankin wrote:

I could also mention the restriction "reject_unknown_hostname", although only postmaster that really hate spam more than they love their wanted mail would consider to apply that restriction. (^-^)

Don't laugh, I tested it (^-^)

Okay, I won't... bwa ha ha ha!!

I considered it for about 5 minutes myself. A grep on my log for unknown clients and a check if the mail I got from that client was spam or not yielded a sufficient amount of misconfigured systems that we could not reject. I just saw that it should be "reject_unknown_client" or "reject_unknown_client_hostname" for version 2.3.

If anyone is thinking about that restriction I strongly advise to test it first with "warn_if_reject reject_unknown_hostname". That will log a warning but not actually reject the mail. You will probably find out that there are a lot of badly misconfigured "professional" mailservers. :((


Sandy, how would I modify my my main.cf and /etc/postfix/recipient_check.pcre to do this. Right now I have:

[root@bonza david]# cat /etc/postfix/recipient_check.pcre
/^support@/ REJECT
/^info@/ REJECT
/^assistance@(rbpllc\.com|rankin-bertin\.com|guillorylaw\.com|garthlawfirm\.com|drrankin\.com)$/ REJECT
/^root@/ REJECT
/^sales@/ REJECT
/^admin@/ REJECT
/^accounting@/ REJECT
/^majordomo@/ REJECT
#/^postmaster@/ REJECT (commented for testing)

postconf -n
<snip>
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/recipient_check.pcre
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
unknown_local_recipient_reject_code = 550

The easiest way would be to insert it directly behind reject_unauth_destination:

smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,

# for postfix up to version 2.2:
# warn_if_reject reject_unknown_client
# for postfix version 2.3:
# warn_if_reject reject_unknown_client_hostname

check_recipient_access pcre:/etc/postfix/recipient_check.pcre


You could also try this one if you are already testing:

smtpd_helo_restrictions =
permit_mynetworks,
warn_if_reject reject_invalid_hostname

I found that the number of legit servers that violate this rule is much smaller than those rejected by "reject_unknown_client_hostname". The reason is probably that you can configure the HELO yourself but need the help of the provider to set up correct DNS. That is not always the case, the British BT is notorious for refusing to set up correct reverse DNS.


Here is some additional information about reject_unknown_client:

http://www.postfix.org/postconf.5.html#unknown_client_reject_code
The default is a temporary 450, which is probably a very good idea!

http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

Only version 2.3:
http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname


Why don't you grep your log for the unknown clients and check if the clients were indeed spammers or misconfigured servers?

Sandy

--
List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

< Previous Next >
Follow Ups