Comments on: Using postfix to block spam botnet traffic http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/ The thoughts, ideas, habits, and interests of a sub-culture. Wed, 27 Aug 2008 23:16:36 +0000 http://wordpress.org/?v=2.5.1 By: brendan http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/#comment-225362 brendan Fri, 16 May 2008 10:47:18 +0000 http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/#comment-225362 I think you could add check_recipient_access pcre:/etc/postfix/maps/access_recipient.pcre and in that file, put /^henryxxx@/ ACCEPT /^henry.*@/ REJECT or something similar, letting the regular expression block all possible sequences after 'henry' except for 'xxx', which is accepted initially. I think you could add
check_recipient_access pcre:/etc/postfix/maps/access_recipient.pcre
and in that file, put
/^henryxxx@/ ACCEPT
/^henry.*@/ REJECT
or something similar, letting the regular expression block all possible sequences after ‘henry’ except for ‘xxx’, which is accepted initially.

]]> By: Paul Rotenberg http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/#comment-224042 Paul Rotenberg Wed, 14 May 2008 18:51:57 +0000 http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/#comment-224042 I am reading this and having trouble filtering the information I need, but I suspect it is here. I have a domain running dual servers, inbound (FreeBSD, Postfix, Amavisd, ClamAV) and outbound (Qmail on Freebsd). Mail is delivered to inbound, cleaned and passed to user mailboxes on outbound. Users pick up mail from outbound. My problem is that someone decided we hae an account henryxxx@domain.com and we get thousands of spam messages to variants on henry@. henry is almost always the beginning of the recipient address. We do not have a Henry in the system. Can I add a filter to incoming (Postfix) to reject any email addressed to henryx@domain.com where x is any number of random characters? I do not want to bounce or do any processing on them, just get rid of them as quickly and simply as possible. I am reading this and having trouble filtering the information I need, but I suspect it is here. I have a domain running dual servers, inbound (FreeBSD, Postfix, Amavisd, ClamAV) and outbound (Qmail on Freebsd). Mail is delivered to inbound, cleaned and passed to user mailboxes on outbound. Users pick up mail from outbound. My problem is that someone decided we hae an account henryxxx@domain.com and we get thousands of spam messages to variants on henry@. henry is almost always the beginning of the recipient address. We do not have a Henry in the system. Can I add a filter to incoming (Postfix) to reject any email addressed to henryx@domain.com where x is any number of random characters? I do not want to bounce or do any processing on them, just get rid of them as quickly and simply as possible.

]]> By: Scott http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/#comment-212691 Scott Sat, 03 May 2008 02:51:58 +0000 http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/#comment-212691 Just wanted to thank you for this. I only needed a very very simplified version (adding a few of the addresses to access to be rejected) and this worked perfectly for me. Just wanted to thank you for this. I only needed a very very simplified version (adding a few of the addresses to access to be rejected) and this worked perfectly for me.

]]> By: bspinner http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/#comment-201275 bspinner Tue, 22 Apr 2008 14:12:52 +0000 http://www.zen.org/2008/03/29/using-postfix-to-block-spam-botnet-traffic/#comment-201275 I am not 100% sure but I think many HowTos are mixing some postfix directives in wrong context. For example reject_non_fqdn_sender is listed in smtpd_sender_restrictions (in man postconf(5)) and not in smtpd_recipient_restrictions (as stated in your and many others HowTos) I think the following is more appropriate: <code>smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, # warn_if_reject, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_recipient_domain, permit </code> I am not 100% sure but I think many HowTos are mixing some postfix directives in wrong context.
For example reject_non_fqdn_sender is listed in smtpd_sender_restrictions (in man postconf(5)) and not in smtpd_recipient_restrictions (as stated in your and many others HowTos)

I think the following is more appropriate:

smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
# warn_if_reject,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/access
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_unknown_recipient_domain,
permit

]]>