1

Topic: Problem rejecting email

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

I've been getting a lot of spam about jobs from a spammer that uses Amazon SES, so I can't block by IPs.  I had added them to the blacklist but that still accepts the email, so I decided I'd add the email address to /etc/postfix/sender_access.pcre, but they are still getting through.  I tried added one of my gmail accounts and it rejected those emails, but the ones from the spammer get through and still end up in the Junk folder.  Since Amazon doesn't do anything about these spammers I want the emails rejected.

Here's what I have in sender_access.pcre:

/mail@jobungo\.com/    REJECT    Sender only sends spam
/mail@recommendedjobs\.com/    REJECT    Sender only sends spam

I'm not sure why these are getting through when the emails from the gmail account got blocked during testing.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Problem rejecting email

You have to check whether the email addresses you used in sender_access.pcre are the real mail sender addresses. Try to check iRedAPD log file (/var/log/iredapd/iredapd.log) to help you find this out.

3

Re: Problem rejecting email

ZhangHuangbin wrote:

You have to check whether the email addresses you used in sender_access.pcre are the real mail sender addresses. Try to check iRedAPD log file (/var/log/iredapd/iredapd.log) to help you find this out.

Here's what's in the log for the most recent:

maillog:Nov 14 11:42:30 clarke amavis[3548]: (03548-12) Passed CLEAN {RelayedInbound}, [54.240.11.63]:36161 [54.240.11.63] <0100015863eedbde-143237fa-15da-4be3-994d-5b06eeb0fbb6-000000@amazonses.com> -> <dittman@dittman.net>, Queue-ID: 457CF8165C74, Message-ID: <0100015863eedbde-143237fa-15da-4be3-994d-5b06eeb0fbb6-000000@email.amazonses.com>, mail_id: EP-K8HajILFe, Hits: -4.298, size: 20346, queued_as: BFB4181AA74F, dkim_sd=2xd6wt3wv7taabiekypt7kkjjcztvdqd:recommendedjobs.com,6gbrjpgwjskckoa6a5zn6fwqkn67xbtw:amazonses.com, 1353 ms

Here's the "From:" header in the email:

From: Recommended Jobs <mail@recommendedjobs.com>

From what I've read about sender_access.pcre it uses what's in the "From:" header.

4

Re: Problem rejecting email

dittman wrote:

From what I've read about sender_access.pcre it uses what's in the "From:" header.

WRONG.

According to Postfix document (http://www.postfix.org/postconf.5.html#check_sender_access ):

check_sender_access type:table
Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action.

The "MAIL FROM" address is the address specified in SMTP command 'MAIL FROM:', not the mail header. So it's "0100015863eedbde-143237fa-15da-4be3-994d-5b06eeb0fbb6-000000@amazonses.com" in your case.

You may need Postfix setting 'header_checks =' instead to check 'From:' in mail header.

5

Re: Problem rejecting email

ZhangHuangbin wrote:
dittman wrote:

From what I've read about sender_access.pcre it uses what's in the "From:" header.

WRONG.

According to Postfix document (http://www.postfix.org/postconf.5.html#check_sender_access ):

check_sender_access type:table
Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action.

The "MAIL FROM" address is the address specified in SMTP command 'MAIL FROM:', not the mail header. So it's "0100015863eedbde-143237fa-15da-4be3-994d-5b06eeb0fbb6-000000@amazonses.com" in your case.

You may need Postfix setting 'header_checks =' instead to check 'From:' in mail header.

Okay, thanks for the correction.  I'll look at header_checks.

This wouldn't be an issue if Amazon would act on spam reports.