Topic: Protect server from fake subnet
I would like to share how to get lid of spammer from fake subnet.
Jun 22 17:10:38 mx2 postfix/smtpd[11415]: 3491E80054: client=******[10.0.0.541]
Jun 22 17:10:40 mx2 postfix/cleanup[11497]: 3491E80054: message-id=<576A8E41.621D4DF3@amazonaws.com>
Jun 22 17:10:40 mx2 postfix/qmgr[803]: 3491E80054: from=<test@amazonaws.com>, size=4624, nrcpt=1 (queue active)
Jun 22 17:10:41 mx2 amavis[10598]: (10598-04) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [10.0.51.31]:40308 <test@amazonaws.com> -> <mario_klingelberger@gmx.de>, Queue-ID: 3491E80054, Message-ID: <576A8E41.621D4DF3@amazonaws.com>, mail_id: 8V3v0k2e_Cuv, Hits: 0, size: 4399, queued_as: DB4D880325, 1123 ms
Jun 22 17:10:41 mx2 postfix/smtp[11502]: 3491E80054: to=<mario_klingelberger@gmx.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.5, delays=4.3/0/0/1.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as DB4D880325)
Jun 22 17:10:41 mx2 postfix/qmgr[803]: 3491E80054: removedI use amazon load balancer and it have subnet to connect my server.
Spammer have fake my subnet and send spam.
I don't how to block it because the server connect is my real load balancer subnet.
this is how I fix it.
at file /etc/postfix/main.cf do not add your subnet in mynetwork.
mynetworks = 127.0.0.1nano /etc/postfix/access.cidr10.0.0.0/24 OK nano /etc/postfix/main.cfsmtpd_client_restrictions = check_client_access cidr:/etc/postfix/access.cidrThe problem is smtpd_sender_restrictions = permit_mynetworks
If you put subnet in mynetwork it will allow fake subnet sending spam so you have to allow in coming but not outgoing.
If anyone have better solution please feel free to share.
Thank you
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.