1

Topic: Howto block some spam emails.

I have mail domain skeurochem.pl.
Many of spam messages i'm receiving is using in "from" field skeurchem.pl email account.
For example:

From: Genuine Pfizer c Retailer <example@skeurochem.pl>
To: example@skeurochem.pl
Received: from bzq-84-110-52-4.red.bezeqint.net (unknown [84.110.157.183])

Is it possible to block this kind of spam, just make a limitation (you can use in mail from server skeurochem.pl if you are using auth smtp) ?

2

Re: Howto block some spam emails.

This kind of spam will be rejected by default, because they use your domain name without SASL authentication.

3

Re: Howto block some spam emails.

Hi kerie,

You can block spam this problem with hash in Postfix as step following:

Step 1: in /etc/postfix/main.cf

you add line

check_client_access = hash:/etc/postfix/reject_client //If you block IP
or
smtpd_sender_restrictions = hash:/etc/postfix/reject_sender /if you block domain or email address

step 2:in /etc/postfix/reject_client

you add line

84.110.157.183 REJECT /you will block ip 84.110.157.183

Step 3:if you need block domain or email address

in /etc/postfix/reject_sender.you add line

skeurochem.pl REJECT /If you want reject domain skeurochem.pl
example@skeurochem.pl REJECT /If you want reject email address example@skeurochem.pl

Step 4 :you need hash 2 files /etc/postfix/reject_sender and /etc/postfix/reject_client by command

postmap hash:/etc/postfix/reject_client
postmap hash:/etc/postfix/reject_sender

Step 5: Restart Postfix

4 (edited by kerie 2010-01-07 15:45:35)

Re: Howto block some spam emails.

ZhangHuangbin wrote:

This kind of spam will be rejected by default, because they use your domain name without SASL authentication.

I understand, it should be done by this way but ..... look below:
agc.gov.sg (unknown [186.24.81.36]) is not part of mynetwork

Return-Path: <miaalvro@afo.net>
Delivered-To: example@skeurochem.pl
Received: from localhost (mail.skeurochem.pl [127.0.0.1])
    by mail.skeurochem.pl (iRedMail) with ESMTP id 116A15B903EE
    for <example@skeurochem.pl>; Thu,  7 Jan 2010 01:40:08 +0100 (CET)
X-Quarantine-ID: <eX2XgTIDZlTs>
X-Virus-Scanned: amavisd-new at mail.skeurochem.pl
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char C2 hex):
    From: Approved VIAGRA\302\256 Store <example[...]
X-Spam-Flag: YES
X-Spam-Score: 8.703
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.703 tagged_above=2 required=6.2
    tests=[HTML_IMAGE_ONLY_20=1.808, HTML_MESSAGE=0.001,
    HTML_SHORT_LINK_IMG_3=0.556, MIME_HTML_ONLY=1.672, RCVD_IN_PBL=0.509,
    RDNS_NONE=0.1, SPF_SOFTFAIL=0.654, URIBL_AB_SURBL=0.3306,
    URIBL_BLACK=1.961, URIBL_JP_SURBL=0.336, URIBL_OB_SURBL=0.2617,
    URIBL_SC_SURBL=0.36, URIBL_WS_SURBL=0.1533] autolearn=no
Received: from mail.skeurochem.pl ([127.0.0.1])
    by localhost (mail.skeurochem.pl [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id eX2XgTIDZlTs for <example@skeurochem.pl>;
    Thu,  7 Jan 2010 01:40:04 +0100 (CET)
X-Original-Helo: agc.gov.sg (iRedMail: http://www.iredmail.org/)
X-Original-Helo: agc.gov.sg (iRedMail: http://www.iredmail.org/)
X-Original-Helo: agc.gov.sg (iRedMail: http://www.iredmail.org/)
X-Original-Helo: agc.gov.sg (iRedMail: http://www.iredmail.org/)
X-Original-Helo: agc.gov.sg (iRedMail: http://www.iredmail.org/)
Received: from agc.gov.sg (unknown [186.24.81.36])
    by mail.skeurochem.pl (iRedMail) with SMTP id 82EA15B903EC
    for <example@skeurochem.pl>; Thu,  7 Jan 2010 01:39:58 +0100 (CET)
From: Approved VIAGRA® Store <example@skeurochem.pl>
Subject: [SPAM] Daily Dose 74% off
To: <example@skeurochem.pl>
MIME-Version: 1.0
Content-Type: text/html
Message-Id: <20100107004002.82EA15B903EC@mail.skeurochem.pl>
Date: Thu,  7 Jan 2010 01:39:58 +0100 (CET)

5

Re: Howto block some spam emails.

Change your postfix config in main.cf:

smtpd_sender_restrictions =
    permit_mynetworks,
    reject_sender_login_mismatch,
    permit_sasl_authenticated

Add reject_sender_login_mismatch AFTER permit_mynetworks.

6 (edited by robynhub 2011-02-15 19:06:17)

Re: Howto block some spam emails.

Same problem here.
In the mail that i receive i've see the tag

X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-100 required=6 tests=[]

But no test are done! There is something that i can check? It seems that it don't check it for spam at all

Try to send spam to f { a t } ernet.it and i will post it here.

7

Re: Howto block some spam emails.

@robynhub:
1. Separate amavisd policy banks for SASL authenticated users and the rest.
2. Enable SPF for your domain.
3. Reject messages directly from Postfix on SPF mismatch.

8

Re: Howto block some spam emails.

maxie_ro wrote:

@robynhub:
1. Separate amavisd policy banks for SASL authenticated users and the rest.
2. Enable SPF for your domain.
3. Reject messages directly from Postfix on SPF mismatch.

1. Ok. I'll try.
2. Already done
3. How?

9

Re: Howto block some spam emails.

robynhub wrote:

1. Ok. I'll try.
2. Already done
3. How?

3. I wrote a tutorial on the wiki:
http://www.iredmail.org/wiki/index.php? … _SPF_check

I hope I didn't accidentally left anything out. tongue