Hi everyone,
Ok, I have a question...
First, I've never claimed to be smarter than the average amoeba
(although I think possibly I grill a better steak), and I do seem to
recall some time ago someone (mouss, was that you?) saying that the way
I was blocking senders might have unintended consequences, but obviously
there's something going on here that I don't understand.
The recent thread that Victor declared dead - 'Postfix Setup' - involved
a comment by me to: Rik <hlug090...@buzzhost.co.uk>
I sent him a farewell 'frak off' email directly (yeah, I know, childish
of me), then smtp rejected anything from his address (using a
'check_sender_access' hash with his email address in it (simple reject
applied, otherwise nothing offensive):
myhost ~ postconf -n | grep check_sender
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/moved-employees, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_client_access cidr:/etc/postfix/allowed_clients.cidr,
check_recipient_access hash:/etc/postfix/x-employees,
check_sender_access hash:/etc/postfix/blocked_senders,
myhost ~ # cat /etc/postfix/blocked_senders
# Senders Being Blocked
...
#hlug090...@buzzhost.co.uk reject
...
Of course, his address wasn't commented out when this occurred.
Well, grepping the logs shows that this ms (miserable slimeball) did
something that caused 351 of these 'UCE AND ABUSE DETECTED' messages
(see attached) to flood my server within 3 minutes (glad I didn't have
to leave my desk for any length of time when it happened). Whatever he
did was about 40 minutes after the two rejects I noticed from him in the
logs. The headers show as from and to myself...
Ok, fine, the way I attempted to block him obviously isn't the best way
to do so, but I want to take this opportunity to learn the following
(pointers to rtfm gratefully accepted):
1. What is the best way to 'plonk' someone at the smtp level?
2. What exactly was wrong with the way I went about blocking this idiot?
3. What was the mechanism employed to flood my server with these
messages, and how do I protect against it in the future (maybe simply
changing the way I'm blocking unwanted senders now will accomplish
that?)?
and
4. Should I report his abuse? Or was it deserved because of the way I
was using check_sender_access?
Thanks for any pointers...
--
Best regards,
Charles
--- Begin Message ---
SMTP Server <70.43.81.99> rejected recipient <cmar...@media-brokers.com> (Error
following RCPT command). It responded as follows: [554 5.7.1
<cmar...@media-brokers.com>: Sender address rejected: Access denied]
emailheaders.txt
Description: application/txt
--- End Message ---
