On 9/23/2009 9:44 AM, lucone wrote:
Hi All!
I receive some spam messages that pass spam filters.
Our users see the sender as an internal sender, but the real sender is
an external address (see the log entry)
There is yet a rule to block sender that use our domain, but doesn't
work with
these messages
I don't know how to block these messages
this is the log entry related to my problem :
Sep 22 15:00:04 mail amavis[22157]: (22157-01-2) Passed CLEAN,
[200.170.109.243] <nook...@affix-formation.fr
<mailto:nook...@affix-formation.fr>> -> <myu...@mydomain>, Message-ID:
<20090922125833.37b455b8...@mail.mydomain>, mail_id: Pi3FovMm7sVK, Hits:
-1.041, size: 1471, queued_as: A19E95B8008, 17067 ms
how can i block these type of spam messages ?
You can use reject_unknown_reverse_client_hostname
http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname
to reject clients with no reverse DNS entry.
The client above is listed in multiple RBLs including
bl.spamcop.net, cbl.abuseat.org, and zen.spamhaus.org. Adding
reject_rbl_client zen.spamhaus.org
to your restriction list will likely cut down quit a bit also.
-- Noel Jones
