[pfx] Re: Fastest way to reject unwanted sender
On 6/16/2024 9:06 AM, Wietse Venema via Postfix-users wrote: # Don't indent text between IF and ENDIF. IF /^MAIL FROM:/ /^MAIL FROM:/ QUIT /^MAIL FROM:/ QUIT ... ENDIF Seems like if this is talking to a real MTA this would be a connection amplifier. The sending MTA would see this as a non-fatal error and keep retrying until their queue expires, possibly hundreds of times over several days. In that case a regular old access table, maybe with smtpd_delay_reject=no, would be a better choice. -- Noel Jones ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
Viktor Dukhovni via Postfix-users: > On Sun, Jun 16, 2024 at 10:06:41AM -0400, Wietse Venema via Postfix-users > wrote: > > John R. Levine via Postfix-users: > > > On Sat, 15 Jun 2024, Jeff Peng wrote: > > > > I think postscreen can block them easily. > > > > > > I'm looking at the postscreen man page and I don't see anything about > > > mail > > > addresses. Am I missing something? > > > > That is a bad suggestion, please ignore. > > > > > I do see smtpd_command_filter. How about if I map MAIL FROM: to > > > QUIT? > > > > That would do the job. With regexp: or pcre: tables you may save > > some CPU cycles with: > > > > # Don't indent text between IF and ENDIF. > > IF /^MAIL FROM:/ > > /^MAIL FROM:/ QUIT > > /^MAIL FROM:/ QUIT > > ... > > ENDIF > > What's wrong with simple literall access(5) checks on the envelope > sender, one then also gets to log the rejected recipients assuming the > default setting of "smtpd_delay_reject = yes". True as a more general solution, but I don't think that is required here. > Regular expressions are much too fragile in the hands of most users. I think that John has the competence to make that decision. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
On Sun, Jun 16, 2024 at 10:06:41AM -0400, Wietse Venema via Postfix-users wrote: > John R. Levine via Postfix-users: > > On Sat, 15 Jun 2024, Jeff Peng wrote: > > > I think postscreen can block them easily. > > > > I'm looking at the postscreen man page and I don't see anything about mail > > addresses. Am I missing something? > > That is a bad suggestion, please ignore. > > > I do see smtpd_command_filter. How about if I map MAIL FROM: to > > QUIT? > > That would do the job. With regexp: or pcre: tables you may save > some CPU cycles with: > > # Don't indent text between IF and ENDIF. > IF /^MAIL FROM:/ > /^MAIL FROM:/ QUIT > /^MAIL FROM:/ QUIT > ... > ENDIF What's wrong with simple literall access(5) checks on the envelope sender, one then also gets to log the rejected recipients assuming the default setting of "smtpd_delay_reject = yes". Regular expressions are much too fragile in the hands of most users. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
John R. Levine via Postfix-users: > On Sat, 15 Jun 2024, Jeff Peng wrote: > > I think postscreen can block them easily. > > I'm looking at the postscreen man page and I don't see anything about mail > addresses. Am I missing something? That is a bad suggestion, please ignore. > I do see smtpd_command_filter. How about if I map MAIL FROM: to > QUIT? That would do the job. With regexp: or pcre: tables you may save some CPU cycles with: # Don't indent text between IF and ENDIF. IF /^MAIL FROM:/ /^MAIL FROM:/ QUIT /^MAIL FROM:/ QUIT ... ENDIF If the list is short, this 'optimization' won't be worthwhile. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
John R. Levine via Postfix-users skrev den 2024-06-16 15:18: I'm looking at the postscreen man page and I don't see anything about mail addresses. Am I missing something? postscreen is not smtpd I do see smtpd_command_filter. How about if I map MAIL FROM: to QUIT? so this needs smtpd milter-regex is your friend ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
On Sat, 15 Jun 2024, Jeff Peng wrote: I think postscreen can block them easily. I'm looking at the postscreen man page and I don't see anything about mail addresses. Am I missing something? I do see smtpd_command_filter. How about if I map MAIL FROM: to QUIT? Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
On Sat, Jun 15, 2024 at 07:06:43PM +0800, Jeff Peng via Postfix-users wrote: > On 2024-06-15 18:14, John Levine via Postfix-users wrote: > > People I'm working with have a short list of addresses from which they > > don't want to accept mail at all, and they'd like to reject as early > > as possible without running it through anti-spam milters, ideally by > > rejecting the SMTP MAIL FROM command. What's the best way to do this? > > The list is short so if it has to be hand-edited into config files, > > that's OK. > > > > I'm not sure exactly why they want to do it this way but they have > > been running mail systems for a long time (some of you surely know > > them) and I assume they have sensible reasons. > > I think postscreen can block them easily. Actually, no, because postscreen typically does not look at the sender address, generally, just the client IP address is considered. No reason to post a vague guess, when a concrete approach was requested. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
On 15.06.24 12:14, John Levine via Postfix-users wrote: People I'm working with have a short list of addresses from which they don't want to accept mail at all, and they'd like to reject as early as possible without running it through anti-spam milters, ideally by rejecting the SMTP MAIL FROM command. What's the best way to do this? The list is short so if it has to be hand-edited into config files, that's OK. I'm not sure exactly why they want to do it this way but they have been running mail systems for a long time (some of you surely know them) and I assume they have sensible reasons. Note that at SMTP level, you can reject senders globally, and recipients individually. Thus, if you reject mail from any sender, none of recipients will be able to get mail from that user. If one of recipients wants to accept mail from a sender while another recipient doesn't, teoretically you can reject that sender at recipient level, but that complicates configuration (but it's possible). This would mean that for single mail to more recipients, sendes gets accepted and different recipients get refused. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
On 2024-06-15 18:14, John Levine via Postfix-users wrote: People I'm working with have a short list of addresses from which they don't want to accept mail at all, and they'd like to reject as early as possible without running it through anti-spam milters, ideally by rejecting the SMTP MAIL FROM command. What's the best way to do this? The list is short so if it has to be hand-edited into config files, that's OK. I'm not sure exactly why they want to do it this way but they have been running mail systems for a long time (some of you surely know them) and I assume they have sensible reasons. I think postscreen can block them easily. regards. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Fastest way to reject unwanted sender
On Sat, Jun 15, 2024 at 12:14:01PM +0200, John Levine via Postfix-users wrote:
> People I'm working with have a short list of addresses from which they
> don't want to accept mail at all, and they'd like to reject as early
> as possible without running it through anti-spam milters, ideally by
> rejecting the SMTP MAIL FROM command. What's the best way to do this?
> The list is short so if it has to be hand-edited into config files,
> that's OK.
>
> I'm not sure exactly why they want to do it this way but they have
> been running mail systems for a long time (some of you surely know
> them) and I assume they have sensible reasons.
For very short lists, the simplest is:
main.cf:
thash = texthash:${config_directory}/
smtpd_sender_restrictions =
check_sender_access ${thash}blocked-senders
blocked-senders:
m...@example.com REJECT Stooges not accepted here
la...@example.com REJECT Stooges not accepted here
cu...@example.com REJECT Stooges not accepted here
This admits occasional editing of the list without having to touch
main.cf. If the list is sufficiently static that bolting it into
main.cf is a sensible tradeoff, then:
main.cf:
smtpd_sender_restrictions =
check_sender_access inline:{
{ m...@example.com = REJECT Stooges not accepted here },
{ la...@example.com = REJECT Stooges not accepted here },
{ cu...@example.com = REJECT Stooges not accepted here },
}
Of course you can also use any of the fancier dictionary types, putting
the data in LDAP, a SQL database, a CDB table, LMDB, ...
--
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
