Re: postmaster@ and spam
On Thu, Mar 26, 2009 at 12:55 PM, LuKreme wrote: > Obviously I can't disable the account as it is required, but is there > something that I can do to stop the connections for messages like this: > > Return-Path: > X-Original-To: postmas...@covisp.net > Delivered-To: postmas...@covisp.net > Received: from 55.71.98-84.rev.gaoland.net (117.82.193-77.rev.gaoland.net > [77.193.82.117]) > by mail.covisp.net (Postfix) with SMTP id A4B17118BC8B > for ; Fri, 20 Mar 2009 18:18:44 -0600 (MDT) > > as it is now, anything to postmaster gets a complete free pass, and most the > mail to that account is scoring on SA up in the 20's and 30's. Why not RBL it wish spamhaus? $ dig 117.82.193.77.zen.spamhaus.org a +short 127.0.0.10 127.0.0.4
Re: postmaster@ and spam
On 26-Mar-2009, at 11:53, Peter Blair wrote: On Thu, Mar 26, 2009 at 12:55 PM, LuKreme wrote: Obviously I can't disable the account as it is required, but is there something that I can do to stop the connections for messages like this: Return-Path: X-Original-To: postmas...@covisp.net Delivered-To: postmas...@covisp.net Received: from 55.71.98-84.rev.gaoland.net (117.82.193-77.rev.gaoland.net [77.193.82.117]) by mail.covisp.net (Postfix) with SMTP id A4B17118BC8B for ; Fri, 20 Mar 2009 18:18:44 -0600 (MDT) as it is now, anything to postmaster gets a complete free pass, and most the mail to that account is scoring on SA up in the 20's and 30's. Why not RBL it wish spamhaus? Because the helo checks happen before the RBL checks and once the message gets and OK it's no longer checked. -- There is NO Rule six!
Re: postmaster@ and spam
LuKreme wrote: > On 26-Mar-2009, at 11:53, Peter Blair wrote: >> On Thu, Mar 26, 2009 at 12:55 PM, LuKreme wrote: >> >>> Obviously I can't disable the account as it is required, but is there >>> something that I can do to stop the connections for messages like this: >>> >>> Return-Path: >>> X-Original-To: postmas...@covisp.net >>> Delivered-To: postmas...@covisp.net >>> Received: from 55.71.98-84.rev.gaoland.net >>> (117.82.193-77.rev.gaoland.net >>> [77.193.82.117]) >>>by mail.covisp.net (Postfix) with SMTP id A4B17118BC8B >>>for ; Fri, 20 Mar 2009 18:18:44 -0600 >>> (MDT) >>> >>> as it is now, anything to postmaster gets a complete free pass, and >>> most the >>> mail to that account is scoring on SA up in the 20's and 30's. >> >> Why not RBL it wish spamhaus? > > Because the helo checks happen before the RBL checks and once the > message gets and OK it's no longer checked. > The helo check you mention will OK the helo_restrictions. (assuming this is where you have it) However, it will not affect the recipient_restrictions. An OK is for a single restriction class. Not globally (thank goodness). Brian
Re: postmaster@ and spam
On 26-Mar-2009, at 13:36, Brian Evans - Postfix List wrote: LuKreme wrote: On 26-Mar-2009, at 11:53, Peter Blair wrote: On Thu, Mar 26, 2009 at 12:55 PM, LuKreme wrote: Obviously I can't disable the account as it is required, but is there something that I can do to stop the connections for messages like this: Return-Path: X-Original-To: postmas...@covisp.net Delivered-To: postmas...@covisp.net Received: from 55.71.98-84.rev.gaoland.net (117.82.193-77.rev.gaoland.net [77.193.82.117]) by mail.covisp.net (Postfix) with SMTP id A4B17118BC8B for ; Fri, 20 Mar 2009 18:18:44 -0600 (MDT) as it is now, anything to postmaster gets a complete free pass, and most the mail to that account is scoring on SA up in the 20's and 30's. Why not RBL it wish spamhaus? Because the helo checks happen before the RBL checks and once the message gets and OK it's no longer checked. The helo check you mention will OK the helo_restrictions. (assuming this is where you have it) However, it will not affect the recipient_restrictions. smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_invalid_hostname, permit_mynetworks, check_client_access hash:$config_directory/pbs, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_sender, check_client_access cidr:/var/db/dnswl/postfix-dnswl-permit check_helo_access pcre:$config_directory/helo_checks.pcre, check_sender_access pcre:$config_directory/sender_access.pcre, check_client_access pcre:$config_directory/check_client_fqdn.pcre, check_recipient_access pcre:$config_directory/recipient_checks.pcre, check_client_access hash:$config_directory/access, reject_rbl_client zen.spamhaus.org, permit An OK is for a single restriction class. Not globally (thank goodness). Once the message gets OKed by helo_checks.pcre it does not get checked by the reject_rbl_client. -- ...but then a lot of nice things turn bad out there
Re: postmaster@ and spam
On 26-Mar-2009, at 14:10, LuKreme wrote: Once the message gets OKed by helo_checks.pcre it does not get checked by the reject_rbl_client. Ah.. OK, this is not right. It is just that the IP was not in the RBL when that message came through. So, the original question still stands: is there something that I can do to stop the connections for messages like this: Return-Path: X-Original-To: postmas...@covisp.net Delivered-To: postmas...@covisp.net Received: from 55.71.98-84.rev.gaoland.net (117.82.193-77.rev.gaoland.net [77.193.82.117]) by mail.covisp.net (Postfix) with SMTP id A4B17118BC8B for ; Fri, 20 Mar 2009 18:18:44 -0600 (MDT) -- Say, give it up, give it up, television's taking its toll That's enough, that's enough, gimme the remote control I been nice, I been good, please don't do this to me Turn it off, turn it off, I don't want to have to see
Re: postmaster@ and spam
LuKreme a écrit : > I have in my postffix helo checks, perhaps a bad idea, > > [some checks up here that reject] > /^postmaster\@/ OK > /^abuse\@/ OK > > At the time I set this up it was pretty important that postmaster mail > got through, but looking over the last 12 months of mail, I've received > exactly two legitimate messages to postmaster, both auto replies from > the monkeys at yahoo. > > Obviously I can't disable the account as it is required, but is there > something that I can do to stop the connections for messages like this: > > Return-Path: > X-Original-To: postmas...@covisp.net > Delivered-To: postmas...@covisp.net > Received: from 55.71.98-84.rev.gaoland.net > (117.82.193-77.rev.gaoland.net [77.193.82.117]) > by mail.covisp.net (Postfix) with SMTP id A4B17118BC8B > for ; Fri, 20 Mar 2009 18:18:44 -0600 (MDT) > > as it is now, anything to postmaster gets a complete free pass, and most > the mail to that account is scoring on SA up in the 20's and 30's. > you can reject mail from postmas...@yourdomain.example if no external system should use it. check_sender_access hash:/etc/postfix/access_sender == access_sender postmas...@covip.netREJECT blah blah
Re: postmaster@ and spam
On Thu, 26 Mar 2009, LuKreme wrote: > I have in my postffix helo checks, perhaps a bad idea, > > [some checks up here that reject] > /^postmaster\@/ OK > /^abuse\@/ OK Why do these email address patterns appear in a HELO access(5) map? > At the time I set this up it was pretty important that postmaster mail > got through, but looking over the last 12 months of mail, I've received > exactly two legitimate messages to postmaster, both auto replies from the > monkeys at yahoo. > > Obviously I can't disable the account as it is required, but is there > something that I can do to stop the connections for messages like this: > > Return-Path: Reject externally originating email with ENVELOPE from postmas...@example.org if you are responsible for example.org. -- Sahil Tandon
Re: postmaster@ and spam
On 26-Mar-2009, at 18:06, Sahil Tandon wrote: On Thu, 26 Mar 2009, LuKreme wrote: I have in my postffix helo checks, perhaps a bad idea, [some checks up here that reject] /^postmaster\@/ OK /^abuse\@/ OK Why do these email address patterns appear in a HELO access(5) map? Because 9 years ago or so it is what I was told to do. On this list, I'm pretty sure. -- ...but the senator, while insisting he was not intoxicated, could not explain his nudity.
Re: postmaster@ and spam
* LuKreme : > On 26-Mar-2009, at 18:06, Sahil Tandon wrote: >> On Thu, 26 Mar 2009, LuKreme wrote: >> >>> I have in my postffix helo checks, perhaps a bad idea, >>> >>> [some checks up here that reject] >>> /^postmaster\@/ OK >>> /^abuse\@/ OK >> >> Why do these email address patterns appear in a HELO access(5) map? > > Because 9 years ago or so it is what I was told to do. On this list, I'm > pretty sure. In HELO? -- Ralf Hildebrandt Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.computerbeschimpfung.de This is the crucial difference between fiction and real life: fiction must be plausible; real life has no such constraint. -- Kevin Kelly
Re: postmaster@ and spam
On 27-Mar-2009, at 09:57, Ralf Hildebrandt wrote: * LuKreme : On 26-Mar-2009, at 18:06, Sahil Tandon wrote: On Thu, 26 Mar 2009, LuKreme wrote: I have in my postffix helo checks, perhaps a bad idea, [some checks up here that reject] /^postmaster\@/ OK /^abuse\@/ OK Why do these email address patterns appear in a HELO access(5) map? Because 9 years ago or so it is what I was told to do. On this list, I'm pretty sure. In HELO? Doesn't sound right, does it. Did helo checks used to apply to the entire pre-DATA part of the transaction? -- When the routine bites hard / and ambitions are low And the resentment rides high / but emotions won't grow And we're changing our ways, / taking different roads Then love, love will tear us apart again
Re: postmaster@ and spam
On Mar 27, 2009, at 12:18 PM, LuKreme wrote: On 27-Mar-2009, at 09:57, Ralf Hildebrandt wrote: * LuKreme : On 26-Mar-2009, at 18:06, Sahil Tandon wrote: On Thu, 26 Mar 2009, LuKreme wrote: I have in my postffix helo checks, perhaps a bad idea, [some checks up here that reject] /^postmaster\@/ OK /^abuse\@/ OK Why do these email address patterns appear in a HELO access(5) map? Because 9 years ago or so it is what I was told to do. On this list, I'm pretty sure. In HELO? Doesn't sound right, does it. Did helo checks used to apply to the entire pre-DATA part of the transaction? There are scenarios in which non HELO checks can be placed under smtpd_helo_restrictions, but in your case you explicitly call check_helo_access and then reference a map with email address patterns on the LHS. Don't believe everything you read on the list, or at least confirm it with the documentation. -- Sahil Tandon
Re: postmaster@ and spam
LuKreme a écrit : > On 27-Mar-2009, at 09:57, Ralf Hildebrandt wrote: >> * LuKreme : >>> On 26-Mar-2009, at 18:06, Sahil Tandon wrote: On Thu, 26 Mar 2009, LuKreme wrote: > I have in my postffix helo checks, perhaps a bad idea, > > [some checks up here that reject] > /^postmaster\@/ OK > /^abuse\@/ OK Why do these email address patterns appear in a HELO access(5) map? >>> >>> Because 9 years ago or so it is what I was told to do. On this list, >>> I'm >>> pretty sure. >> >> In HELO? > > Doesn't sound right, does it. Did helo checks used to apply to the > entire pre-DATA part of the transaction? > > do not confuse smtpd_helo_restrictions and check_helo_access smtpd_helo_restrictions are a set of checks that can may contain many checks, including permit_sasl_authenticated, reject_unknown_sender_domain, ... etc. check_helo_access is ONE check that looks the HELO/EHLO argument in a map and applies the decision found in that map. in short, check_helo_access whatever will never do anything with /^postmaster\@/ except if a silly spammer heloes with "postmas...@something", which I have never seen (and which is easily blocked by reject_invalid_helo_hostname anyway). and by the way, pcre isn't perl. '@' doesn't need to be escaped ('\@' isn't needed. '@' is ok).