Hello,
First, sorry for my english, I try to explain my problem
I had a spam Attack on my postfix relay from my webserver.
A bad script on the webserver send a lot of spam but some goods mails are on
the middle.
I corrected the web site, clean the mailqueue and now, there are 240 good mails
Hello,
We run a free accounts mail server (like gmail) and we struggle with the
outgoing spam problem.
Spammers abuse our service by creating accounts and then sending out spam.
It is very easy and free to create an account and we want it to stay that
way so blocking or removing spammers
On 10/04/2014 14:58, Marcin Szymonik wrote:
Hello,
We run a free accounts mail server (like gmail) and we struggle with
the outgoing spam problem.
Spammers abuse our service by creating accounts and then sending out
spam.
It is very easy and free to create an account and we want it to stay
As accounts are free and you can easily create tens of them, per account
limits don't solve the problem.
Most free mail service providers allow their users to send through SMTP and
we would prefer to do that as well.
Content based filtering may be the way to go indeed - thank you for pointing
it.
On 10 Apr 2014, at 07:58 , Marcin Szymonik szymoni...@gmail.com wrote:
Hello,
We run a free accounts mail server (like gmail) and we struggle with the
outgoing spam problem.
Spammers abuse our service by creating accounts and then sending out spam.
It is very easy and free to create
:
Hello,
We run a free accounts mail server (like gmail) and we struggle with the
outgoing spam problem.
Spammers abuse our service by creating accounts and then sending out spam.
It is very easy and free to create an account and we want it to stay that
way so blocking or removing
:49 PM, LuKreme krem...@kreme.com wrote:
On 10 Apr 2014, at 07:58 , Marcin Szymonik szymoni...@gmail.com wrote:
Hello,
We run a free accounts mail server (like gmail) and we struggle with the
outgoing spam problem.
Spammers abuse our service by creating accounts and then sending out spam
Hi list,
Just by looking at the headers Return-Path, From: and To:
one can sense that the following is spam ...
---
Return-Path:access...@ms29.hinet.net
X-Original-To: postmas...@example.com
On 2011-06-14 Harry Lachanas ( via Freemail ) wrote:
Just by looking at the headers Return-Path, From: and To:
one can sense that the following is spam ...
---
b) rdns for 95.53.111.119 gives
pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
http://www.hardwarefreak.com/fqrdns.pcre
Additionally, a reliable DNSBL (block list) could be used to detect and
block IP addresses which
On 2011-06-14 Rich Wales wrote:
b) rdns for 95.53.111.119 gives
pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
http://www.hardwarefreak.com/fqrdns.pcre
Additionally, a reliable DNSBL (block list) could be used to
Additionally, a reliable DNSBL (block list) could be used to detect and
block IP addresses which are known spam sources and/or are dynamically
assigned.
Personally I prefer policyd-weight (to avoid rejecting valid mails because
of false positives on a single RBL), but yes.
Another approach
Le 14/06/2011 20:35, Ansgar Wiechers a écrit :
On 2011-06-14 Rich Wales wrote:
b) rdns for 95.53.111.119 gives
pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
http://www.hardwarefreak.com/fqrdns.pcre
Additionally, a
Le 14/06/2011 11:34, Harry Lachanas ( via Freemail ) a écrit :
Hi list,
Just by looking at the headers Return-Path, From: and To:
one can sense that the following is spam ...
---
On 2011-06-14 mouss wrote:
Le 14/06/2011 20:35, Ansgar Wiechers a écrit :
On 2011-06-14 Rich Wales wrote:
b) rdns for 95.53.111.119 gives
pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
On Tue, 14 Jun 2011 12:34:10 +0300, Harry Lachanas ( via Freemail )
wrote:
Is there an rfc compliant way to reject this ???
reject if sender is postmaster@ your domain
and not sasl authed
make this email a mailbox so sasl works
reject all .hinet.net email senders based on evelope sender
On 2011-06-14 Benny Pedersen wrote:
On Tue, 14 Jun 2011 12:34:10 +0300, Harry Lachanas ( via Freemail ) wrote:
Is there an rfc compliant way to reject this ???
reject if sender is postmaster@ your domain
and not sasl authed
make this email a mailbox so sasl works
The sender isn't the
Le 14/06/2011 23:21, Ansgar Wiechers a écrit :
On 2011-06-14 mouss wrote:
Le 14/06/2011 20:35, Ansgar Wiechers a écrit :
On 2011-06-14 Rich Wales wrote:
b) rdns for 95.53.111.119 gives
pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
This might be covered by Stan Hoeppner's PCRE for
On Tue, 14 Jun 2011 23:49:34 +0200, Ansgar Wiechers wrote:
The sender isn't the postmaster address of his domain, so how is this
suggestion supposed to help?
another problem then ?, as i read it you accept sender forges on your
domain for non sasl users
From: postmaster postmas...@junc.org
On 2011-06-15 mouss wrote:
Le 14/06/2011 23:21, Ansgar Wiechers a écrit :
My rationale is that no matter how reliable a single source is, they
can still be wrong at times. Getting a second opinion helps
mitigating these cases.
[...]
now consider:
P1 = listed on zen
P2 = listed on spamcops
The pop-before-smtp has other ip numbers in the list. I'm able to
create a list using the pop-before-smtp --list command and into a
file. Then read through the ip numbers. That is how I know what is
listed including 127.0.0.1 and the internal server ip number. Compared
to the test server
Josh Cason:
The pop-before-smtp has other ip numbers in the list.
Postfix will allow mail from EVERY IP address in the file.
Wietse
Back to the question. I was looking at a detailed log on postfix. When
it goes through
the list of tests. It rejects everything until it hits
pop-before-smtp. Then it says
okay. When I check the database of ip numbers. It lists my server and
my localhost
127.0.0.1 number. This isn't
Josh Cason:
Back to the question. I was looking at a detailed log on postfix. When
it goes through
the list of tests. It rejects everything until it hits
pop-before-smtp. Then it says
okay. When I check the database of ip numbers. It lists my server and
my localhost
127.0.0.1 number.
Hi All!
I receive some spam messages that pass spam filters.
Our users see the sender as an internal sender, but the real sender is an
external address (see the log entry)
There is yet a rule to block sender that use our domain, but doesn't work
with
these messages
I don't know how to block
On 9/23/2009 9:44 AM, lucone wrote:
Hi All!
I receive some spam messages that pass spam filters.
Our users see the sender as an internal sender, but the real sender is
an external address (see the log entry)
There is yet a rule to block sender that use our domain, but doesn't
work with
these
# grep smtpd_recipient_restrictions main.cf
If you see two occurences or more, you have redefined it. postfix only
uses the last.
Looks like on of the latest etc-update must have smuggled a line in. A
second such line had been squashed between two sasl lines. No idea how
it got there but
On 12/15/2008 2:44 PM, Roland Plüss wrote:
# grep smtpd_recipient_restrictions main.cf
If you see two occurences or more, you have redefined it. postfix only
uses the last.
Looks like on of the latest etc-update must have smuggled a line in.
Thats gentoo-speak for 'ooops, I fat-fingered the
On 12/15/2008 3:13 PM, Charles Marcus wrote:
# grep smtpd_recipient_restrictions main.cf
If you see two occurences or more, you have redefined it. postfix only
uses the last.
Looks like on of the latest etc-update must have smuggled a line in.
Thats gentoo-speak for 'ooops, I fat-fingered
On Mon, December 15, 2008 21:13, Charles Marcus wrote:
Thats gentoo-speak for 'ooops, I fat-fingered the merge when running
etc-update'... I run gentoo... I know (been there, done that)...
is it worse then run glibc 2.9 ? :)
packages.mask it localy !
--
Benny Pedersen
Need more webspace ?
Charles Marcus wrote:
On 12/15/2008 3:13 PM, Charles Marcus wrote:
# grep smtpd_recipient_restrictions main.cf
If you see two occurences or more, you have redefined it. postfix only
uses the last.
Looks like on of the latest etc-update must have smuggled a line in.
On 12/15/2008, Roland Plüss (rol...@rptd.ch) wrote:
Oh... and this is why I put all of my customizations for postfix at the
very end of the file, in its own block... then, even if something slips
in above, my custom settings will override it.
But, I am always very careful when running
Charles Marcus wrote:
On 12/15/2008, Roland Plüss (rol...@rptd.ch) wrote:
Oh... and this is why I put all of my customizations for postfix at the
very end of the file, in its own block... then, even if something slips
in above, my custom settings will override it.
But, I am always very
There is no dns bypass. I did not tell you to edit /etc/hosts. I told
you to run the following command:
host 2.0.0.127.zen.spamhaus.org
in short, connect to your postfix server and in the terminal, type the
line above, hit ENTER and see what the system tells you. host is
similar to
Roland Pl?ss wrote:
It's just that you said they monitor the number of dns queries. Now by
bypassing a query for the DNS I can put it locally on my machine so no
queries for the DNS goes out to the net.
If you inhibit DNS queries from going to the spamhaus server, you
defeat the purpose of
Roland Plüss schrieb:
It's just that you said they monitor the number of dns queries. Now by
bypassing a query for the DNS I can put it locally on my machine so no
queries for the DNS goes out to the net. Whatever I removed the line
from /etc/hosts for testing but it still doesn't seem to work.
Roland Plüss wrote:
I know what host or nslookup is. I'm not stupid on that front. It gives
2.0.0.127.zen.spamhaus.org has address 127.0.0.4
2.0.0.127.zen.spamhaus.org has address 127.0.0.2
2.0.0.127.zen.spamhaus.org has address 127.0.0.10
It's just that you said they monitor the number of dns
On Sat, December 13, 2008 16:08, Roland Plüss wrote:
The problem is that it doesn't seem to work neither the way
mentioned in the threads nor adding the dns bypass...
I've got again 20 of those same spam shit in my inbox today.
It's going on my nerves. Is there no way to stop this?
The problem is that it doesn't seem to work neither the way mentioned in
the threads nor adding the dns bypass... I've got again 20 of those same
spam shit in my inbox today. It's going on my nerves. Is there no way to
stop this?
Jan P. Kessler wrote:
Roland Plüss schrieb:
I'll try mapping
Roland Plüss wrote:
The problem is that it doesn't seem to work neither the way mentioned in
the threads nor adding the dns bypass... I've got again 20 of those same
spam shit in my inbox today. It's going on my nerves. Is there no way to
stop this?
Please do not top post. Put your answers
that check only blocks specific spam: spam that uses an address in your
domain in the envelope sender (MAIL FROM command). this envelope sender
is what you see in the Return-Path header in the sample you posted.
I tried adding the REJECT line to the check_sender_access
Roland Plüss schrieb:
I'll try mapping zen.spamhaus.org to 127.0.0.2 in my /etc/hosts. This
should not require a DNS lookup and hopefully it works then. Let's see
You must not do this if you want to use zen.spamhaus.org. Please follow
the given advices and read something about how dnsbls
Roland Plüss a écrit :
I tried to find one of the messages in the logs. It's damn hard to find
it since it's really weird... and it all makes no sense to me. I think
this email source belongs to the logs below ( added !-- -- to prevent
potential damage due to fudged HTML ).
Do not edit
I only enclosed the HTML tags in the email body with comment marks. The
logs are unaltered except hidding one email address.
What goes for zen.spamhaus.org... I've got this one in my config... but
it seems to not work ( host not found ).
mouss wrote:
Roland Plüss a écrit :
I tried to find
so what logs are these? I mean, how were these logs generated?
vixie-cron
if you followed the mentioned threads, then that mail should have been
blocked. your sender_access should contain
rptd.ch REJECT not authorized blah blah
do not forget to postmap the file.
I can
Roland Plüss a écrit :
so what logs are these? I mean, how were these logs generated?
vixie-cron
so they are not logs. these are reports.
next time, connect to your server and grab lines from /var/log/maillog
(or whatever file contains postfix logs). not necessary now.
if you followed
so they are not logs. these are reports.
next time, connect to your server and grab lines from /var/log/maillog
(or whatever file contains postfix logs). not necessary now.
I don't have such a file. All logs go into the one I posted managed by
vixie-cron.
it really depends on your setup
Roland Plüss a écrit :
so they are not logs. these are reports.
next time, connect to your server and grab lines from /var/log/maillog
(or whatever file contains postfix logs). not necessary now.
I don't have such a file. All logs go into the one I posted managed by
vixie-cron.
No. cron
I tried to find one of the messages in the logs. It's damn hard to find
it since it's really weird... and it all makes no sense to me. I think
this email source belongs to the logs below ( added !-- -- to prevent
potential damage due to fudged HTML ).
email source:
From - Thu Dec 11 02:09:06
Roland Plüss wrote:
`reject_unauthenticated_sender_login_mismatch' ignored: no SASL support
Well, there ya go. There is no restriction that would prevent that
message from being delivered, so of course they get through.
At a very minimum, please add: 'reject_rbl_client zen.spamhaus.org'
** Sorry, send to the previous poster instead of the list...
** I'm not a fan of mailing lists because of things
** like this U.=.U
No idea which log snippets you want to see but the postconf -n one I can
give already
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
Roland Plüss a écrit :
** Sorry, send to the previous poster instead of the list...
** I'm not a fan of mailing lists because of things
** like this U.=.U
No idea which log snippets you want to see but the postconf -n one I can
give already
a copy of the headers of one spam would be more
I read now the thread in the archive and tried to apply the proposed
solution. I'm still getting the same amount of spam mails where
sender=receiver. My settings look like this:
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
I've got since a couple of weeks a rather nasty spam increase ( in fact
massive ). Some jerk sends forged emails to some address [EMAIL PROTECTED] on my
server with the same email address as the receiver ( hence [EMAIL PROTECTED]
receives an email from [EMAIL PROTECTED] ). It's clearly not
On Sun, 2008-12-07 at 09:51 -0700, Roland Plüss wrote:
I've got since a couple of weeks a rather nasty spam increase ( in
fact
massive ). Some jerk sends forged emails to some address [EMAIL PROTECTED] on
my
server with the same email address as the receiver ( hence [EMAIL PROTECTED]
55 matches
Mail list logo
