Ideas? how easiest to block New Spam just has a name no domain in sender field

Questions and answers about how to do stuff
Post Reply
mshanley
Posts: 41
Joined: 26 Apr 2014 05:19

Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by mshanley »

209.222.82.223 outbound-ip26b.ess.barracuda.com United States [ ] [ ] [ ] [ ]
69.5.199.253 webmail.brazoswifi.com United States [ ] [ ] [ ] [ ]
127.0.0.1 (Localhost) (Localhost) [ ] [ ] [ ] [ ]
100.26.247.87 ec2-100-26-247-87.compute-1.amazonaws.com United States [ ] [ ] [ ] [ ]
ID: 4CBRWY75Q6z5BDTm
Message Headers: Received: from outbound-ip26b.ess.barracuda.com (outbound-ip26b.ess.barracuda.com [209.222.82.223])
(no client certificate requested)
by efa.coloradoonly.com (MailScanner Milter) with SMTP id 4CBRWY75Q6z5BDTm
for <mshanley@coloradoonly.com>; Wed, 14 Oct 2020 16:13:35 -0600 (MDT)
Authentication-Results: efa.coloradoonly.com; dkim=permerror (bad message/signature format)
Received: from cybermail.brazoswifi.com (webmail.brazoswifi.com [69.5.199.253]) by mx4.us-east-2b.ess.aws.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 14 Oct 2020 22:13:24 +0000
X-Virus-Scanned: amavisd-new at cybermail.brazoswifi.com
Received: from cybermail.brazoswifi.com ([127.0.0.1])
by localhost (cybermail.brazoswifi.com [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id rtC-jBYxO5am for <mshanley@coloradoonly.com>;
Wed, 14 Oct 2020 17:13:21 -0500 (CDT)
Received: from EC2AMAZ-N8GRVQ7.ec2.internal (ec2-100-26-247-87.compute-1.amazonaws.com [100.26.247.87])
by cybermail.brazoswifi.com (Postfix) with ESMTPSA id 20CC31920E65
for <mshanley@coloradoonly.com>; Wed, 14 Oct 2020 17:13:21 -0500 (CDT)
Content-Type: multipart/alternative; boundary="===============0401380215=="
MIME-Version: 1.0
Subject: 7 E-mail Failure Notification
To: mshanley@coloradoonly.com
From: "E-mail Administrator" <>
Date: Wed, 14 Oct 2020 22:13:23 +0000
Message-Id: <20201014221321.20CC31920E65@cybermail.brazoswifi.com>
X-BESS-ID: 1602713604-893007-25442-84195-1
X-BESS-VER: 2019.1_20201013.2211
X-BESS-Apparent-Source-IP: 69.5.199.253
X-BESS-Outbound-Spam-Score: 1.40
X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.227556 [from
cloudscan8-8.us-east-2a.ess.aws.cudaops.com]
Rule breakdown below
pts rule name description
---- ---------------------- --------------------------------
0.50 FROM_NO_USER META: From: has no local-part before @ sign
0.00 HTML_MESSAGE BODY: HTML included in message
0.10 ANY_BOUNCE_MESSAGE META: Message is some kind of bounce message
0.10 BOUNCE_MESSAGE META: MTA bounce message
0.00 BSF_BESS_OUTBOUND META: BESS Outbound
0.00 FH_FROMEML_NOTLD META: E-mail address doesn't have TLD (.com, etc.)
0.00 EMPTY_ENV_FROM HEADER: Empty Envelope From Address
0.70 BSF_SC0_MV1002 HEADER: Custom rule MV1002
X-BESS-Outbound-Spam-Status: SCORE=1.40 using account:ESS33913 scores of KILL_LEVEL=7.0 tests=FROM_NO_USER, HTML_MESSAGE, ANY_BOUNCE_MESSAGE, BOUNCE_MESSAGE, BSF_BESS_OUTBOUND, FH_FROMEML_NOTLD, EMPTY_ENV_FROM, BSF_SC0_MV1002
X-BESS-BRTS-Status: 1
X-spam-status: No, score=1.9 required=5.0 tests=FROM_NO_USER,RCVD_IN_MSPIKE_H4,RCVD_IN_DNSWL_LOW,T_SPF_HELO_TEMPERROR,SPF_NONE,HTML_MESSAGE,HTML_FONT_LOW_CONTRAST,RCVD_IN_MSPIKE_WL
X-Spam-Flag: NO
From:
79115-bounces@bounces.ess.barracudanetworks.com [Add to Whitelist | Add to Blacklist]
To: mshanley@coloradoonly.com
Subject: 7 E-mail Failure Notification
mshanley
Posts: 41
Joined: 26 Apr 2014 05:19

Re: Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by mshanley »

these spammers get sneaky.. lol
mshanley
Posts: 41
Joined: 26 Apr 2014 05:19

Re: Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by mshanley »

Maybe this PostFix setting will work for the sender address not having a domain listed

reject_unknown_sender_domain
Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM domain has 1) no DNS MX and no DNS A record, or 2) a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later).
mshanley
Posts: 41
Joined: 26 Apr 2014 05:19

Re: Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by mshanley »

Maybe consider adding these by default to the main.cf file in future deployments?
the info can be found here... https://wiki.centos.org/HowTos/postfix_restrictions


all 3 of these go into main.cf
# /etc/postfix/main.cf


# HELO restrictions:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit


# Sender restrictions:
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit


# Recipient restrictions:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_sender_access
hash:/etc/postfix/sender_access,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service unix:postgrey/socket,
permit
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by shawniverson »

This looks like a good idea
tobiasp
Posts: 8
Joined: 15 Nov 2020 10:42

Re: Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by tobiasp »

I also like to use "reject_unknown_reverse_client_hostname" for "smtpd_client_restrictions". Argument being that everybody that is a responsible mailadmin should know about setting a ptr record for their IP.
viper407
Posts: 25
Joined: 09 Mar 2022 09:55

Re: Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by viper407 »

mshanley wrote: 15 Oct 2020 00:15 Maybe consider adding these by default to the main.cf file in future deployments?
the info can be found here... https://wiki.centos.org/HowTos/postfix_restrictions


all 3 of these go into main.cf
# /etc/postfix/main.cf


# HELO restrictions:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit


# Sender restrictions:
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit


# Recipient restrictions:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_sender_access
hash:/etc/postfix/sender_access,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service unix:postgrey/socket,
permit

I tried to add the 3 sections at the end of the file but it keeps giving errors such as missing attribute after the =
Can you advise what I am missing please?

Thank you
Edward
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by pdwalker »

Lines like this:
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
Should be put on one line and look like this:
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
Make that change and try again.
viper407
Posts: 25
Joined: 09 Mar 2022 09:55

Re: Ideas? how easiest to block New Spam just has a name no domain in sender field

Post by viper407 »

Thanks for the response, the single line worked.
I see that most of the information is already in the file at the end, I just added in some more rbl entries.
Post Reply