Massive spam attack - how to block?

Questions and answers about how to do stuff
Post Reply
Justin
Posts: 111
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Massive spam attack - how to block?

Post by Justin »

Hi all,

I'm currently receiving a lot of spam email all to my domain.
They are not originating from our IP, so SPF is doing it's job but i still have a lagging spamfilter due too all spam emails.
Just for the idea, my Milter Inbound hasnt dropped under 2000 all day.

Image

Any idea how i can block weber*@domain.com ? Black/whitelist does not support the * after weber.
Blocking the whole domain is not an option, since it's my own domain which is in use.
alorb88
Posts: 1
Joined: 11 Nov 2021 15:07

Re: Massive spam attack - how to block?

Post by alorb88 »

Hello!

You can use regex to do that!!

Examples:
weber[a-z0-9]*@domain.com
weber[:[:alnum:][:punct:]:]*@domain.com

[:punct:] = punctuation characters
[:alnum:] = all numbers and letters

If you decide to use for others situations, think well before do that, to avoid block a lot of domains.

It's necessary to change some setup in postfix's file: /etc/postfix/main.cf

- If this does not a content in main.cf, add in the main.cf:
smtpd_sender_restrictions = regexp:/etc/postfix/sender_access

- If it is necessary, create the file /etc/postfix/sender_access
touch /etc/postfix/sender_access

- Include in /etc/postfix/sender_access
example 1:
weber[:[:alnum:][:punct:]:]*@domain.com DROP

example 2:
weber[:[:alnum:][:punct:]:]*@domain.com REJECT

- DROP / REJECT
DROP = Reject and drop the message without warning the sender
REJECT = Reject the message and send an warning to the sender

- Reload the postifx's service
service postfix reload

Would be good to make a backup of main.cf file before any change.
Post Reply