Dear Sirs,
I would like to ask you why some of emails from "automaticaly generated" email addresses are not filtered (for example zojaaxzhfdxsebesta@helpmmo.com, bohumilrmegazf@pythoanywhere.co, etc. - both domains do not exist)?
I set up postfix
Restrictions on sends in HELO commands:
check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname, reject_unknown_hostname, reject_invalid_hostname
Restrictions on sender addresses:
permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_hostname
Restrictions on recipient addresses:
check_client_access hash:/etc/postfix/rbl_override, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_client_hostname, check_recipient_access hash:/etc/postfix/recipient_access, check_policy_service inet:127.0.0.1:2501, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unverified_recipient
Is there something missing in /etc/postfix/main.cf?
Thank you, I appreciate your work.
Getting spam from domains without DNS records
Re: Getting spam from domains without DNS records
Is there anything helpful in your /var/log/maillog?
For example, I see the following entries that tells me it is working as expected:
For example, I see the following entries that tells me it is working as expected:
andOct 20 04:20:45 efa postfix/smtpd[12399]: NOQUEUE: reject: RCPT from unknown[193.32.160.154]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [193.32.160.154]; from=<q3i5jrwg4mdcd@zazadorali.cl> to=<info@example.com> proto=ESMTP helo=<[193.32.160.146]>
Oct 20 05:17:08 efa postfix/smtpd[26596]: NOQUEUE: reject: RCPT from mail6.bemta24.messagelabs.com[67.219.250.152]: 450 4.1.8 <zqn@judywppkb.com>: Sender address rejected: Domain not found; from=<zqn@judywppkb.com> to=<aef@example.com> proto=ESMTP helo=<mail6.bemta24.messagelabs.com>
Re: Getting spam from domains without DNS records
Thank you pdwalker for response, it looks like it doesn't filter domains/addresses at all
Oct 21 06:06:59 km postfix/cleanup[25729]: 0ECD61013A3: hold: header Received: from unstrung.tsharbach.co (unstrung.swingthelamp.com [69.94.158.71])??by our.email.com (Postfix) with ESMTP id 0ECD61013A3??for <our@email>; Mon, 21 Oct 2019 06:06:58 +0200 (CE from unstrung.swingthelamp.com[69.94.158.71]; from=<vladimirwhscdte@tsharbach.co> to=<our@email> proto=ESMTP helo=<unstrung.tsharbach.co>
Oct 21 06:07:04 km MailScanner[24386]: <A> tag found in message 0ECD61013A3.A1781 from vladimirwhscdte@tsharbach.co
Oct 21 06:07:04 km MailScanner[24386]: HTML Img tag found in message 0ECD61013A3.A1781 from vladimirwhscdte@tsharbach.co
Oct 21 06:07:05 km postfix/qmgr[1137]: 389CE101B08: from=<vladimirwhscdte@tsharbach.co>, size=4122, nrcpt=1 (queue active)
Oct 21 06:06:59 km postfix/smtpd[21211]: 0ECD61013A3: client=unstrung.swingthelamp.com[69.94.158.71]
Oct 21 06:06:59 km postfix/cleanup[25729]: 0ECD61013A3: hold: header Received: from unstrung.tsharbach.co (unstrung.swingthelamp.com [69.94.158.71])??by our.email.com (Postfix) with ESMTP id 0ECD61013A3??for <our@email>; Mon, 21 Oct 2019 06:06:58 +0200 (CE from unstrung.swingthelamp.com[69.94.158.71]; from=<vladimirwhscdte@tsharbach.co> to=<our.email.com> proto=ESMTP helo=<unstrung.tsharbach.co>
Oct 21 06:06:59 km postfix/cleanup[25729]: 0ECD61013A3: message-id=<yxmxsrriju4th-emrd1wc@r.tsharbach.co>
Oct 21 06:07:04 km MailScanner[24386]: <A> tag found in message 0ECD61013A3.A1781 from vladimirwhscdte@tsharbach.co
Oct 21 06:07:04 km MailScanner[24386]: HTML Img tag found in message 0ECD61013A3.A1781 from vladimirwhscdte@tsharbach.co
Oct 21 06:07:05 km MailScanner[24386]: Requeue: 0ECD61013A3.A1781 to 389CE101B08
Oct 21 06:07:05 km MailScanner[24386]: MailWatch: Logging message 0ECD61013A3.A1781 to SQL
Oct 21 06:07:05 km MailScanner[24390]: MailWatch: 0ECD61013A3.A1781: Logged to MailWatch SQL
Re: Getting spam from domains without DNS records
What are the current values of these three postfix variables in your /etc/postfix/main.cf file?smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access hash:/etc/postfix/recipient_access, check_policy_service inet:127.0.0.1:2501
Re: Getting spam from domains without DNS records
Here it is, I added some rules:
Thank you.smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_hostname, reject_invalid_hostname
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname, reject_unknown_hostname
smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/rbl_override, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_client_hostname, check_recipient_access hash:/etc/postfix/recipient_access, check_policy_service inet:127.0.0.1:2501, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unverified_recipient
Re: Getting spam from domains without DNS records
So your configuration seems correct and it should work.
The only think I can think of is if it a problem with your DNS? Is postfix able to successfully do the DNS lookups necessary for the checks? Maybe you'll have to run postfix in debug mode to check what happens when one of these connections comes in.
What are the contents of your /etc/resolv.conf?
The only think I can think of is if it a problem with your DNS? Is postfix able to successfully do the DNS lookups necessary for the checks? Maybe you'll have to run postfix in debug mode to check what happens when one of these connections comes in.
What are the contents of your /etc/resolv.conf?
Re: Getting spam from domains without DNS records
resolv.conf should be good. There is just IP addr. of local name server (based on SBS 2011), nothing else.
If I do nslookup for domain mail addresses like @sdfhsu.co, @binaloodagri.co, etc. almost all of this crap is translated to 80.249.161.171. I've tested it also in some online tools and it is the same translation.
If I do nslookup for domain mail addresses like @sdfhsu.co, @binaloodagri.co, etc. almost all of this crap is translated to 80.249.161.171. I've tested it also in some online tools and it is the same translation.
Re: Getting spam from domains without DNS records
What happens when you try to resolve the address of the non existent domains using that domain server?
Re: Getting spam from domains without DNS records
The same result everywhere (work domain and also at home - different dns servers)
nslookup bulurx.com
Server: server.net.local
Address: 10.0.0.253
Non-authoritative answer:
Name: bulurx.com
Address: 80.249.161.171
nslookup bulurx.com
Server: server.net.local
Address: 10.0.0.253
Non-authoritative answer:
Name: bulurx.com
Address: 80.249.161.171
Re: Getting spam from domains without DNS records
huh?
That domain exists, so therefor it will past the initial postfix checks.
This is what you should be seeing:
That domain exists, so therefor it will past the initial postfix checks.
This is what you should be seeing:
Code: Select all
[pdwalker@pdwmac:~/Documents/VirtualMachines] {517}
$ nslookup thisdoesnotexistasadomain.com
Server: 10.10.1.1
Address: 10.10.1.1#53
** server can't find thisdoesnotexistasadomain.com: NXDOMAIN
Re: Getting spam from domains without DNS records
Thank you so much for your support!