Additional Configuration

General eFa discussion
Post Reply
User avatar
dangsite
Posts: 27
Joined: 08 Sep 2018 15:03

Additional Configuration

Post by dangsite »

While I like this solution, I have been battling a problem regarding the TLDs that are sending spam.

In the past the "blocklist" has done a great job blocking emails, but the last 60 days (and possible the last year) emails from the "bad TLDs" are being added to the whitelist by this software. I have attached a sample PNG showing the "-undef-", @*.click, @*.quest, etc.
Image
By making this change, the goal was to have the inbound email logged by the software, marked "Spam Blocklisted", and left in the "Quarantine" :naughty: .

While I am preferring not to block IP addresses, I could not get the software to block the email from arriving :cry: .

As I examined that the postfix configuration file (main.cf) I noticed the following setting :think: :

Code: Select all

smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain
As the sender_access was a zero byte file, I modified the file with the following:

Code: Select all

/\.bid$/ REJECT We reject all .bid domains
/\.buzz$/ REJECT We reject all .buzz domains
/\.cam$/ REJECT We reject all .cam domains
/\.casa$/ REJECT We reject all .casa domains
/\.click$/ REJECT We reject all .click domains
/\.cyou$/ REJECT We reject all .cyou domains
/\.date$/ REJECT We reject all .date domains
/\.diet$/ REJECT We reject all .diet domains
/\.digital$/ REJECT We reject all .digital domains
/\.gq$/ REJECT We reject all .gq domains
/\.download$/ REJECT We reject all .download domains
/\.guru$/ REJECT We reject all .guru domains
/\.icu$/ REJECT We reject all .icu domains
/\.link$/ REJECT We reject all .link domains
/\.monster$/ REJECT We reject all .monster domains
/\.party$/ REJECT We reject all .party domains
/\.pro$/ REJECT We reject all .pro domains
/\.quest$/ REJECT We reject all .quest domains
/\.review$/ REJECT We reject all .review domains
/\.ru$/ REJECT We reject all .ru domains
/\.science$/ REJECT We reject all .science domains
/\.stream$/ REJECT We reject all .stream domains
/\.today$/ REJECT We reject all .today domains
/\.top$/ REJECT We reject all .top domains
/\.wang$/ REJECT We reject all .wang domains
/\.zip$/ REJECT We reject all .zip domains
/\.-undef-$/ REJECT We reject all .-undef- domains
I modified the main.cfg setting to

Code: Select all

smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access pcre:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain
Once I saved the sender_access file, the main.cf,and restarted postfix, I saw the rule rejected the inbound emails within a matter of seconds :dance: . The downside is that postfix's mail log file will state the email was Rejected and the EFA software has no direct knowledge of the attempt to receive such an email.

My reason to share this setting is due to a number of the spams are coming from IP ADDRESS belonging organizations or countries that do not care nor monitor the outbound email traffic. Once the IP Address the bots are whitelisted, the EFA software will then trust all emails coming from those servers.

Hope you find this helpful....
Attachments
sample-bad-TLDs.png
sample-bad-TLDs.png (28.48 KiB) Viewed 2220 times
Post Reply