Carlos Williams wrote:
I noticed I keep getting the same spam message delivered to a building
wide distribution via Postfix and I can't understand why the following
are not catching it every time?
Here is the message:
Return-Path: <teem...@iqnetsys.net>
X-Original-To: every...@....
Delivered-To: cwilli...@....
Received: by mail..... (Postfix)
id B71C61FA4DA3; Mon, 30 Mar 2009 10:33:01 -0400 (EDT)
Delivered-To: every...@....
Received: from localhost (localhost [127.0.0.1])
by mail..... (Postfix) with ESMTP id A94B31FA4DA0
for <every...@....>; Mon, 30 Mar 2009 10:33:01 -0400 (EDT)
X-Virus-Scanned: GNU/Linux Amavisd-new at ....
X-Spam-Flag: YES
X-Spam-Score: 16.926
X-Spam-Level: ****************
X-Spam-Status: Yes, score=16.926 tagged_above=-5 required=4
tests=[BAYES_50=0.001, DNS_FROM_RFC_BOGUSMX=1.482,
HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493,
RCVD_NUMERIC_HELO=2.067, RDNS_NONE=0.1, STOX_REPLY_TYPE=0.001,
TVD_RCVD_IP=1.931, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501]
Incomplete obfuscated headers are not particularly helpful...
Complete unedited headers are better. Change the user part of
the email address if you need to protect privacy, but nothing
else.
Now in my main.cf, I have the following:
main.cf snippets are not particularly helpful... we like to
see "postconf -n" output.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_unlisted_sender,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client safe.dnsbl.sorbs.net,
reject_invalid_hostname,
reject_non_fqdn_hostname
I don't know if I have this configured wrong but if the above is
correct, should zen.spamhaus.org not be catching this as it does
everything else?
Mar 30 10:45:46 mail postfix/smtpd[16825]: NOQUEUE: reject: RCPT from
unknown[189.71.167.149]: 554 5.7.1 Service unavailable; Client host
[189.71.167.149] blocked using zen.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=189.71.167.149;
from=<aleksash...@mail.ru> to=<w...@ideorlando.org> proto=ESMTP
helo=<[189.71.167.149]>
This shows an entry being rejected by zen. Look in your logs
for the mail that was accepted - you'll probably find that the
client was not (yet?) listed in zen.
To search the log, use the QUEUEID reported in the first
Received: header added by your system. Note Received headers
are read bottom to top, so the first one is the lowest one
with your server name.
-- Noel Jones
