[pfx] Re: Trouble blocking spammer domain

Wed, 31 Jul 2024 01:34:30 -0700 

On Jul 30, 2024, at 15:58, Wietse Venema <wie...@porcupine.org> wrote:

For actual support, you can reduce the detective work providing
CONCRETE details as in https://www.postfix.org/DEBUG_README.html#mail

Actual configuration as reported by Postfix.


On 30.07.24 16:13, John Thorvald Wodder II via Postfix-users wrote:

postscreen_access_list = permit_mynetworks, 
cidr:/etc/postfix/postscreen_spf_whitelist.cidr,

[...]

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access



Actual events as logged by Postfix.



OK, a session from /var/log/mail.log, with domains & IPs censored over with A's 
and D's:



Jul 30 18:42:21 firefly postfix/smtpd[2315370]: connect from 
AA-DD.AAAAAAAAAAAA.AAA[DDD.DDD.DDD.DD]
Jul 30 18:42:22 firefly postgrey[414604]: action=pass, reason=client AWL, 
client_name=AA-DD.AAAAAAAAAAAA.AAA, client_address=DDD.DDD.DDD.DD/32, 
sender=aaaaaa.aaaaaaaaaaa...@aa.aaaaaaaaaa.aaa, recipient=a...@aaaaaaaaa.aaa
Jul 30 18:42:22 firefly postgrey[414604]: cleaning up old logs...
Jul 30 18:42:22 firefly postfix/smtpd[2315370]: C12C913B050: 
client=AA-DD.AAAAAAAAAAAA.AAA[DDD.DDD.DDD.DD]


Here, the mail would be rejected if you had DDD.DDD.DDD.DD
in your /etc/postfix/postscreen_spf_whitelist.cidr
with "reject"
- I assume since it's named "whitelist", you only have "permit" there.


Jul 30 18:42:22 firefly postfix/cleanup[2315373]: C12C913B050: 
message-id=<aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...@aa.aaaaaaaaaa.aaa>
Jul 30 18:42:23 firefly opendkim[1215873]: C12C913B050: AA-DD.AAAAAAAAAAAA.AAA 
[DDD.DDD.DDD.DD] not internal
Jul 30 18:42:23 firefly opendkim[1215873]: C12C913B050: not authenticated
Jul 30 18:42:23 firefly opendkim[1215873]: C12C913B050: DKIM verification 
successful
Jul 30 18:42:23 firefly opendkim[1215873]: C12C913B050: s=fm 
d=AAAAAAAAAAA-AA.AAA a=rsa-sha256 SSL
Jul 30 18:42:23 firefly postfix/qmgr[2307335]: C12C913B050: 
from=<aaaaaa.aaaaaaaaaaa...@aa.aaaaaaaaaa.aaa>, size=46479, nrcpt=1 (queue 
active)
Here, the sender would be rejected if you had in /etc/postfix/access one of strings: 

1.
aaaaaa.aaaaaaaaaaa...@aa.aaaaaaaaaa.aaa
AA.AAAAAAAAAA.AAA

2.
.AAAAAAAAAA.AAA
 or
AAAAAAAAAA.AAA

3.
.AAA
or
AAA

4.
AAAAAA.AAAAAAAAAAAAAA@

...with REJECT or 5xx result

.AAA or AAA depends on your setting of parent_domain_matches_subdomains
(I don't know your default)

Note that "sender" means the envelope from address.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to