On 18 December 2011 00:34, Stan Hoeppner <s...@hardwarefreak.com> wrote:
> On 12/17/2011 2:32 PM, Ansgar Wiechers wrote: > > On 2011-12-17 Tolga wrote: > >> I've been getting a lot of Chinese spam. I've googled and come across > >> a guide that advises to use a cidr file and tell postfix to use it. I > >> got the file, edited it, and told postfix to use it. However, it > >> doesn't seem to be working (I tested it by putting in my own IP > >> address). How can I fix it? Below is my postconf -n: > >> > >> [root@bilgisayarciniz ~]# postconf -n > > [...] > >> smtpd_client_restrictions = check_client_access > >> cidr:/etc/postfix/sinokorea.cidr > > > > Move the check_client_access restriction to > $smtpd_recipient_restrictions. > > This alone won't help. The OP said he tested by plugging his own IP > address into the CIDR table. If he inserts this restriction after > permit_mynetworks his test still won't work. This is not a valid way to > test a CIDR table BTW. > > Tolga, first, are you certain this "Chinese spam" is coming from Chinese > IP addresses? Check your mail log for connections from one of these > addresses and confirm the IP is assigned to a Chinese entity, using the > whois command. Then plug that IP address into postmap and post the > output of that command here. For example, I block all Chinese IP space > using ipdeny.com lists in a CIDR table. A sample test of my CIDR table: > > /etc/postfix/cidr_files$ postmap -q 58.99.128.128 cidr:countries > REJECT Mail not accepted from China > > If you confirmed the IP is Chinese, and you have that Chinese network in > your CIDR table, and the postmap test is successful, you know the table > is working. If you get an error, post the error here. If the postmap > test is successful and you still aren't rejecting connections from > Chinese IP addresses then something else is wrong. One possible cause > is a NAT router that rewrites the source address of the TCP packet. > Your mail logs will tell you instantly if that is the case as all > connections will be from the same IP address on the private side of the > router. In that case a CIDR table is useless until you get a new router > that does NAT correctly. > > Last, it would be helpful if you post a link to your CIDR table, or at > least show 50 lines or so of its contents, so we can make sure you've > created it correctly. It should look something like this: > > Hi, I've confirmed that the IP is from China, using www.ip2location.com. My CIDR file is at www.bilgisayarciniz.org/sinokorea.cidr.txt When I plugged the IP into postmap like you said, I got an error postmap -q 60.190.223.61 sinokorea.cidr REJECT Mail not accepted from China postmap: fatal: open database REJECT.db: No such file or directory. Thanks for all the replies :) > 58.14.0.0/15 REJECT Mail not accepted from China > 58.16.0.0/13 REJECT Mail not accepted from China > 58.24.0.0/15 REJECT Mail not accepted from China > 58.30.0.0/15 REJECT Mail not accepted from China > 58.32.0.0/11 REJECT Mail not accepted from China > 58.66.0.0/15 REJECT Mail not accepted from China > 58.68.128.0/17 REJECT Mail not accepted from China > 58.82.0.0/15 REJECT Mail not accepted from China > 58.87.64.0/18 REJECT Mail not accepted from China > 58.99.128.0/17 REJECT Mail not accepted from China > 58.100.0.0/15 REJECT Mail not accepted from China > 58.116.0.0/14 REJECT Mail not accepted from China > 58.128.0.0/13 REJECT Mail not accepted from China > 58.144.0.0/16 REJECT Mail not accepted from China > 58.154.0.0/15 REJECT Mail not accepted from China > 58.192.0.0/11 REJECT Mail not accepted from China > 58.240.0.0/12 REJECT Mail not accepted from China > > -- > Stan >
