On Mon, Apr 23, 2012 at 08:24:44AM +0200, Robert Schetterer wrote: > Am 23.04.2012 06:50, schrieb Olivier Pavilla: > > For several months my smtp is harassing by someone located in > > Taiwan. This people is using any taiwanese IP. > > My logs are ful with this something like this: > > > > Apr 23 06:35:31 corellia postfix/smtpd[26906]: NOQUEUE: reject: > > RCPT from unknown[113.116.186.27]: 554 5.7.1 <wa...@163.com>: > > Recipient address rejected: Relay access denied; > > from=<p...@dumpsize.com> to=<wa...@163.com> proto=ESMTP > > helo=<zyh-4b482e797ce> > > Apr 23 06:35:31 corellia postfix/smtpd[26906]: warning: > > restriction `reject_unauth_destination' after > > `check_relay_domains' is ignored > > > > At least blocking all of Taiwanese IPs. Does anyone has idea to > > counter strike this people? > > do more log analysis, to find the best way to fight them, ask > again then, cause there are many of chances , but you should > choose the one that best fit in this/your case > meanwhile use of spamhouse rbl and/or greylist may a quick > workaround post more logs/config
You have a VERY dangerous typo there. It's "Spamhaus", the German spelling, not "Spamhouse" as in English. Those who follow your advice stand to lose all their mail! $ dig 2.0.0.127.zen.spamhouse.org. any ; <<>> DiG 9.9.0 <<>> 2.0.0.127.zen.spamhouse.org. any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12558 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;2.0.0.127.zen.spamhouse.org. IN ANY ;; ANSWER SECTION: 2.0.0.127.zen.spamhouse.org. 86400 IN TXT "This is not the DNSBL you're looking for." 2.0.0.127.zen.spamhouse.org. 604800 IN A 127.0.0.2 ;; AUTHORITY SECTION: spamhouse.org. 86400 IN NS ns0.spamhouse.org. spamhouse.org. 86400 IN NS ns1.spamhouse.org. ;; ADDITIONAL SECTION: ns0.spamhouse.org. 86400 IN A 64.13.153.230 ns1.spamhouse.org. 86400 IN A 64.13.153.230 ;; Query time: 490 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Apr 23 23:18:22 2012 ;; MSG SIZE rcvd: 194 $ dig schetterer.org.dbl.spamhouse.org. any ; <<>> DiG 9.9.0 <<>> schetterer.org.dbl.spamhouse.org. any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52995 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;schetterer.org.dbl.spamhouse.org. IN ANY ;; ANSWER SECTION: schetterer.org.dbl.spamhouse.org. 86400 IN TXT "This is not the DNSBL you're looking for." schetterer.org.dbl.spamhouse.org. 604800 IN A 127.0.0.2 [snip] -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
