On 02/12/2014 02:53 PM, li...@rhsoft.net wrote:
Am 12.02.2014 16:33, schrieb L. D. James:
On 02/12/2014 10:14 AM, Viktor Dukhovni wrote:
On Wed, Feb 12, 2014 at 10:06:48AM -0500, L. D. James wrote:
Thanks again for the input. When I post how I resolved the issue,
The only issue is that you have not understood how to read your
logs which log every message twice (because you're using a post-queue
content filter).
With content filters, each message is received, stored in the queue,
and then sent via the content filter to be received and queued
again (this time with a local client address) the second time it
is finally delivered to its intended destination. To understand
how a message entered your system you need to look at TWO queue-ids,
the pre-filter queue-id and the post-filter queue-id.
Thanks, Viktor. There is a lot I don't understand. I appreciate your taking
the time to explain the various
components.
Blocking the "localhost.localdomain" using "helo_access" the best way that I
could decipher has stopped the spam
may i ask why you that hypersensible to "localhost.localdomain"
while your own machine resolves that for 127.0.0.1?
"client=localhost.localdomain[127.0.0.1]" from your log proves that
HELO restrictions is not really that good solution for a sane spam-filter
and if you are not damned careful to not apply them on submission you will
do harm to most MUA's
hence "check_helo_access" does not belong to main.cf
apply it to port 25 in master.cf or you need to disable
it explicit for submission (587)
[harry@srv-rhsoft:~]$ host 127.0.0.1
1.0.0.127.in-addr.arpa domain name pointer localhost.
[harry@srv-rhsoft:~]$ cat /etc/hosts | grep 127.0.0.1
127.0.0.1 localhost
[harry@srv-rhsoft:~]$ nslookup 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
1.0.0.127.in-addr.arpa name = localhost.
Hi, I appreciate your input.
Please be advised that I'm not "hypersensible" to any domain name. The
names (or the IP addresses for that matter) doesn't matter to me the
least. What I don't want is to have a hundred spam messages per 1 good one.
I noticed when examining the messages (not the logs, the actual
messages) that all of them had "localhost.localdomain" in the header. I
also noticed a different doman and IP showing where the messages
actually originated. When looking at the logs I compared the message
ID's to the messages that had the content of the spam, and it was
obvious that if I found a way to deal with what was appearing in the
header, I'd have a large amount of spam blocked.
I understand that everyone is telling me about how little I know. I
have a lot to learn, that is my reason for joining the maillist and
posting whatever information I have, as well as my interpretations and
questions concerning it.
In this case while researching details of postfix configurations and
using various features of postfix to combat spam... I posted one of the
pages, I read 10's of pages, it appeared that "helo_access" would fit
the bill.
It wasn't working at first. However, after reading Noel's message I
explored more and did some reordering of entries and suddenly 90 percent
of the spam was gone.
I have since been investigating more, based on the input I've been
getting on this topic, of which I appreciate very much, and I realize
more about what was happening and some of what cured much of the spam
based on my configuration.
First I realize I was mistake that the connection entry in the logs was
not the "helo" dialog. I thought it was, and configured helo_access as
if it were.
The connection is a connection from amavis.
I used a telnet dialog to connect to the port and find that the
connection message (as has been mentioned in this thread) comes before
the helo dialog.
By the way, I posted a message in the Amavis mailling a year ago asking
about how it handled the spam and never got a response. I posted a more
recent message asking a question and was giving this maillist as a
recommendation. So at present I'm learning both amavis and the postfix
configuration.
I already know that Amavis serves as a filter as which the mail is
delivered to it first, then handed off to the next step of the smtp
process. So the localhost.localdomain is most likely Amavis handing off
the message.
I'm still familiar by studying the logs and the message headers that the
messages are spam and they are originating from somewhere else.
So I guess the messages passed Amavis as some suspect messages, and now
I am in effect blocking the messages from being delivered to me and my
users. The block is working at this time.
I'm studying the discussion in this forum to learn more about what is
taking place and a better way of doing it. That is my full intentions
of my original message.
I felt that blocking the messages that were stamped
"localhost.localdomain" would resolve a lot of the spam problem. This
has happened at present. So again, I'm not against the
"locahost.localdomain" in itself, I'm against my mailbox and my users'
mailboxes being filled with spam.
I won't fully stop the configuration that I currently have because I'm
enjoying the relief from spam. But I will continue to work and explore
some alternate methods of dealing with it.
I had been intending to join this maillist for years, and finally got
around to it. I'll do what I can to learn as much as I can so that I
can give back to the community based on the things that I learn.
-- L. James
--
L. D. James
lja...@apollo3.com
www.apollo3.com/~ljames
