On 08 Aug 2014, at 16:45, Andre Luiz Paiz <andre.p...@iqm.unicamp.br> wrote:
> Quoting DTNX Postmaster <postmas...@dtnx.net>: > >> On 08 Aug 2014, at 14:53, Andre Luiz Paiz <andre.p...@iqm.unicamp.br> wrote: >> >>> I was trying to use check_sender_access as sugested here in the forum to >>> avoid this type of SPAMs. But it is not working. >>> check_sender_access works more like a blacklist and the spammers are ready >>> for that. >> >> It is not working because you are confusing the envelope from with the >> 'From:' header. The 'check_sender_access' restriction works for the envelope >> only, not on the headers, and the headers are basically untrustworthy and >> easily forged. > > On my check_sender_access I registered webmas...@iqm.unicamp.br as REJECT. So > in my case this from it is the envelop, correct? You are saying that I should > register the www-d...@109.red-81-45-22.staticip.rima-tde.net on > check_sender_access? That would work, but only for that specific sender. So it's generally not a very effective way to block spam, as it only covers one address on a single host. It can be decent as a temporary measure, though. >> SPF does not work because, like 'check_sender_access', it does only work on >> the envelope, not the headers. For basic header checks, you can use >> 'header_checks'; >> >> http://www.postfix.org/header_checks.5.html >> >> I suspect that what you really need is better blacklisting, though. There's >> generally no need to accept anything from generic hostnames such as >> '109.red-81-45-22.staticip.rima-tde.net', for example. >> >> Are you running postscreen? Using blacklists? > > I use Spamassassin and PolicyD (Cluebringer). The access control in PolicyD > checks the header or envelope? > DonĀ“t know about postscreen, Can you please give an example of how it should > work? Did you read the 'header_checks' documentation? Have you used the Postfix documentation in general? Like, for example, if you search for 'postscreen' here; http://www.postfix.org/documentation.html It will lead you to; http://www.postfix.org/POSTSCREEN_README.html As for SpamAssassin and PolicyD, they are not part of Postfix; refer to their respective documentation for their specific features. Mvg, Joni
