Thank you for the reply. And apologies to everyone about the borderline post.
I believe these have been recently added to DNSBL list because I am starting to see this in my log as of about an hour ago and inbound traffic have definitely returned to normal levels. Jun 1 12:46:53 <mail.info> vader2 postfix/smtpd[12319]: NOQUEUE: reject: RCPT from unknown[75.75.227.113]: 554 5.7.1 Service unavailable; Helo command [dutiwesd.us] blocked using black.uribl.com; Blacklisted, see http://lookup.uribl.com/?domain=dutiwesd.us; -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Monday, June 01, 2015 1:30 PM To: postfix-users@postfix.org Subject: Re: Anyone else seeing an increase in spam? -- Sort of off topic but there is a postfix question On 6/1/2015 11:09 AM, Elijah Savage wrote: > I am seeing thousands of spam messages beginning on Thursday of last > week from the same subnet. I know it is not best practice to fight > spam by outright blocking ip addresses but I am seeing this across > multiple domains in different parts of the country. The easy and > immediate thought was just block the subnet but I do not like > utilizing that practice. I think I know the answer but will ask > anyway, do you all think there is a high probability to get false > positives from those with incorrect DNS setups in using > > > > reject_non_fqdn_hostname, > > > > And will that parameter stop the traffic from below? Or should I just > go ahead and try filtering the email with a spamassassin custom rule > using the subject line? Across all domains the subject is really > close. > > > > Received: from dewqatuse.us (unknown [75.75.227.95]) ... The reject_non_fqdn_hostname restriction will not block any of these. OTOH, I consider that a moderately safe restriction, so feel free to try it for other spam. Use it with warn_if_reject for a while to see what it would block. and I don't see anything wrong with blocking a netblock that sends a high volume of nothing but spam. Just don't get caught up in spending too much time on trying to identify spamblocks. Are you using some dns blocklists? Looks as if these are listed by zen.spamhaus.org and others. -- Noel Jones
