On 12/4/2015 11:28 AM, sb wrote:
> Hello,
>
> I received (yet another) SPAM/UCE from an address without MX record.
>
> Although it is not mandatory for a sender to have an MX record,
> this RFC loophole is exploited by spammers. Further, I do not want to
> receive mail from someone I cannot reply to.
The sender domain must have either an MX or an A record. You can
reply to a domain with only an A record.
>
> Before writing a milter, I would need to know whether postfix has a
> relevant filter of its own.
Postfix has no code to distinguish sender domains with no MX only an
A record, and not likely that feature will ever be added. Sender
domains with neither MX nor A record -- domains you can't reply to
-- can be rejected with reject_unknown_sender_domain.
>
> This is the spamming host:
>
...
The client mentioned is currently listed on several blacklists.
Maybe the client wasn't listed at the time you received their spam,
but consider using some dnsbl's in your setup.
> smtp inet n - - - - smtpd
> -v
verbose logging is almost always a mistake. The important messages
get drowned in the flood of irrelevant information.
> -o syslog_name=postfix/port-25
> -o smtpd_tls_security_level=may
> -o smtpd_sasl_auth_enable=no
> -o smtpd_delay_reject=no
generally unwise to disable smtpd_delay_reject, except maybe as a
$stress mitigation during an overload/attack.
> -o smtpd_milters=${spf_milter},${dkim_milter},${dmarc_milter}
> -o cleanup_service_name=pre-cleanup
>
> Postscreen is currently disabled.
Probably worth investigating using postscreen with a few dnsbls.
-- Noel Jones
