If IP address and domain names continuously changes they are probably fake
domain names and emails sent by randomly exploited servers.
Following additions to configuration might help:
smtpd_sender_restrictions =
[...],
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
[...]
smtpd_recipient_restrictions =
[...],
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
[...]
Anvar Kuchkartaev
[email protected]
---- On Sun, 10 Dec 2017 17:03:18 +0100 Hadmut Danisch <[email protected]>
wrote ----
> Hi,
>
> I'm getting tons of spam with mail senders or helo names from TLDs like
> .date, e.g.
>
>
> Received: from koan-shf.date (unknown [78.129.179.127]) by...
>
>
> where the domain names (here: koan-shf.date) rapidly change and are
> obviously randomly generated. IP addresses also change daily.
>
>
> I'd therefore like to block TLDs like .date or .loan, which currently
> does not work with postfix. Following it's manpage 5 access, the block
> lists for mails and sender machines need at least .domain.tld, i.e. two
> domain components.
>
> This made sense as long as we had country code and the old generic TLDs
> like com and gov, but not anymore since ICANN allowed any nonsense to be
> registered as a TLD.
>
>
> I'd like to propose to allow one component queries for mail addresses
> and hostnames in access lists as well.
>
>
>
> regards
>
> Hadmut
>
>
>
>
>
