On 12/15/2020 5:17 AM, Jeff Abrahamson wrote:
The received mail had headers that looked like this:
...
Received: from p27.eu (unknown [185.222.57.81])
by nantes-1.p27.eu (Postfix) with ESMTP id 8AFC8FF74D
for <j...@p27.eu>; Tue, 15 Dec 2020 11:58:03 +0100 (CET)
One safe thing you can do is reject outside, unauthenticated hosts
that HELO with your own domain name. This is as close to 100% safe
as any antispam control. It probably won't catch a whole lot of
spam, but it would have gotten this one.
Something like:
# main.cf
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
check_helo_access pcre:/etc/postfix/helo_access.pcre
# /etc/postfix/helo_access.pcre
/\.?p27\.eu$/ REJECT invalid HELO hostname
Also consider using one or two reliable dns block lists, such as
reject_rbl_client zen.spamhaus.org
-- Noel Jones
