I'm having problems blocking a persistent spammer in Brazil from sending
me mail.
All of the sending hostnames are of the form
www-data@vNNN-NNN-NNN-NNN.*.static.cnode.io
For example, here are some examples of the sending IPs from the last few
months:
v163-44-192-240.a001.g.han1.static.cnode.io
v163-44-207-233.a006.g.han1.static.cnode.io
v150-95-115-46.a017.g.han1.static.cnode.io
v150-95-115-69.a017.g.han1.static.cnode.io
v163-44-155-225.a010.g.sin1.static.cnode.io
v160-251-100-196.wbeh.static.cnode.io
The IPs are all over the map, so a simple CIDR block won't work.
I tried to implement a HELO regex block via
--
[root@isolar postfix]# grep smtpd_helo_ master.cf
-o smtpd_helo_required=yes
-o { smtpd_helo_restrictions= $mua_helo_restrictions }
-o smtpd_helo_required=yes
-o { smtpd_helo_restrictions= $mua_helo_restrictions }
[root@isolar postfix]# grep mua_helo_restrictions= master.cf
-o { mua_helo_restrictions= permit_mynetworks,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_invalid_hostname, check_helo_access
regexp:/etc/postfix/helo.regexp, reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, permit }
-o { mua_helo_restrictions= permit_mynetworks,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_invalid_hostname, check_helo_access
regexp:/etc/postfix/helo.regexp, reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, permit }
[root@isolar tmp]# cat /etc/postfix/helo.regexp
/v[0-9]+-[0-9]+-[0-9]+-[0-9]+[.-@]/ REJECT
--
(Note the "check_helo_access regexp:/etc/postfix/helo.regexp".)
I tested it with
--
[root@isolar postfix]# postmap -q
"v163-44-207-233.a006.g.han1.static.cnode.io"
regexp:/etc/postfix/helo.regexp
REJECT
--
yet it didn't work - I got a spam from this IP today. What am I doing
wrong?
(I'd be happy if I could just block *.static.cnode.io from connecting,
but I tried doing that in /etc/postfix/client_access and it didn't work
there, either.)
Thanks,
- Greg
