Re: Blocking TLDs

Thu, 16 Feb 2023 05:24:03 -0800 

On 2/8/2023 1:13 PM, James Pifer wrote:

On 2/8/2023 1:02 PM, Jaroslaw Rafa wrote:

Dnia  8.02.2023 o godz. 12:55:58 James Pifer pisze:

I would prefer to quarantine rather than reject, if I can figure out
how to do that. I would at least be able to look through them
periodically and see if something is legit.

I suddenly started getting these (.store,.shop, etc) a could days
ago. They are all coming from this block of addresses:
107.182.131.0.

So definitely a better idea is to block these IP addresses.


Good suggestion. I have modified accordingly (I think). ;-)

Thanks
So I've had this setup in my main.cf for a couple weeks now. For the most part it has been working great, but every so often things get through. Over night I had 5 emails get through from .shop, but they were from a different network than I was receiving before. Now I'm wondering if my "check_sender_access inline" is working at all. 

Anyone see anything wrong with it or have other suggestions?

smtpd_recipient_restrictions =
        check_client_access inline:{
                { 107.182.131   = REJECT This mail server rejects mail from the 107.182.131.0 network } 
        }
        check_sender_access inline:{
                { .store        = REJECT This mail server rejects messages from the .store domain }                 { .shop         = REJECT This mail server rejects messages from the .shop domain }                 { .tk           = REJECT This mail server rejects messages from the .tk domain }                 { .beauty       = REJECT This mail server rejects messages from the .beauty domain } 
        }

Example of one that got through:
Feb 16 07:48:41 server2 postfix/smtpd[612125]: connect from subjectqualify.shop[31.210.23.54] Feb 16 07:48:41 server2 postfix/smtpd[612125]: discarding EHLO keywords: CHUNKING Feb 16 07:48:41 server2 postfix/smtpd[612125]: BBC37406EE01: client=subjectqualify.shop[31.210.23.54] Feb 16 07:48:42 server2 postfix/cleanup[612129]: BBC37406EE01: message-id=<xave9huqjslgfij03cfydxyga4-xrjnnvl0raifeplw.1gyvukgk3u9jnprjhxuqt-t_avixsya51-boyma0...@subjectqualify.shop> Feb 16 07:48:42 server2 postfix/qmgr[602363]: BBC37406EE01: from=<candicechamb...@subjectqualify.shop>, size=7508, nrcpt=1 (queue active) Feb 16 07:48:51 server2 postfix/relay/smtp[612130]: BBC37406EE01: to=<j...@obrien-pifer.com>, relay=192.168.1.8[192.168.1.8]:25, delay=9.9, delays=1/0.02/5.6/3.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 55693E081CFC) 
Feb 16 07:48:51 server2 postfix/qmgr[602363]: BBC37406EE01: removed
Feb 16 07:48:57 server2 postfix/smtpd[612125]: disconnect from subjectqualify.shop[31.210.23.54] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 

Thanks

Reply via email to