On 2020-08-25 11:42, Matus UHLAR - fantomas wrote:
well, do we have anything available now to block at SMTP level?
- postfix policy server?
- milter?
so far I have noticed only SA plugins. Which is not bad, but that HUGE
advantage is not usable now.
Nothing elegant about this but it was easy to implement. You need to
create the software specific to your MX servers to update the files
below from Rob's web site.
Adjust the paths below to your Postfix install
Add these entries to your main.cf:
smtpd_restriction_classes =
sendgrid
# Limit senders that are matched with the regexes in sendgrid-ids
#
sendgrid =
check_sender_access pcre:/usr/local/etc/postfix/maps/sendgrid-ids
smtpd_recipient_restrictions =
check_sender_access hash:/usr/local/etc/postfix/maps/from-sendgrid
Create a file like this from the senders in
https://www.invaluement.com/spdata/sendgrid-envelopefromdomain-dnsbl.txt
sendgrid.net sendgrid
appliedaicourse.com sendgrid
bithumbcorp.email sendgrid
bitline.life sendgrid
bureausveritas.com sendgrid
caractere.ro sendgrid
craftsgenerals.com sendgrid
dalvry.com sendgrid
...
Name it from-sendgrid and place it in your Postfix directory
postmap from-sendgrid
Create a file like this from the ids in
https://www.invaluement.com/spdata/sendgrid-id-dnsbl.txt
/^bounces\+2191708-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
account
/^bounces\+4227563-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
account
/^bounces\+13780591-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
account
/^bounces\+10163588-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
account
/^bounces\+10180020-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
account
...
Name it sendgrid-ids and place it in your Postfix directory
postfix reload
John Capo
Tuffmail.com
