Am 10.09.2015 um 10:59 schrieb Axb:
On 09/10/2015 10:47 AM, Reindl Harald wrote:has anybody ever seen legit mail from domains there?Yes, sadly ENOM is a huge cesspool but it also has a ton of legit registered domains on thse NS.
i am not sure about that, looks like "name-services.com" is the DNS for "registrar-servers.com" and there is maybe a distinction between legit and spam domains
Tech Name: NAMECHEAP.COM NAMECHEAP.COM Tech Organization: NAMECHEAP, INC Tech Street: 11400 W. OLYMPIC BLVD. SUITE 200 Tech City: LOS ANGELES Tech State/Province: CA Tech Postal Code: 90064 Tech Country: US Tech Phone: +1.6613102107 Tech Phone Ext: Tech Fax: +1.6613102107 Tech Fax Ext: Tech Email: supp...@namecheap.com Name Server: DNS1.NAME-SERVICES.COM Name Server: DNS2.NAME-SERVICES.COM Name Server: DNS3.NAME-SERVICES.COM Name Server: DNS4.NAME-SERVICES.COM Name Server: DNS5.NAME-SERVICES.COM
for me it looks like only spammers register every day a new domain with that whois from Panama to bypass sender/uri-blacklistsyep.. very much so http://www.dailychanges.com/registrar-servers.com/Sep 10 09:53:10 panel: spamfilter: Sender-Backlist "heute*-*abend*-*date*.*info" added Sep 10 09:55:31 panel: spamfilter: Sender-Backlist "facegook*-*nachrichtenzentrale*.*com" added i am really tempted to add the nameservers to check_sender_ns_access hash:/etc/postfix/blacklist_ns.cfI wouldn't unless you can afford to deal with the FPs
i give it a try with a safety net before smtpd_recipient_restrictions = reject_unlisted_recipient reject_unauth_destination reject_non_fqdn_recipient reject_non_fqdn_sender check_recipient_access proxy:hash:/etc/postfix/whitelist_rcpt.cf reject_non_fqdn_helo_hostname reject_invalid_helo_hostname check_helo_access proxy:pcre:/etc/postfix/blacklist_helo_unconditional.cf check_recipient_access proxy:hash:/etc/postfix/blacklist_rcpt.cf check_sender_access proxy:hash:/etc/postfix/whitelist_sender.cf check_sender_access proxy:hash:/etc/postfix/blacklist_sender.cf permit_dnswl_client dnswl-aggregate.example.com=127.0.0.[2;3] check_sender_access proxy:hash:/etc/postfix/spoofing_protection.cf permit_dnswl_client dnswl-aggregate.example.com=127.0.0.4 check_sender_access proxy:pcre:/etc/postfix/blacklist_sender_regex.cf reject_unknown_sender_domain check_recipient_access proxy:hash:/etc/postfix/skip_spf_check.cf permit_dnswl_client dnswl-aggregate.example.com=127.0.0.5 permit_dnswl_client wl.mailspike.net=127.0.0.[19;20] permit_dnswl_client list.dnswl.org=127.0.[0..255].[2;3] check_sender_ns_access proxy:hash:/etc/postfix/blacklist_ns.cf check_policy_service unix:private/spf-policy __________________________________________________ cat /etc/postfix/blacklist_ns.cf: ns1.sedoparking.com REJECT Domain is parked at sedo.com ns2.sedoparking.com REJECT Domain is parked at sedo.com ns1.fastpark.net REJECT Domain is parked at namedrive.com ns2.fastpark.net REJECT Domain is parked at namedrive.com a.ns.ultsearch.com REJECT Domain is parked at a.ns.ultsearch.com b.ns.ultsearch.com REJECT Domain is parked at b.ns.ultsearch.combuy.internettraffic.com REJECT Domain is parked at buy.internettraffic.com sell.internettraffic.com REJECT Domain is parked at sell.internettraffic.com
dns1.registrar-servers.com REJECT Sender-Domain is registered at WhoisGuard Panama / Namecheap Inc dns2.registrar-servers.com REJECT Sender-Domain is registered at WhoisGuard Panama / Namecheap Inc dns3.registrar-servers.com REJECT Sender-Domain is registered at WhoisGuard Panama / Namecheap Inc dns4.registrar-servers.com REJECT Sender-Domain is registered at WhoisGuard Panama / Namecheap Inc dns5.registrar-servers.com REJECT Sender-Domain is registered at WhoisGuard Panama / Namecheap Inc
______________________________________ Tech Name:WhoisGuard Protected Tech Organization:WhoisGuard, Inc. Tech Street: P.O. Box 0823-03411 Tech City:Panama Tech State/Province:Panama Tech Postal Code:00000 Tech Country:PA Tech Phone:+507.8365503 Tech Phone Ext: Tech Fax: +51.17057182 Tech Fax Ext: Tech Email:1f6d4281c79c4f1599b2806c8e628ce2.prot...@whoisguard.com Name Server:DNS1.REGISTRAR-SERVERS.COM Name Server:DNS2.REGISTRAR-SERVERS.COM Name Server:DNS3.REGISTRAR-SERVERS.COM Name Server:DNS4.REGISTRAR-SERVERS.COM Name Server:DNS5.REGISTRAR-SERVERS.COM
signature.asc
Description: OpenPGP digital signature
