Blocking top-level domains

Peter Lemieux mailscanner at replies.cyways.com
Tue Jul 22 21:35:20 IST 2014 

In Postfix you need to add these directives to main.cf:


smtpd_client_restrictions = reject_unknown_client_hostname,
       check_sender_access pcre:/etc/postfix/sender_access
smtpd_sender_restrictions = reject_unknown_sender_domain,
       check_sender_access pcre:/etc/postfix/sender_access

# block sending servers from non-US/CA locations
smtpd_helo_required = yes
smtpd_helo_restrictions =   check_helo_access
		pcre:/etc/postfix/helo_access


I use Perl-compatible regular expressions to match things I want to 
block.  Thus I have pcre: prefixes in each entry.  Postfix supports 
other methods as well including simple string matching.

My /etc/postfix/sender_access file looks like this:


# no mail from outsiders claiming to be us
/\.example\.com$/       REJECT

# no two-letter country-code domains except us/ca
/\.us$/                 OK
/\.ca$/                 OK
/\.[a-z][a-z]$/         REJECT US senders only

# various blacklists
/\.hostnoc\.net$/       REJECT
/\.pawlitenews\.com/    REJECT


This particular client is a small healthcare provider that does not need 
to receive mail from locales outside the US/CA.  Blocking foreign 
country-code domains cuts down a lot of spam.


Peter




On 07/22/2014 03:25 AM, Mogens Melander wrote:
> Sorry, I don't. But google gave me this:
>
> http://www.postfix.org/access.5.html
>
> On Tue, July 22, 2014 04:11, Chris Barber wrote:
>> Ahh, brilliant! We are using postfix instead of sendmail, do you know what
>> the correspoding file in Postfix is for this?
>>
>> Thanks!
>> Chris
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mogens
>> Melander
>> Sent: Saturday, July 19, 2014 1:38 AM
>> To: mailscanner at lists.mailscanner.info
>> Subject: Re: Blocking top-level domains
>>
>> Hi
>>
>> I'm doing stuff like that in sendmail's access (/etc/mail/access) file,
>> with entries like:
>>
>> cn.ru    ERROR:"550 Reject : cn.ru - Spam source"
>>
>> Works like a charm :)
>>
>> On Fri, July 18, 2014 19:47, Bryan Laurila wrote:
>>> I had an interesting situation creep up on me this week where I
>>> thought that something was happening (or being processed) in
>>> MailScanner/SpamAssassin but apparently it was not.
>>>
>>> I have two mail relay scanners running MailScanner & SpamAssassin on
>>> Suse Linux.  These boxes scan incoming mail for spam & viruses and
>>> then relay to my MS Exchange server.  I had an influx of spam this
>>> week coming in from several top-level domains that we wouldn't
>>> normally receive any valid emails from anyway, like .eu, .in, .asia,
>>> .club, etc.
>>>
>>>
>>> Upon investigating the situation I found that the Trend Micro Scan
>>> Mail service on my Exchange server crashed which lead me to the
>>> discovery that MailScanner & SpamAssassin weren't filtering mail from
>>> these unwanted top level domains as I thought and all that work was
>>> being done by my exchange server.
>>>
>>> So, the question of the day is...  Where is the best place to turn on
>>> filtering or set a rule somehow to filter unwanted top-level domains
>>> at the MailScanner/SpamAssassin servers?
>>>
>>> Like all things in IT there are probably multiple ways of doing this
>>> so I am curious as to what others are doing.  All thoughts & comments
>>> are welcome.
>>>
>>> Thanks!
>>>
>>> Bryan S. Laurila
>>> Senior Network Support Analyst
>>> Dickinson County Healthcare System
>>> 1721 South Stephenson Avenue
>>> Iron Mountain, Michigan 49801
>>>
>
>

More information about the MailScanner mailing list