How to stop spam email sent from Gmail in Postfix

Discussion in 'Server Operation' started by MaxT, Aug 21, 2018.

Tags:
  1. MaxT

    MaxT Member HowtoForge Supporter

    My postfix config works quite well to stop spam. However, I cannot find some way to stop this type of spam coming from third domains using the Gmail servers. RBL lists are useless because most times the ip's are not listed (checked with MultiRbl.valli.org). I wonder if there is some Postfix parameter to avoid this type of spam.
    Take this common case:

    spammer: [email protected]
    spammer IP: 2.2.2.2

    my adress: [email protected]
    my server: my.server.com
    my server ip: 1.1.1.1

    Code:
    Return-Path: <[email protected]>
    Delivered-To: [email protected]
    
    Received: from localhost (localhost [127.0.0.1])
            by my.server.com (Postfix) with ESMTP id BD4D051EFA
            for <[email protected]>; Tue, 18 Aug 2018 18:09:35 +0200 (CEST)
    
    Received: from my.server.com ([127.0.0.1])
            by localhost (my.server.com [127.0.0.1]) (amavisd-new, port 10024)
            with ESMTP id mbNiDJKUbP_D for <[email protected]>;
            Tue, 18 Aug 2018 18:09:34 +0200 (CEST)
    
    Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.216.180; helo=mail-qt0-f180.google.com; [email protected]; [email protected]
    
    Received: from my.server.com (1.1.1.1) by my.server.com (Postfix) with ESMTPS id 05BHA70B28
            for <[email protected]>; Tue, 18 Aug 2018 18:09:32 +0200 (CEST)
    
    Received: by mail-qt0-f180.google.com with SMTP id r12-u7ao2533318qtr.12
            for <[email protected]>; Tue, 18 Aug 2018 16:09:32 -0700 (PDT)
    
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=spam-com.20150618.gappssmtp.com; s=20150618;
            h=message-id:from:subject:to:mime-version:reply-to:date;
            bh=/3KZ...hCXQ==
    
    X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=1e100.net; ..3A10w==
    X-Gm-Message-State: BCy...zb2a=
    X-Google-Smtp-Source: ANB...r3V=
    X-Received: by 2001:b5d:abd1:: with SMTP id m58-v...711;
            Tue, 18 Aug 2018 14:59:09 -0700 (PDT)
    
    Received: from ip2.ip-2-2-2.net (ip2.ip-2.2.2.net. [2.2.2.2])
            by smtp.gmail.com with ESMTPSA id s2-a8fa34902117kb.26.2018.18.20.04.49.08
            for <[email protected]>
            (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
            Tue, 18 Aug 2018 04:59:09 -0700 (PDT)
    Message-ID: <[email protected]>
    
    From: "Markus Jones" <[email protected]>
    Subject: Looking business?
    To: "Me" <[email protected]m>
    Content-Type: multipart/alternative; boundary="aO4q88...jLmQh"
    MIME-Version: 1.0
    Reply-To: "Jane" <[email protected]>
    Date: Tue, 18 Aug 2018 14:49:11 -0700
    the spammer ip (2.2.2.2) doesn't belong to sender domain "spam.com". However, I suppose this is not a valid criteria to reject all e-mails without some impact in legitimate e-mails.

    I have these related restrictions in Postfix:

    Code:
    smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_pipelining,
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unknown_reverse_client_hostname,
        reject_unauth_destination,
        reject_unknown_recipient_domain,
        reject_non_fqdn_recipient,
        check_policy_service unix:private/policy-spf,       
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client rbl.realtimeblacklist.com,         
        reject_rbl_client bl.spamcop.net,
        check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
      
    
    smtpd_helo_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        check_helo_access regexp:/etc/postfix/helo_access,
        reject_invalid_hostname,
        reject_invalid_helo_hostname,
        reject_non_fqdn_hostname,
        #reject_unknown_helo_hostname,
        check_helo_access regexp:/etc/postfix/blacklist_helo
    
      
      
    strict_rfc821_envelopes = yes
        smtpd_data_restrictions = reject_unauth_pipelining
        smtpd_delay_reject = yes
        policy-spf_time_limit = 3600s
        smtpd_helo_required = yes
        smtpd_sasl_authenticated_header = yes
        
    some idea or experience to stop it?
     

Share This Page