Spam emails...bounced from me

Discussion in 'General' started by bschultz, Nov 1, 2006.

  1. bschultz

    bschultz Member

    I've been getting a bunch of emails the last few days all undeliverable and bounced back to me. i know that these aren't being sent from my server, just faking my address for the sent from address.

    Is their a filter in Spamassassin or in the ISP Config email blacklisting that can filter these out for me?


  2. falko

    falko Super Moderator ISPConfig Developer

  3. bschultz

    bschultz Member

    Thanks much...I appreciate it.
  4. sjau

    sjau Local Meanie Moderator

    or you can use postfix filtering :)

    recipient_checks: This is usefull when you use a catch-all email address (e.g. all mails to will be put into the same mailbox). I use catch-all for the following: Whenever I have to give an email address somehwere, then I make "[email protected]". Then based on the recipient info I know where there was a leak of email addresses :)
    recipient_checks.pcre: You can also work with regular expressions
    # Note: You must have PCRE support support built in to Postfix at
    # compile time to use this.  (Tho I've been told the following are
    # valid POSIX RE's ["regexp:" map type], as well.)
    # Postfix doesn't relay by default.  But it may *appear* to do so
    # to some testers.  The first two statements below remove all
    # doubt.
    /^\@/                   550 Invalid address format.
    /[!%\@].*\@/            550 This server disallows weird address syntax.
    # Let email to the following destinations bypass all the remaining
    # "reject" and "check" tests.  We always want to let email for these
    # recipients in.
    /^postmaster\@/         OK
    /^hostmaster\@/         OK
    /^abuse\@/              OK
    # Note: The "OK"s above, for postmaster, etc., will *not*
    # bypass header and body checks.  There is currently no way
    # to do so with Postfix :(
    # Remember where I said, at the very beginning, about how
    # order is important?  Whatever you do, do *not* place an
    # access map like this one before the "permit mynetworks"
    # and "reject_unauth_destination" statements.  Not unless
    # you want to be an open relay, anyway.
    helo_checks: List your domains :)
    # This file has to be "compiled" with "postmap"
    # Reject anybody that HELO's as being in our own domain(s)
    # (Note that if you followed the order suggested in the
    # examples, above, that machines in mynetworks will be okay.)           REJECT You are not in           REJECT You are not in          REJECT You are not in           REJECT You are not in             REJECT You are not in          REJECT You are not in             REJECT You are not in
    # Somebody HELO'ing with our IP address?
    #            REJECT You are not          REJECT You are not
    # Somebody HELO'ing as "localhost?"  Impossible, we're "localhost"
    localhost               REJECT You are not me
    sender_checks: Check the sender's domain...
    # This file must be "compiled" with "postmap"
    # Using a domain name         554 Spam not tolerated here     554 Spam not tolerated here
    # Maybe example2.tld is on a DNSbl, but we want to let their
    # email in anyway.
    example2.tld            OK
    # We get lots of spam from example3.tld, but we have somebody
    # there from which we do want to hear
    [email protected]   OK
    example3.tld            REJECT
    I don't remember what was necessary to install pcre and whether postmap works out of the box. You'll have to check your logs if you implement these things :)

    Well, with the above things you can easily make white/black lists and some general checks :)
  5. bschultz

    bschultz Member

    Again, thanks for the help!

Share This Page