Spam emails...bounced from me

Discussion in 'General' started by bschultz, Nov 1, 2006.

  1. bschultz

    bschultz Member

    I've been getting a bunch of emails the last few days all undeliverable and bounced back to me. i know that these aren't being sent from my server, just faking my address for the sent from address.

    Is their a filter in Spamassassin or in the ISP Config email blacklisting that can filter these out for me?

    Thanks.

    Brian
     
  2. falko

    falko Super Moderator

  3. bschultz

    bschultz Member

    Thanks much...I appreciate it.
     
  4. sjau

    sjau Local Meanie

    or you can use postfix filtering :)

    recipient_checks: This is usefull when you use a catch-all email address (e.g. all mails to @domain.com will be put into the same mailbox). I use catch-all for the following: Whenever I have to give an email address somehwere, then I make "www.theirdomain.com@mydomain.com". Then based on the recipient info I know where there was a leak of email addresses :)
    recipient_checks.pcre: You can also work with regular expressions
    Code:
    # Note: You must have PCRE support support built in to Postfix at
    # compile time to use this.  (Tho I've been told the following are
    # valid POSIX RE's ["regexp:" map type], as well.)
    #
    # Postfix doesn't relay by default.  But it may *appear* to do so
    # to some testers.  The first two statements below remove all
    # doubt.
    
    /^\@/                   550 Invalid address format.
    /[!%\@].*\@/            550 This server disallows weird address syntax.
    
    # Let email to the following destinations bypass all the remaining
    # "reject" and "check" tests.  We always want to let email for these
    # recipients in.
    
    /^postmaster\@/         OK
    /^hostmaster\@/         OK
    /^abuse\@/              OK
    
    # Note: The "OK"s above, for postmaster, etc., will *not*
    # bypass header and body checks.  There is currently no way
    # to do so with Postfix :(
    #
    # Remember where I said, at the very beginning, about how
    # order is important?  Whatever you do, do *not* place an
    # access map like this one before the "permit mynetworks"
    # and "reject_unauth_destination" statements.  Not unless
    # you want to be an open relay, anyway.
    
    helo_checks: List your domains :)
    Code:
    # This file has to be "compiled" with "postmap"
    
    # Reject anybody that HELO's as being in our own domain(s)
    # (Note that if you followed the order suggested in the main.cf
    # examples, above, that machines in mynetworks will be okay.)
    
    roleplayer.org           REJECT You are not in roleplayer.org
    notkeriana.ch           REJECT You are not in notkeriana.ch
    montepacis.com          REJECT You are not in montepacis.com
    montepacis.ch           REJECT You are not in montepacis.ch
    ferronet.de             REJECT You are not in ferronet.de
    regenmacher.ch          REJECT You are not in regenmacher.ch
    laurelin.fr             REJECT You are not in laurelin.fr
    
    # Somebody HELO'ing with our IP address?
    #192.168.1.2            REJECT You are not 192.168.1.2
    83.133.126.175          REJECT You are not 83.133.126.175
    
    # Somebody HELO'ing as "localhost?"  Impossible, we're "localhost"
    localhost               REJECT You are not me
    
    sender_checks: Check the sender's domain...
    Code:
    # This file must be "compiled" with "postmap"
    
    # Using a domain name
    discardmail.com         554 Spam not tolerated here
    izmail.serveftp.net     554 Spam not tolerated here
    
    # Maybe example2.tld is on a DNSbl, but we want to let their
    # email in anyway.
    example2.tld            OK
    
    # We get lots of spam from example3.tld, but we have somebody
    # there from which we do want to hear
    someuser@example3.tld   OK
    example3.tld            REJECT
    
    I don't remember what was necessary to install pcre and whether postmap works out of the box. You'll have to check your logs if you implement these things :)

    Well, with the above things you can easily make white/black lists and some general checks :)
     
  5. bschultz

    bschultz Member

    Again, thanks for the help!
     

Share This Page