Monday, January 17, 2022
A most persistent spam, part VII
I received a follow-up message from Rooberto about the “Aleksandr Russian spam emails:
- From
- Robysampler <XXXXXXXXXXXXXXXXXXXXX>
- To
- Sean Conner <sean@conman.org>
- Subject
- Re: About "Mayboroda_aleks" on your personal blog
- Date
- Mon, 17 Jan 2022 17:33:35 +0100
Hi Sean.
Thanks very much for your fast reply.
i have some good news about "Mayboroda"
here some lines of my postfix log showing "Mayboroda" has tryed again, sending me some spam today:
Jan 17 11:48:47 mydomain postfix/smtpd[23894]: warning: hostname tefalongo.ru does not resolve to address 185.186.3.10 Jan 17 11:48:47 mydomain postfix/smtpd[23894]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from=<info@s7.kroshem.ru> to=<booking@mydomain.net> proto=ESMTP helo=<s7.kroshem.ru> Jan 17 12:18:49 mydomain postfix/smtpd[24258]: warning: hostname tefalongo.ru does not resolve to address 185.186.3.10 Jan 17 12:18:49 mydomain postfix/smtpd[24258]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from=<info@s7.kroshem.ru> to=<info@mydomain.net> proto=ESMTP helo=<s7.kroshem.ru> Jan 17 12:18:49 mydomain postfix/smtpd[24258]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from=<info@s7.kroshem.ru> to=<booking@mydomain.net> proto=ESMTP helo=<s7.kroshem.ru> Jan 17 12:48:49 mydomain postfix/smtpd[24629]: connect from s7.kroshem.ru[185.186.3.10] Jan 17 12:48:49 mydomain postfix/smtpd[24629]: NOQUEUE: reject: RCPT from s7.kroshem.ru[185.186.3.10]: 554 5.7.1 <info@s7.kroshem.ru>: Sender address rejected: Access denied; from=<info@s7.kroshem.ru> to=<info@mydomain.net> proto=ESMTP helo=<s7.kroshem.ru>in particular the last line shows that the regular expression has found a match on "info@s7.kroshem.ru" and replyed "Sender address rejected: Access denied" and
REJECTED
the incoming Email.there are some other tweaks you can implement into your "main.cf" postfix configuration file that will help you to avoid junk emails
the following is a partial extract from my postfix "main.cf" configuration:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/rejected.senders, #check recipients by regular expression check_policy_service unix:private/policyd-spf, reject_rhsbl_helo dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database reject_rhsbl_reverse_client dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database reject_rhsbl_sender dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database reject_rbl_client zen.spamhaus.org #check if domain or ip is flagged as spam in spamhouse database smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname, #Reject the request when the client IP address has no address->name mapping. reject_unknown_client_hostname, #Reject the request when 1) the client IP address->name mapping fails, or #2) the name->address mapping fails, or #3) the name->address mapping does not match the client IP address. reject_unknown_sender_domain #Reject the request when Postfix is not the final destination for the sender addressMany of these tweaks i've implemented were taken from the document at the following webpage:
http://www.armellin.com/friends/postfix/postconf.5.html
Feel free to publish our conversation in your blog as you wish.
It's nice to help other people to get rid of the plague of "Mayboroda" :D
Thanks Sean
Best Regards
Roberto
Thank you again, Roberto.