0

I just got hit by a spammer sending spam through my mail server from multiple IP addresses in various netblocks all with a reverse lookup ending in googleusercontent.com. (I haven't figured out how; my server kept replying "reject" to some while letting others through.) I'd like to block all IP addresses in the domain. I have this in my main.cf:

smtpd_relay_restrictions = permit_mynetworks
        check_recipient_access hash:/etc/postfix/recipient
        permit_sasl_authenticated
        reject_unauth_destination
        check_client_access hash:/etc/postfix/rbl_override
        check_sender_access pcre:/etc/postfix/domains
        reject_rbl_client <several lines like this for blocklists>

rbl_override has several IP addresses (some with only three numbers, i.e. a netblock) followed by OK or REJECT. Does it make sense to put googleusercontent.com in rbl_override? Is there a way to block all IP addresses whose reverse DNS is in this domain?

(reject_unauth_destination was after the RBLs while the spam was getting through.)

7
  • AFAIK You can use a postfix access map to apply access controls and for example block all hosts in a particular domain. in /etc/postfix/access add for example googleusercontent.com REJECT
    – HBruijn
    Commented Mar 17, 2023 at 10:31
  • I don't have /etc/postfix/access. What do I put in main.cf? Commented Mar 17, 2023 at 11:17
  • The manual page includes a EXAMPLE chapter with instructions on how to implement that.
    – HBruijn
    Commented Mar 17, 2023 at 14:42
  • There is a difference between a) refusing senders that cannot be bothered to change their reverse association from what their provider has setup as a verbose default, or b) refusing any sender using the services of that provider, including those having configured a custom name. Which do you want?
    – anx
    Commented Mar 17, 2023 at 17:25
  • Which of the many Postfix manual pages? Commented Mar 17, 2023 at 17:38

0

You must log in to answer this question.

Browse other questions tagged .