I keep getting spam emails from 'ional.co.uk'. I've got an address based blocking solution which handles all other emails just fine, but somehow this domain keeps getting through.
Full files I can add are below, but in my main.cf I have:
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_sender_access mysql:/etc/postfix/mariadb-vblocklist.cf
which links to the mariadb-vblocklist.cf file containing the query:
SELECT Action FROM Blocklist where INSTR('%s', Email) > 0
and the database contains the row:
52 | ional.co.uk | REJECT
When I run:
postmap -q "[email protected]" mysql:/etc/postfix/mariadb-vblocklist.cf
it returns REJECT as expected, but somehow, these emails are still getting through.
All my other blocked domains and emails seem to work just fine, this one is somehow getting through.
Full files: main.cf:
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# COMPATIBILITY
#
# The compatibility_level determines what default settings Postfix
# will use for main.cf and master.cf settings. These defaults will
# change over time.
#
# To avoid breaking things, Postfix will use backwards-compatible
# default settings and log where it uses those old backwards-compatible
# default settings, until the system administrator has determined
# if any backwards-compatible default settings need to be made
# permanent in main.cf or master.cf.
#
# When this review is complete, update the compatibility_level setting
# below as recommended in the RELEASE_NOTES file.
#
# The level below is what should be used with new (not upgrade) installs.
#
compatibility_level = 3.6
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/bin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/lib/postfix/bin
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
mydomain = digiperimide.co.uk
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
alias_maps = hash:/etc/postfix/aliases
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/bin/sendmail
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /etc/postfix
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
# Other features
message_size_limit = 40960000
append_dot_mydomain = no
biff = no
#stmp is outgoing
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
#stmpd is incoming
stmpd_usr_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_sender_access mysql:/etc/postfix/mariadb-vblocklist.cf
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
smtpd_tls_received_header = yes
non_smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc.sock
smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc.sock
milter_default_action = accept;
smtpd_banner = $myhostname ESMTP $mail_name (Arch)
smtpd_tls_cert_file = /etc/letsencrypt/live/digiperimide.co.uk/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/digiperimide.co.uk/privkey.pem
virtual_transport = dovecot
virtual_mailbox_domains = mysql:/etc/postfix/mariadb-vdomains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mariadb-vusers.cf
virtual_alias_maps = mysql:/etc/postfix/mariadb-vcancel.cf, mysql:/etc/postfix/mariadb-valias.cf
mariadb-vblocklist.cf:
user = email
password = [REDACTED]
hosts = 127.0.0.1
dbname = EmailServer
query = SELECT Action FROM Blocklist where INSTR('%s', Email) > 0
journalctl log when such an email arrived:
May 25 01:14:42 vps001 postfix/smtpd[3579620]: 4C4AE43A13: client=unknown[27.112.78.186]
May 25 01:14:42 vps001 postfix/submission/smtpd[3580579]: connect from unknown[194.169.175.10]
May 25 01:14:42 vps001 postfix/cleanup[3581337]: 4C4AE43A13: message-id=<INX.O5S99jifjjCTdNibIYki8GNal6JVo8aw.5d0.439.77.1876b25039016@news.ional.co.uk>
May 25 01:14:42 vps001 opendkim[316]: 4C4AE43A13: [27.112.78.186] [27.112.78.186] not internal
May 25 01:14:42 vps001 opendkim[316]: 4C4AE43A13: not authenticated
May 25 01:14:42 vps001 opendkim[316]: 4C4AE43A13: no signature data
May 25 01:14:42 vps001 postfix/qmgr[3345802]: 4C4AE43A13: from=<>, size=12509, nrcpt=1 (queue active)
May 25 01:14:42 vps001 spamd[3329823]: spamd: connection from ::1 [::1]:54688 to port 783, fd 6
May 25 01:14:42 vps001 spamd[3329823]: spamd: processing message <INX.O5S99jifjjCTdNibIYki8GNal6JVo8aw.5d0.439.77.1876b25039016@news.ional.co.uk> for spamd:182
May 25 01:14:42 vps001 spamd[3329823]: dns: reply to 11834/IN/TXT/netflix.com truncated (EDNS 4096 bytes), 0 answer records
May 25 01:14:42 vps001 postfix/smtpd[3580000]: connect from unknown[45.129.14.128]
May 25 01:14:42 vps001 sshd[3581329]: Connection closed by authenticating user root 103.252.4.139 port 54148 [preauth]
May 25 01:14:43 vps001 spamd[3329823]: check: dns_block_rule URIBL_BLOCKED hit, creating /var/lib/spamassassin/.spamassassin/dnsblock_multi.uribl.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny multi.uribl.com" to disable queries)
May 25 01:14:43 vps001 spamd[3329823]: spamd: clean message (-1.0/5.0) for spamd:182 in 0.4 seconds, 12192 bytes.
May 25 01:14:43 vps001 spamd[3329823]: spamd: result: . -1 - DKIM_ADSP_NXDOMAIN,FROM_EXCESS_BASE64,GOOG_STO_IMG_HTML,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_HI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,URIBL_DBL_BLOCKED_OPENDNS scantime=0.4,size=12192,user=spamd,uid=182,required_score=5.0,rhost=::1,raddr=::1,rport=54688,mid=<INX.O5S99jifjjCTdNibIYki8GNal6JVo8aw.5d0.439.77.1876b25039016@news.ional.co.uk>,autolearn=ham autolearn_force=no
May 25 01:14:43 vps001 postfix/pickup[3578184]: 187DB43A15: uid=182 from=<MAILER-DAEMON>
May 25 01:14:43 vps001 postfix/pipe[3581339]: 4C4AE43A13: to=<[email protected]>, relay=spamassassin, delay=0.81, delays=0.36/0.01/0/0.44, dsn=2.0.0, status=sent (delivered via spamassassin service)
May 25 01:14:43 vps001 postfix/qmgr[3345802]: 4C4AE43A13: removed
May 25 01:14:43 vps001 postfix/cleanup[3581337]: 187DB43A15: message-id=<INX.O5S99jifjjCTdNibIYki8GNal6JVo8aw.5d0.439.77.1876b25039016@news.ional.co.uk>
May 25 01:14:43 vps001 opendkim[316]: 187DB43A15: no signing table match for '[email protected]'
May 25 01:14:43 vps001 opendkim[316]: 187DB43A15: no signature data
May 25 01:14:43 vps001 postfix/qmgr[3345802]: 187DB43A15: from=<>, size=13116, nrcpt=1 (queue active)
May 25 01:14:43 vps001 spamd[3329823]: spamd: connection from ::1 [::1]:54702 to port 783, fd 6
May 25 01:14:43 vps001 spamd[3329823]: spamd: processing message <INX.O5S99jifjjCTdNibIYki8GNal6JVo8aw.5d0.439.77.1876b25039016@news.ional.co.uk> for spamd:182
May 25 01:14:43 vps001 spamd[3329823]: dns: reply to 13160/IN/TXT/netflix.com truncated (EDNS 4096 bytes), 0 answer records
May 25 01:14:43 vps001 spamd[3329823]: spamd: clean message (-1.0/5.0) for spamd:182 in 0.1 seconds, 12718 bytes.
May 25 01:14:43 vps001 spamd[3329823]: spamd: result: . -1 - DKIM_ADSP_NXDOMAIN,FROM_EXCESS_BASE64,GOOG_STO_IMG_HTML,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_HI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,URIBL_DBL_BLOCKED_OPENDNS scantime=0.1,size=12718,user=spamd,uid=182,required_score=5.0,rhost=::1,raddr=::1,rport=54702,mid=<INX.O5S99jifjjCTdNibIYki8GNal6JVo8aw.5d0.439.77.1876b25039016@news.ional.co.uk>,autolearn=unavailable autolearn_force=no
May 25 01:14:43 vps001 postfix/pipe[3581345]: 187DB43A15: to=<[email protected]>, relay=dovecot, delay=0.2, delays=0.01/0.01/0/0.18, dsn=2.0.0, status=sent (delivered via dovecot service (lda([email protected]): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission de))
May 25 01:14:43 vps001 postfix/qmgr[3345802]: 187DB43A15: removed
May 25 01:14:43 vps001 postfix/smtpd[3579620]: disconnect from unknown[27.112.78.186] ehlo=1 mail=1 rcpt=1 bdat=2 quit=1 commands=6
Header of this email:
Return-Path: <MAILER-DAEMON>
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on vps001
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_ADSP_NXDOMAIN,
FROM_EXCESS_BASE64,GOOG_STO_IMG_HTML,HTML_MESSAGE,MIME_HTML_ONLY,
RCVD_IN_DNSWL_HI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,
URIBL_DBL_BLOCKED_OPENDNS autolearn=unavailable autolearn_force=no
version=4.0.0
Delivered-To: [email protected]
Received: by vps001.digiperimide.co.uk (Postfix, from userid 182)
id 187DB43A15; Sat, 25 May 2024 01:14:43 +0100 (BST)
Received: from netflix.com (unknown [27.112.78.186])
by vps001.digiperimide.co.uk (Postfix) with ESMTP id 4C4AE43A13
for <[email protected]>; Sat, 25 May 2024 01:14:42 +0100 (BST)
Authentication-Results: vps001.digiperimide.co.uk; dmarc=none (p=none dis=none) header.from=ional.co.uk
Date: Sat, 25 May 2024 01:09:39 +0200
From: =?UTF-8?B?U2NyZXdpZng=?= <[email protected]>
Reply-To: =?UTF-8?B?QXNzaXN0ZW56YS5jbGllbnRpLUxpZGw=?= <[email protected]>
To: [email protected]
Message-ID: <INX.O5S99jifjjCTdNibIYki8GNal6JVo8aw.5d0.439.77.1876b25039016@news.ional.co.uk>
Subject: =?UTF-8?B?V2UgaGF2ZSBhIHN1cnByaXNlIGZvciBTY3Jld2ZpeCBjdXN0b21lcnMu?=
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
List-Id: "0" <4.O5S99jifjjCTdNibIYki8GNal6JVo8aw.localhost.sarazil>
List-Unsubscribe: <https://news.ional.co.uk/d?o000bcmq0000vg00l0000pv00000000000w3iiv4xnx253ztfis443hhjqe4>, <mailto:[email protected]?subject=unsubscribesarazil@sarazil.me.uk3Db00000b00000vg0000xi000000000000fw3snrk45>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Feedback-ID: xpro-9985-1488:xpro-9985:MAILING:inxmailde
X-CSA-Complaints: [email protected]
X-Mailer: Inxmail EE 4.8.48.825