Postfix, como posso rejeitar spam de IP desconhecido (sem DNS)

Navegue suas respostas
6

Apesar de todos os esforços para filtrar spam, eu ainda estou recebendo spam de desconhecido, mesmo depois de ter definido main.cf para não permitir isso e para verificar o DNS etc. Mesmo depois de adicionar um pcre: para REJECT /.unknown. / alguns deles ainda passam e eu não entendo o porquê! Aqui está o meu arquivo de log. O primeiro bloco está ok, é rejeitado, é de desconhecido. O segundo bloco é o mesmo, de desconhecido, mas passa e não é rejeitado. Desejo rejeitar todos os "conectar do desconhecido" não apenas alguns deles. postfix v2.8.4 em Centos. Alguma idéia do que estou fazendo de errado? Obrigado.

Este bloco é rejeitado 

Nov 24 12:00:30 sof postfix/smtpd[4632]: connect from unknown[91.99.51.137]
Nov 24 12:00:30 sof postfix/smtpd[4632]: connect from unknown[91.99.51.137]
Nov 24 12:00:31 sof postfix/smtpd[4632]: NOQUEUE: reject: RCPT from unknown[91.99.51.137]: 450 4.7.1 <91.99.51.137.parsonline.net>: Helo command rejected: Host not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<91.99.51.137.parsonline.net>
Nov 24 12:00:31 sof postfix/smtpd[4632]: NOQUEUE: reject: RCPT from unknown[91.99.51.137]: 450 4.7.1 <91.99.51.137.parsonline.net>: Helo command rejected: Host not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<91.99.51.137.parsonline.net>
Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted.
Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted.
Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted.
Nov 24 12:00:31 sof postfix/smtpd[4632]: disconnect from unknown[91.99.51.137]
Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted.
Nov 24 12:00:31 sof postfix/smtpd[4632]: disconnect from unknown[91.99.51.137]

Este bloco não é rejeitado 

Nov 24 14:16:09 sof postfix/smtpd[8221]: connect from unknown[190.237.252.197]
Nov 24 14:16:09 sof postfix/smtpd[8221]: connect from unknown[190.237.252.197]
Nov 24 14:16:18 sof postfix/smtpd[8221]: 9467B848368A: client=unknown[190.237.252.197]
Nov 24 14:16:18 sof postfix/smtpd[8221]: 9467B848368A: client=unknown[190.237.252.197]
Nov 24 14:16:23 sof postfix/cleanup[8428]: 9467B848368A: message-id=<[email protected]>
Nov 24 14:16:23 sof postfix/cleanup[8428]: 9467B848368A: message-id=<[email protected]>
Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: handlers_stderr: SKIP
Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: handlers_stderr: SKIP
Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: SKIP during call 'check-quota' handler
Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: SKIP during call 'check-quota' handler
Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: from=<[email protected]>, size=5285, nrcpt=1 (queue active)
Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: from=<[email protected]>, size=5285, nrcpt=1 (queue active)
Nov 24 14:16:25 sof postfix-local[8481]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames
Nov 24 14:16:25 sof postfix-local[8481]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames
Nov 24 14:16:25 sof spamc[8483]: connect(AF_UNIX) to spamd /tmp/spamd_full.sock failed: No such file or directory
Nov 24 14:16:25 sof spamc[8483]: connect(AF_UNIX) to spamd /tmp/spamd_full.sock failed: No such file or directory
Nov 24 14:16:25 sof postfix-local[8481]: handlers_stderr: PASS
Nov 24 14:16:25 sof postfix-local[8481]: handlers_stderr: PASS
Nov 24 14:16:25 sof postfix-local[8481]: PASS during call 'spam' handler
Nov 24 14:16:25 sof postfix-local[8481]: PASS during call 'spam' handler
Nov 24 14:16:25 sof postfix/pipe[8435]: 9467B848368A: to=<[email protected]>, orig_to=<[email protected]>, relay=plesk_virtual, delay=7.9, delays=7.9/0/0/0.02, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Nov 24 14:16:25 sof postfix/pipe[8435]: 9467B848368A: to=<[email protected]>, orig_to=<[email protected]>, relay=plesk_virtual, delay=7.9, delays=7.9/0/0/0.02, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: removed
Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: removed
Nov 24 14:16:27 sof postfix/smtpd[8221]: disconnect from unknown[190.237.252.197]
Nov 24 14:16:27 sof postfix/smtpd[8221]: disconnect from unknown[190.237.252.197]

Aqui faz parte do meu arquivo main.cf 

smtpd_tls_cert_file = /etc/postfix/domain.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
smtpd_helo_required = yes

smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access pcre:/etc/postfix/rejected_domains,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unlisted_sender,
        permit

smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        reject_unknown_helo_hostname,
        permit

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        reject_rbl_client regexp:/etc/postfix/postfix_client_blacklist,
        reject_unauth_destination,
        reject_unknown_sender_domain,
        check_client_access hash:/etc/postfix/rbl_whitelist,
        check_client_access pcre:/var/spool/postfix/plesk/no_relay.re,
        reject_rbl_client bl.spamcop.net,
        permit

Aqui está o arquivo postfix_client_blacklist 

/^.*unknown.*$/         REJECT FCrDNS # I tried all kinds of ways found on the Internet.
    
por Alienizer 24.11.2016 / 21:37

1 resposta

13

Você está procurando reject_unknown_client_hostname .

Na documentação :

reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address. This is a stronger restriction than the reject_unknown_reverse_client_hostname feature, which triggers only under condition 1) above. The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name or name->address lookup failed due to a temporary problem.

Uso da amostra: (como visto no meu servidor de e-mail ativo) 

smtpd_client_restrictions =
        permit_mynetworks,
        reject_unauth_pipelining,
        reject_unknown_client_hostname,
        permit
    
por 24.11.2016 / 21:43

Tags

Como eu removo um driver completamente em uma máquina cliente com Windows XP? Como configurar o Gitweb