LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 12-28-2005, 02:46 AM   #1
sulee
LQ Newbie
 
Registered: Jul 2005
Location: Bangkok
Distribution: Slackware
Posts: 20

Rep: Reputation: 0
where to stop emails like 456_farmer@mydomain.com


Hi,

I,m using postfix with mysql / courier-imap on a slackware 10.1

I receive plenty of mails following a certain pattern (like 456_farmer@mydomain.com, 456_fault@mydomain.com, 456_fungus@mydomain.com, etc.), so it should be possible to filter them out...

For your understanding: they aren't delivered. They are rejected - finally after the recipient failes to be listed.

However, it puts a big load on my mysql-server.

- I don't like Blacklists (RBL) - even though this blocks a lot of it.
- I use greylisting, but also using a mysql table for it...

My idea is to reject/discard those emails before any mysql table is bothered by using REGEXP or PCRE expressions

If I use
smtpd_recipient_restrictions =
check_recipient_access
pcre:/etc/postfix/checks/own_domains

and my own_domains file looks like
/^RCPT TO: .* <([0-9]{2,3})([\._,-]?)([0-9,a-z,A-Z_\-\.]*)[@](mydomain.com)>/ REJECT Go away!

or

/^TO: .* <([0-9]{2,3})([\._,-]?)([0-9,a-z,A-Z_\-\.]*)[@](mydomain.com)>/ REJECT Go away!

nothing happens (I checked various expressions) ... all get caught by the greylisting filter later on.

So, QUESTION is, any ideas how to stop "series" of spam mails _BEFORE_ my database tables are stressed?

Thanks in advance. Help / Suggestions are most welcome.

Last edited by sulee; 12-28-2005 at 02:48 AM.
 
Old 12-28-2005, 05:34 PM   #2
WindowBreaker
Member
 
Registered: Oct 2005
Distribution: Slackware
Posts: 228

Rep: Reputation: 31
Sulee:
I think the problem may be the fact that spammers use cheap or poorly implemented software that don't closely follow the rfc's. For instance, instead of sending:
Code:
RCPT TO: <user@domain.com>
they may send
Code:
RCPT TO: user@domain.com
In your expression, the address will only match if enclosed within angle brackets, <address>, which many spammers don't do.

I would try removing the angle brackets from your RE, and see if it catches it then.
So instead of:
Code:
/^RCPT TO: .* <([0-9]{2,3})([\._,-]?)([0-9,a-z,A-Z_\-\.]*)[@](mydomain.com)>/ REJECT Go away!
Try:
Code:
/^RCPT TO: .*([0-9]{2,3})([\._,-]?)([0-9,a-z,A-Z_\-\.]*)[@](mydomain.com)/ REJECT Go away!
Let me know if this worked.
 
Old 12-29-2005, 09:37 AM   #3
sulee
LQ Newbie
 
Registered: Jul 2005
Location: Bangkok
Distribution: Slackware
Posts: 20

Original Poster
Rep: Reputation: 0
Hi,

/^([0-9]{2,3})([\._,-]?)([0-9A-Z._-]*)[@](mydomain\.com)/ REJECT Go away!

That works!

also in

smtpd_recipient_restrictions =
check_recipient_access
pcre:/etc/postfix/checks/own_domains,

as long as there isn't

permit_mynetworks,
permit_sasl_authenticated,

placed before it ... since that gives a free pass to all *@mydomain.com

Enjoy!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Stop MRTG Emails sti2envy Linux - Networking 2 12-28-2005 02:57 AM
convert html emails to plain text emails andredude Linux - General 6 03-20-2005 01:33 PM
Ping mydomain.com bulzbb Linux - Networking 7 03-16-2004 06:42 AM
POSTFIX - user@host.mydomain.com - why? bryman55 Linux - Software 1 08-17-2003 01:52 PM
mail.mydomain.com does not work saravanan1979 Linux - Networking 8 02-01-2002 11:39 PM


All times are GMT -5. The time now is 10:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration