LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 11-19-2010, 08:45 AM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 73
Question Block Unwanted Email Recommendations


So I have a company that I've registered my email address with and sadly they wont unsubscribe me. I've tried over and over and they tell me they don't recognize my email address but clearly they're sending me promotional messages daily. I'm running Postfix 2.7.1 on my mail server and would like to know what's the best recommended way to block them? Should I block them by IP or should I block them via domain name? Obviously the domain is easily forged so I am guessing a range or specific IP would be the best, no?

Below are headers:

Code:
Return-Path: <bounce@returnpath.bluehornet.com>
X-Original-To: carlos@iamghost.com
Delivered-To: carlos@iamghost.com
Received: from smtp.burketown.bluehornet.com (smtp.burketown.bluehornet.com [67.216.225.254])
	by mail.iamghost.com (Postfix) with ESMTP id 5CDF81405D7
	for <carlos@iamghost.com>; Thu, 18 Nov 2010 17:39:26 -0500 (EST)
X-MSFBL: Y2FybG9zQGlhbXVuaXguY29tQGJ1cmtldG93bkJpbmRpbmdAbmV3dG9uQmluZGlu
	Z0Bib3VuY2UtdXNlPU09MjUwNDQ0OTU2Nj1lY2hvMj1ERTNDRTZDN0VCQkU4RkQy
	MkE2N0Y0NDc1MzJEMUYyMA==
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
	s=bluehornet-1.bh; d=mailer.chemistry.com;
	h=From:X-Outgoing;
	b=XB079zenpkN7EkeIbHZNEUhoxgE33hSy0GN1+Ww2IqeJN3XdbxSSx9Uz40v5/HCn
	oHJR5hmgchQ0OPgMT+r6IjboHfMJhaV32qxDXXWIJnyJNOPlX7AFbvypR/eoExUR
DKIM-Signature: v=1; a=rsa-sha1; d=mailer.chemistry.com; s=bluehornet-1.bh; c=simple/simple;
	q=dns/txt; i=@mailer.chemistry.com; t=1290119966;
	h=From:Subject:Date:To:Mime-Version:Content-Type;
	bh=Yq4YUDkjwBwEe9Qzfe8Cc7T0DFQ=;
	b=GLIlDMP7Zd1THzZ9WDmxNF5BOZQev2lIVo1LzcbtcHG4M6M2FzcYhDlAndLnP6Ji
	r6vLdcVa4wUKnFDGc1Q9Od/Ia7y9HQTf7vfxP7gtABrdqi/Nk2wLzjHhmwSB3ikU;
DKIM-Signature: v=1; a=rsa-sha1; d=bluehornet.com; s=bluehornet-1.bh; c=simple/simple;
	q=dns/txt; i=@bluehornet.com; t=1290119966;
	h=From:Subject:Date:To:Mime-Version:Content-Type;
	bh=Yq4YUDkjwBwEe9Qzfe8Cc7T0DFQ=;
	b=O890TqwDj8ttlGoTsEV+D0QEi0Xdx2dtotG6cTY0rYdUipReJuzX9rOyqK9UuUjq
	A3EXqGLgH1uKBJb5exiHWXycGC0mt0OAtgxZ6QG2i4+MSpQNG5bbgoA3cpGEhp6u;
Received: from [10.64.22.22] ([10.64.22.22:44409] helo=localhost.localdomain)
	by dc1bhmta02 (envelope-from <bounce-use=M=2504449566=echo2=DE3CE6C7EBBE8FD22A67F447532D1F20@returnpath.bluehornet.com>)
	(ecelerity 3.0.22.35831 r(35835)) with ESMTP
	id 1C/9C-29605-E1BA5EC4; Thu, 18 Nov 2010 14:39:26 -0800
Message-ID: <1C.9C.29605.E1BA5EC4@dc1bhmta02>
Date: Thu, 18 Nov 2010 13:07:30 -0800
From: *******OMITTED*******
Reply-To: donotreply@************
To:  <carlos@iamghost.com>
X-Outgoing: newton
Subject: Carlos - Big Sale This Weekend! 
List-Unsubscribe: <mailto:unsub-2504449566-echo2-DE3CE6C7EBBE8FD22A67F447532D1F20@listunsub.bluehornet.com>
X-PVIQ: 000088-000144-echo20-000000-742673
Mime-Version: 1.0
Content-Type: multipart/alternative;
    boundary="--4ce5959258c69-MultiPart-Mime-Boundary"
As you can see in the headers I see two client IP's but I'm not sure which I should block and also how to do so in Postfix. Can anyone assist me in this issue?
 
Old 11-19-2010, 09:11 AM   #2
module0000
Member
 
Registered: Feb 2010
Location: USA
Distribution: RHEL
Posts: 36

Rep: Reputation: 15
This isn't a postfix solution, but it will block the emails:

iptables -I INPUT -s 67.216.225.254 -p tcp --dport 25 -j REJECT

That will reject any incoming traffic from that IP on port 25. You'll want to put it in your startup scripts to re-add the rule after reboots.
 
1 members found this post helpful.
Old 11-19-2010, 09:13 AM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
Thanks - that was voted as "helpful" but I'm only looking for Postfix specific solutions.
 
Old 11-20-2010, 05:52 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Postfix has a "check_sender_access" feature which can accomplish this. From the postfix.org documentation site:
Quote:
Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action
To implement this create a file for your reject list and add a line with the sender's email (from their header), with the word REJECT following it. Be sure to run postmap against this file to create the hash. Then add check_sender_access hash:/your_file to the smtpd_recipient_restrictions and restart postfix.

Here is a link to some detailed instructions.

You may also see recommendations for performing this action with spamassassin. This can work as you can create a custom black list which will add 100 points to mail from that recipient, causing spamassassin to flag it. The postfix solution is more direct as it will return an error code at the SMTP level. Undoubtedly you want to avoid 'bouncing' the mail which would undoubtedly be futile, but they may get the message (no pun intended) if your smtp returns a hard error code.

One thing I recall that postfix does by default and you may want to look into this is that it will let them complete a decent portion of the mail transaction and then issue the reject error. I read about this is postfix the definitive guide. I think the reason was to prevent them from knowing what you were filtering on to help prevent them from working around it.

One other thing, you may also be able to implement restrictions in the ehlo portion of the transaction. Just something else to look into.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Command for clearing unwanted email from Qmail. Samael Linux - Server 2 10-30-2009 07:33 AM
how to block unwanted websites in redhat squid proxy gautamnarayan Linux - Server 1 02-26-2009 11:41 AM
does suse 10.0 use a hosts file to block unwanted web sites like windows? sirius57 Linux - Newbie 7 10-30-2008 10:26 PM
Filter unwanted Email tomdlam Linux - Security 1 11-10-2001 11:59 AM


All times are GMT -5. The time now is 07:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration