Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am daily getting the same junk / spam email from this sender and I see two IP's in the headers / logs of my Postfix server.
I searched my Postfix logs for both IP's:
Code:
[root@mail postfix]# cat /var/log/maillog | grep "67.212.170.242"
Jan 22 05:29:30 mail postfix/smtpd[12205]: connect from civismtp.uas.coop[67.212.170.242]
Jan 22 05:29:30 mail postgrey[2245]: action=pass, reason=client AWL, client_name=civismtp.uas.coop, client_address=67.212.170.242, sender=b.148.1296207.0e628e696f0d17ad@mail.wfmc.org, recipient=carlos@iamghost.com
Jan 22 05:29:30 mail postfix/smtpd[12205]: C00DB77A862: client=civismtp.uas.coop[67.212.170.242]
Jan 22 05:29:31 mail postfix/smtpd[12205]: disconnect from civismtp.uas.coop[67.212.170.242]
Jan 22 05:29:33 mail amavis[2351]: (02351-18) Passed CLEAN, [67.212.170.242] [192.220.23.216] <b.148.1296207.0e628e696f0d17ad@mail.wfmc.org> -> <carlos@iamghost.com>, Message-ID: <20100122095052.183D3192C012@civismtp.uas.coop>, mail_id: eY2CHd1Jva+X, Hits: -3.288, size: 22942, queued_as: 8A54C77A8E9, 2530 ms
How do I block / reject all email from this sender? Is there a specific section in Postfix like sender_access or client_access that I can 'reject' all mail from the above sender. What is the difference between IP's on the logs? I show 192.220.23.216 & 67.212.170.242 but can understand what the two separate IP's are for?
I am daily getting the same junk / spam email from this sender and I see two IP's in the headers / logs of my Postfix server.
I searched my Postfix logs for both IP's:
Code:
[root@mail postfix]# cat /var/log/maillog | grep "67.212.170.242"
Jan 22 05:29:30 mail postfix/smtpd[12205]: connect from civismtp.uas.coop[67.212.170.242]
Jan 22 05:29:30 mail postgrey[2245]: action=pass, reason=client AWL, client_name=civismtp.uas.coop, client_address=67.212.170.242, sender=b.148.1296207.0e628e696f0d17ad@mail.wfmc.org, recipient=carlos@iamghost.com
Jan 22 05:29:30 mail postfix/smtpd[12205]: C00DB77A862: client=civismtp.uas.coop[67.212.170.242]
Jan 22 05:29:31 mail postfix/smtpd[12205]: disconnect from civismtp.uas.coop[67.212.170.242]
Jan 22 05:29:33 mail amavis[2351]: (02351-18) Passed CLEAN, [67.212.170.242] [192.220.23.216] <b.148.1296207.0e628e696f0d17ad@mail.wfmc.org> -> <carlos@iamghost.com>, Message-ID: <20100122095052.183D3192C012@civismtp.uas.coop>, mail_id: eY2CHd1Jva+X, Hits: -3.288, size: 22942, queued_as: 8A54C77A8E9, 2530 ms
How do I block / reject all email from this sender? Is there a specific section in Postfix like sender_access or client_access that I can 'reject' all mail from the above sender. What is the difference between IP's on the logs? I show 192.220.23.216 & 67.212.170.242 but can understand what the two separate IP's are for?
Blocking email addresses is not worth the effort of a Google search. Any spammer will simply spoof the address. The spam email I am getting shows its from editor@bpm.com however that address is no where in the message headers. It's coming from an IP and a different domain. I saw that article and feel it's useless and we need to block messages based on actual message header criteria like IP or other attributes.
Blocking email addresses is not worth the effort of a Google search. Any spammer will simply spoof the address. The spam email I am getting shows its from editor@bpm.com however that address is no where in the message headers. It's coming from an IP and a different domain. I saw that article and feel it's useless and we need to block messages based on actual message header criteria like IP or other attributes.
Then figure out your own solution, then. In your first post, you said:
Quote:
How do I block / reject all email from this sender?
Now, apparently, that's 'useless' to you. Make up your mind. The sender doesn't have to be a "user@address.com"...it can be an IP address/range too. Also in that 'useless' article, is a mention of Spamassasin...which blocks messages, based on header criteria, amongst other things.
If it's not worth your time to look up, then it's not worth you asking the question.
Given that Postfix will support header checks with regex and reject based upon them, or you could make use of spamassassin, or other strategies the question has to be, what have you tried so far?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
