LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Block Unwanted Email Recommendations (https://www.linuxquestions.org/questions/linux-server-73/block-unwanted-email-recommendations-845305/)

carlosinfl 11-19-2010 07:45 AM
Block Unwanted Email Recommendations
 
So I have a company that I've registered my email address with and sadly they wont unsubscribe me. I've tried over and over and they tell me they don't recognize my email address but clearly they're sending me promotional messages daily. I'm running Postfix 2.7.1 on my mail server and would like to know what's the best recommended way to block them? Should I block them by IP or should I block them via domain name? Obviously the domain is easily forged so I am guessing a range or specific IP would be the best, no?

Below are headers:

Code:
Return-Path: <bounce@returnpath.bluehornet.com>
X-Original-To: carlos@iamghost.com
Delivered-To: carlos@iamghost.com
Received: from smtp.burketown.bluehornet.com (smtp.burketown.bluehornet.com [67.216.225.254])
        by mail.iamghost.com (Postfix) with ESMTP id 5CDF81405D7
        for <carlos@iamghost.com>; Thu, 18 Nov 2010 17:39:26 -0500 (EST)
X-MSFBL: Y2FybG9zQGlhbXVuaXguY29tQGJ1cmtldG93bkJpbmRpbmdAbmV3dG9uQmluZGlu
        Z0Bib3VuY2UtdXNlPU09MjUwNDQ0OTU2Nj1lY2hvMj1ERTNDRTZDN0VCQkU4RkQy
        MkE2N0Y0NDc1MzJEMUYyMA==
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
        s=bluehornet-1.bh; d=mailer.chemistry.com;
        h=From:X-Outgoing;
        b=XB079zenpkN7EkeIbHZNEUhoxgE33hSy0GN1+Ww2IqeJN3XdbxSSx9Uz40v5/HCn
        oHJR5hmgchQ0OPgMT+r6IjboHfMJhaV32qxDXXWIJnyJNOPlX7AFbvypR/eoExUR
DKIM-Signature: v=1; a=rsa-sha1; d=mailer.chemistry.com; s=bluehornet-1.bh; c=simple/simple;
        q=dns/txt; i=@mailer.chemistry.com; t=1290119966;
        h=From:Subject:Date:To:Mime-Version:Content-Type;
        bh=Yq4YUDkjwBwEe9Qzfe8Cc7T0DFQ=;
        b=GLIlDMP7Zd1THzZ9WDmxNF5BOZQev2lIVo1LzcbtcHG4M6M2FzcYhDlAndLnP6Ji
        r6vLdcVa4wUKnFDGc1Q9Od/Ia7y9HQTf7vfxP7gtABrdqi/Nk2wLzjHhmwSB3ikU;
DKIM-Signature: v=1; a=rsa-sha1; d=bluehornet.com; s=bluehornet-1.bh; c=simple/simple;
        q=dns/txt; i=@bluehornet.com; t=1290119966;
        h=From:Subject:Date:To:Mime-Version:Content-Type;
        bh=Yq4YUDkjwBwEe9Qzfe8Cc7T0DFQ=;
        b=O890TqwDj8ttlGoTsEV+D0QEi0Xdx2dtotG6cTY0rYdUipReJuzX9rOyqK9UuUjq
        A3EXqGLgH1uKBJb5exiHWXycGC0mt0OAtgxZ6QG2i4+MSpQNG5bbgoA3cpGEhp6u;
Received: from [10.64.22.22] ([10.64.22.22:44409] helo=localhost.localdomain)
        by dc1bhmta02 (envelope-from <bounce-use=M=2504449566=echo2=DE3CE6C7EBBE8FD22A67F447532D1F20@returnpath.bluehornet.com>)
        (ecelerity 3.0.22.35831 r(35835)) with ESMTP
        id 1C/9C-29605-E1BA5EC4; Thu, 18 Nov 2010 14:39:26 -0800
Message-ID: <1C.9C.29605.E1BA5EC4@dc1bhmta02>
Date: Thu, 18 Nov 2010 13:07:30 -0800
From: *******OMITTED*******
Reply-To: donotreply@************
To:  <carlos@iamghost.com>
X-Outgoing: newton
Subject: Carlos - Big Sale This Weekend!
List-Unsubscribe: <mailto:unsub-2504449566-echo2-DE3CE6C7EBBE8FD22A67F447532D1F20@listunsub.bluehornet.com>
X-PVIQ: 000088-000144-echo20-000000-742673
Mime-Version: 1.0
Content-Type: multipart/alternative;
    boundary="--4ce5959258c69-MultiPart-Mime-Boundary"
As you can see in the headers I see two client IP's but I'm not sure which I should block and also how to do so in Postfix. Can anyone assist me in this issue?

module0000 11-19-2010 08:11 AM
This isn't a postfix solution, but it will block the emails:

iptables -I INPUT -s 67.216.225.254 -p tcp --dport 25 -j REJECT

That will reject any incoming traffic from that IP on port 25. You'll want to put it in your startup scripts to re-add the rule after reboots.

carlosinfl 11-19-2010 08:13 AM
Thanks - that was voted as "helpful" but I'm only looking for Postfix specific solutions.

Noway2 11-20-2010 04:52 AM
Postfix has a "check_sender_access" feature which can accomplish this. From the postfix.org documentation site:
Quote:
Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action
To implement this create a file for your reject list and add a line with the sender's email (from their header), with the word REJECT following it. Be sure to run postmap against this file to create the hash. Then add check_sender_access hash:/your_file to the smtpd_recipient_restrictions and restart postfix.

Here is a link to some detailed instructions.

You may also see recommendations for performing this action with spamassassin. This can work as you can create a custom black list which will add 100 points to mail from that recipient, causing spamassassin to flag it. The postfix solution is more direct as it will return an error code at the SMTP level. Undoubtedly you want to avoid 'bouncing' the mail which would undoubtedly be futile, but they may get the message (no pun intended) if your smtp returns a hard error code.

One thing I recall that postfix does by default and you may want to look into this is that it will let them complete a decent portion of the mail transaction and then issue the reject error. I read about this is postfix the definitive guide. I think the reason was to prevent them from knowing what you were filtering on to help prevent them from working around it.

One other thing, you may also be able to implement restrictions in the ehlo portion of the transaction. Just something else to look into.


All times are GMT -5. The time now is 08:26 PM.