Block Unwanted Email Recommendations

carlosinfl · 11-19-2010, 07:45 AM

So I have a company that I've registered my email address with and sadly they wont unsubscribe me. I've tried over and over and they tell me they don't recognize my email address but clearly they're sending me promotional messages daily. I'm running Postfix 2.7.1 on my mail server and would like to know what's the best recommended way to block them? Should I block them by IP or should I block them via domain name? Obviously the domain is easily forged so I am guessing a range or specific IP would be the best, no?

Below are headers:

Code:

DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
	s=bluehornet-1.bh; d=mailer.chemistry.com;
	h=From:X-Outgoing;
	b=XB079zenpkN7EkeIbHZNEUhoxgE33hSy0GN1+Ww2IqeJN3XdbxSSx9Uz40v5/HCn
	oHJR5hmgchQ0OPgMT+r6IjboHfMJhaV32qxDXXWIJnyJNOPlX7AFbvypR/eoExUR
Message-ID: <1C.9C.29605.E1BA5EC4@dc1bhmta02>
Date: Thu, 18 Nov 2010 13:07:30 -0800
From: *******OMITTED*******
Reply-To: donotreply@************
To:  <carlos@iamghost.com>
Subject: Carlos - Big Sale This Weekend! 
Mime-Version: 1.0
Content-Type: multipart/alternative;
    boundary="--4ce5959258c69-MultiPart-Mime-Boundary"

As you can see in the headers I see two client IP's but I'm not sure which I should block and also how to do so in Postfix. Can anyone assist me in this issue?

module0000 · 11-19-2010, 08:11 AM

This isn't a postfix solution, but it will block the emails:

iptables -I INPUT -s 67.216.225.254 -p tcp --dport 25 -j REJECT

That will reject any incoming traffic from that IP on port 25. You'll want to put it in your startup scripts to re-add the rule after reboots.

carlosinfl · 11-19-2010, 08:13 AM

Thanks - that was voted as "helpful" but I'm only looking for Postfix specific solutions.

Noway2 · 11-20-2010, 04:52 AM

Postfix has a "check_sender_access" feature which can accomplish this. From the postfix.org documentation site:

Quote:

Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action

To implement this create a file for your reject list and add a line with the sender's email (from their header), with the word REJECT following it. Be sure to run postmap against this file to create the hash. Then add check_sender_access hash:/your_file to the smtpd_recipient_restrictions and restart postfix.

Here is a link to some detailed instructions.

You may also see recommendations for performing this action with spamassassin. This can work as you can create a custom black list which will add 100 points to mail from that recipient, causing spamassassin to flag it. The postfix solution is more direct as it will return an error code at the SMTP level. Undoubtedly you want to avoid 'bouncing' the mail which would undoubtedly be futile, but they may get the message (no pun intended) if your smtp returns a hard error code.

One thing I recall that postfix does by default and you may want to look into this is that it will let them complete a decent portion of the mail transaction and then issue the reject error. I read about this is postfix the definitive guide. I think the reason was to prevent them from knowing what you were filtering on to help prevent them from working around it.

One other thing, you may also be able to implement restrictions in the ehlo portion of the transaction. Just something else to look into.