LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Rejecting incoming emails when they come from Amazonses service
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-25-2018, 09:47 AM   #1
Mario Lima
LQ Newbie
 
Registered: Mar 2018
Posts: 22

Rep: Reputation: Disabled
Rejecting incoming emails when they come from Amazonses service

Hello,

I have an uncomfortable problem that I need to be solved as soon as possible. I have this:

CENTOS Linux Server
Apache
Postfix
Postgrey
Amavisd
Spamassassin
Fail2ban

On this Server I have several mailboxes of my customers. It is POP and SMTP Server for all those mailboxes.

Many of my customers receive emails sent by enterprises and companies which use the Amazon Simple Email Service (www.amazonses.com), a very known email-marketing service from AMAZON corporation. That's OK, no problem with that.

But there are at least two or three specific senders, who use this service (it looks they are Spammers), whose emails I want and need to reject / discard. I am trying to do this through my /etc/postfix/access file. The problem is:

1) If I try to reject / discard them by their From email address or domain name, their emails are not blocked, they enter normally to our mailboxes:

spammerdomain.com.br REJECT (the domain name is masked)
spammerdomain.com.br DISCARD
badaddress@spammerdomain.com.br REJECT (the email address is masked)
badaddress@spammerdomain.com.br DISCARD

2) If I try to reject / discard them by the Amazonses Domain, so, they are really blocked:

amazonses.com REJECT
amazonses.com DISCARD

But, I don't want to block all Amazonses users, it is a serious service. I want to reject / discard just these two or three Spammers.

Questions:

Why this happens?
How can I accomplish it?

See below the Header records of one of these Spammers emails.

Thanks a lot in advance for any help.

Mario Lima./
_________________________________________________________


HEADERS RECORDS:

Return-Path: <0103545670712110-10f5g1b2-6a2c-4b73-9a44-14436946a66d-000000@us-west-2.amazonses.com>
X-Original-To: multisites@srv8.multisitesdominios.com.br
Delivered-To: multisites@srv8.multisitesdominios.com.br
Received: from localhost (localhost [127.0.0.1])
by srv8.multisitesdominios.com.br (Postfix) with ESMTP id E02AC2240989
for <multisites@srv8.multisitesdominios.com.br>; Thu, 6 Sep 2018 16:52:16 -0300 (-03)
X-Virus-Scanned: amavisd-new at multisitesdominios.com.br
Authentication-Results: srv8.multisitesdominios.com.br (amavisd-new);
dkim=fail (1024-bit key) reason="fail (message has been altered)"
header.d=spammerdomain.com.br header.b=KvN6YosZ;
dkim=fail (1024-bit key) reason="fail (message has been altered)"
header.d=amazonses.com header.b=hhjTuzKR
Received: from srv8.multisitesdominios.com.br ([127.0.0.1])
by localhost (srv8.multisitesdominios.com.br [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ja0LXtz_VOn3
for <multisites@srv8.multisitesdominios.com.br>;
Thu, 6 Sep 2018 16:52:16 -0300 (-03)
Received: from srv4.multisitesdominios.com.br (srv4.multisitesdominios.com.br [66.226.76.119])
by srv8.multisitesdominios.com.br (Postfix) with ESMTP id 3476C2240982
for <info@multisites.com.br>; Thu, 6 Sep 2018 16:52:16 -0300 (-03)
Received: from localhost (66-226-76-119.phx.dedicated.codero.com [127.0.0.1])
by srv4.multisitesdominios.com.br (Postfix) with ESMTP id 2FD9F1E110E
for <info@multisites.com.br>; Thu, 6 Sep 2018 16:46:24 -0300 (BRT)
Received: from srv4.multisitesdominios.com.br ([127.0.0.1])
by localhost (srv4.multisitesdominios.com.br [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id VV3rcOrCRW0P for <info@multisites.com.br>;
Thu, 6 Sep 2018 16:46:23 -0300 (BRT)
Received: from a27-23.smtp-out.us-west-2.amazonses.com (a27-23.smtp-out.us-west-2.amazonses.com [54.240.27.23])
by srv4.multisitesdominios.com.br (Postfix) with ESMTP id B298E1E1133
for <info@multisites.com.br>; Thu, 6 Sep 2018 16:46:23 -0300 (BRT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
o; d=spammerdomain.com.br;
t=1536263534;
h=Message-IDate:Subject:From:To:MIME-Version:Content-Type:List-Unsubscribe;
bh=YTyx7DGxlvMexh13PSD8UcbvIb16plbXPZTTeZ6974Y=;
b=KvN6YosZ9bfjcmfrjeruJDyiHSTGrfyZ6c2kedkmgfikrtiudfjeHETI8/PfOr1AQkubD/bF
nzNSNU8q5JaIWarO8SJFHFGBRQzAnqcGpBSXingwrlhITRQBSh2NJ5Mhz5qelTC7rK0
feuBJi1NGoUbhsqBQ6fc+N6iKXZ0O8GZMy45l3tw=
Message-ID: <0101016zxc345510-09e5e1a2-6a2c-4b73-9a44-14423456a66d-111111@us-west-2.amazonses.com>
Date: Thu, 6 Sep 2018 19:52:08 +0000
Subject: ABRACADABRAPEDECABRA
From: Domain to be Blocked <badaddress@spammerdomain.com.br>
Reply-To: badaddress@spammerdomain.com.br
To: Multisites Servicos Ltda <info@multisites.com.br>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_v4_1536228239_9f03b8f739eae9baa81fae3377f6fe3d_=_"
List-Unsubscribe: <mailto:news+unsubscribe_5b234b90e3ddbg03468216@spammerdomain.com.br>,
<mailto:news+unsubscribe_5b90fb90e3dbb603334216@spammerdomain.com.br>,
X-SES-Outgoing: 2018.09.06-54.240.27.23
Feedback-ID: 1.us-west-2.isA0hk5qbAxETBLEMujslLN7TOYVRW5EtpUo56LcIds=:AmazonSES
 
Old 10-25-2018, 04:49 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Blog Entries: 1

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Hi,

You could try this.

Another possibility is that you can use the spamassassin "blacklist_from" option to give those senders a 100 points spam score and configure amavisd to delete messages with a 100+ score.

Regards
 
Old 10-30-2018, 12:35 PM   #3
Mario Lima
LQ Newbie
 
Registered: Mar 2018
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thumbs up
Hi, I choose to block through Postfix using header_checks parameters. Anyway, thanks a lot.

Mario./
 
  


Reply

Tags
linux, postfix



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix rejecting incoming mail BeauSanders Linux - General 1 10-12-2012 11:18 PM
send out emails fine but can't receive incoming emails said76 Linux - Server 7 07-05-2012 01:37 AM
Rejecting continuously changing incoming mail in postfix Tarikc Linux - Software 1 04-05-2011 10:09 AM
Proftpd rejecting all incoming connections ? memo007 Linux - Software 3 09-15-2008 08:10 AM
postfix / smtpd is rejecting all incoming emails alitrix Linux - Server 2 06-06-2008 04:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:22 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration