Re: PostFix: Refuse 'spam' mail ?

[Wouter Slegers <wouter@yourcreativesolutions.nl>]

On Fri, Jun 01, 2001 at 03:22:25PM +0200, Michael Kaaber wrote:
> I run OpenBSD 2.8 and PostFix Snapshot-20001005
> In the main.cf I have setup:
>   maps_rbl_domains = rbl.maps.vix.com, dul.maps.vix.com
> I receive spam from 'hahaha@sexyfun.net' with a virus 'W32/Hybris-B' in the
> Attachment.
> 
> How did I setup PostFix refuse mail from 'sexyfun.net' ?
You did not receive the email from a server in the sexyfun.net domain,
but from an infected system in the eircom.net domain, see the header:
>  Received: from e7d8c1 (p85.as2.kanturk1.eircom.net [159.134.208.85]) 
The RBL-blocking is on the name/address of the system trying to deliver
the mail to you, NOT the FROM: used. Here, the "sexyfun"-virus fakes its
FROM:.
Best way to filter it, is on the headers (as described in a previous
mail), but if you want to filter on FROM, you want something like:

smtpd_client_restrictions =
  permit_mynetworks,	# allow your own systems to send mail
  hash:/etc/postfix/access-client, # lists exceptions on domainnames
                                   # in access(5) format
  check_sender_access hash:/etc/postfix/access-sender,
     # lists access rules based on FROM: (this is the rule you want)
  permit #allow the rest to try to deliver mail

With a /etc/postfix/access-client like:
yesmail.net     550 Your SPAM spewing is not wanted here. Ever.
a-domain-you-trust-absolutely	OK

And a /etc/postfix/access-sender like:
sexyfun.net	REJECT

> I is possible to send a 'refuse' mail back to the user ?
This will cause Postfix to report an error in the mail delivery,
eventually (after the sending system has given up trying to deliver it)
causing it to bounce.

On userlevel, this kind of mailfiltering is easily done with procmail.

With kind regards,
Wouter Slegers
Your Creative Solutions