Postfix, how can I reject spam from unknown IP (no DNS)
You're looking for reject_unknown_client_hostname
.
From the documentation:
reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address. This is a stronger restriction than the reject_unknown_reverse_client_hostname feature, which triggers only under condition 1) above. The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name or name->address lookup failed due to a temporary problem.
Sample usage: (as seen on my live mail server)
smtpd_client_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_unknown_client_hostname,
permit
Related videos on Youtube
Jenny D
I am no longer active here. See https://meta.stackexchange.com/a/341433/214153 for an explanation.
Updated on September 18, 2022Comments
-
Jenny D over 1 year
Despite all efforts to filter spam, I'm still getting spam from unknown even after I've set main.cf to not allow it and to check the DNS etc. Even after adding a pcre: to REJECT /.unknown./ some of them still get through and I don't understand why! Here is my log file. The first block is ok, it gets rejected, it's from unknow. The second block is the same, from unknown but it gets through and not rejected. I wish to reject all "connect from unknown" not just some of them. postfix v2.8.4 on Centos. Any ideas what I'm doing wrong? Thanks.
This block gets rejected
Nov 24 12:00:30 sof postfix/smtpd[4632]: connect from unknown[91.99.51.137] Nov 24 12:00:30 sof postfix/smtpd[4632]: connect from unknown[91.99.51.137] Nov 24 12:00:31 sof postfix/smtpd[4632]: NOQUEUE: reject: RCPT from unknown[91.99.51.137]: 450 4.7.1 <91.99.51.137.parsonline.net>: Helo command rejected: Host not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<91.99.51.137.parsonline.net> Nov 24 12:00:31 sof postfix/smtpd[4632]: NOQUEUE: reject: RCPT from unknown[91.99.51.137]: 450 4.7.1 <91.99.51.137.parsonline.net>: Helo command rejected: Host not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<91.99.51.137.parsonline.net> Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted. Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted. Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted. Nov 24 12:00:31 sof postfix/smtpd[4632]: disconnect from unknown[91.99.51.137] Nov 24 12:00:31 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: Message aborted. Nov 24 12:00:31 sof postfix/smtpd[4632]: disconnect from unknown[91.99.51.137]
This block doesn't get rejected
Nov 24 14:16:09 sof postfix/smtpd[8221]: connect from unknown[190.237.252.197] Nov 24 14:16:09 sof postfix/smtpd[8221]: connect from unknown[190.237.252.197] Nov 24 14:16:18 sof postfix/smtpd[8221]: 9467B848368A: client=unknown[190.237.252.197] Nov 24 14:16:18 sof postfix/smtpd[8221]: 9467B848368A: client=unknown[190.237.252.197] Nov 24 14:16:23 sof postfix/cleanup[8428]: 9467B848368A: message-id=<[email protected]> Nov 24 14:16:23 sof postfix/cleanup[8428]: 9467B848368A: message-id=<[email protected]> Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: handlers_stderr: SKIP Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: handlers_stderr: SKIP Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: SKIP during call 'check-quota' handler Nov 24 14:16:25 sof /usr/lib64/plesk-9.0/psa-pc-remote[678]: SKIP during call 'check-quota' handler Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: from=<[email protected]>, size=5285, nrcpt=1 (queue active) Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: from=<[email protected]>, size=5285, nrcpt=1 (queue active) Nov 24 14:16:25 sof postfix-local[8481]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames Nov 24 14:16:25 sof postfix-local[8481]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames Nov 24 14:16:25 sof spamc[8483]: connect(AF_UNIX) to spamd /tmp/spamd_full.sock failed: No such file or directory Nov 24 14:16:25 sof spamc[8483]: connect(AF_UNIX) to spamd /tmp/spamd_full.sock failed: No such file or directory Nov 24 14:16:25 sof postfix-local[8481]: handlers_stderr: PASS Nov 24 14:16:25 sof postfix-local[8481]: handlers_stderr: PASS Nov 24 14:16:25 sof postfix-local[8481]: PASS during call 'spam' handler Nov 24 14:16:25 sof postfix-local[8481]: PASS during call 'spam' handler Nov 24 14:16:25 sof postfix/pipe[8435]: 9467B848368A: to=<[email protected]>, orig_to=<[email protected]>, relay=plesk_virtual, delay=7.9, delays=7.9/0/0/0.02, dsn=2.0.0, status=sent (delivered via plesk_virtual service) Nov 24 14:16:25 sof postfix/pipe[8435]: 9467B848368A: to=<[email protected]>, orig_to=<[email protected]>, relay=plesk_virtual, delay=7.9, delays=7.9/0/0/0.02, dsn=2.0.0, status=sent (delivered via plesk_virtual service) Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: removed Nov 24 14:16:25 sof postfix/qmgr[19747]: 9467B848368A: removed Nov 24 14:16:27 sof postfix/smtpd[8221]: disconnect from unknown[190.237.252.197] Nov 24 14:16:27 sof postfix/smtpd[8221]: disconnect from unknown[190.237.252.197]
Here is part of my
main.cf
filesmtpd_tls_cert_file = /etc/postfix/domain.pem smtpd_tls_key_file = $smtpd_tls_cert_file smtpd_tls_security_level = may smtpd_use_tls = yes smtp_tls_security_level = may smtp_use_tls = no smtpd_timeout = 3600s smtpd_proxy_timeout = 3600s disable_vrfy_command = yes smtpd_helo_required = yes smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access pcre:/etc/postfix/rejected_domains, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, permit smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, permit smtpd_recipient_restrictions = permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_rbl_client regexp:/etc/postfix/postfix_client_blacklist, reject_unauth_destination, reject_unknown_sender_domain, check_client_access hash:/etc/postfix/rbl_whitelist, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, reject_rbl_client bl.spamcop.net, permit
Here is the
postfix_client_blacklist
file/^.*unknown.*$/ REJECT FCrDNS # I tried all kinds of ways found on the Internet.