Re: Spam Attack on Postmaster

Carlos Williams put forth on 2/28/2010 1:55 PM:
> On Tue, Oct 27, 2009 at 8:55 AM, Noel Jones <njones@megan.vbhcs.org> wrote:
>> Or you can have postfix add it to main.cf for you by typing the command: >> >> # postconf -e 'address_verify_sender=$double_bounce_sender'
>
> I added the above parameter
> (address_verify_sender=$double_bounce_sender) in my main.cf to keep
> spammers from sending spam / junk email to my built in Postmaster
> account. I am running a dated version of Postfix 2.3. I added it in my
> main.cf and reloaded Postfix. I see it listed in my 'postconf -n' &
> just this weekend received this email:

<snip>

Carlos, I think it's time you join spam-l and learn all the tricks to fighting spam. http://spam-l.com/mailman/listinfo/spam-l

The host that sent you this "postmaster" spam is infected with a spam bot. The IP address is listed on no less than 7 dnsbls. The IP address is dynamic, with generic rDNS. inetnum: 89.204.36.0 - 89.204.49.255 netname: USI_ADSL_USERS5 descr: Dynamic distribution IP's for broadband services

160.40.204.89.access.ttknet.ru

You could have blocked this spam with any number of methods, the simplest being adding the following to main.cf:

smtpd_recipient_restrictions =

       reject_rbl_client zen.spamhaus.org

If you don't need to receive email from Russia, ever, period, you can use the data at ipdeny.com to build a cidr table and block _ALL_ mail from Russia. You can do this for any country. -- Stan

• This message: [ Message body ]
• Next message: Carlos Williams: "Re: Spam Attack on Postmaster"
• Previous message: Carlos Williams: "Re: Added a Check - Asking for a Review"
• In reply to: Carlos Williams: "Re: Spam Attack on Postmaster"
• Next in thread: Carlos Williams: "Re: Spam Attack on Postmaster"
• Reply: Carlos Williams: "Re: Spam Attack on Postmaster"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]