Discussion:
Blocking top-level domains
Bryan Laurila
2014-07-18 17:47:29 UTC
Permalink
I had an interesting situation creep up on me this week where I thought
that something was happening (or being processed) in
MailScanner/SpamAssassin but apparently it was not.

I have two mail relay scanners running MailScanner & SpamAssassin on
Suse Linux. These boxes scan incoming mail for spam & viruses and then
relay to my MS Exchange server. I had an influx of spam this week
coming in from several top-level domains that we wouldn't normally
receive any valid emails from anyway, like .eu, .in, .asia, .club, etc.


Upon investigating the situation I found that the Trend Micro Scan Mail
service on my Exchange server crashed which lead me to the discovery
that MailScanner & SpamAssassin weren't filtering mail from these
unwanted top level domains as I thought and all that work was being done
by my exchange server.

So, the question of the day is... Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains at
the MailScanner/SpamAssassin servers?

Like all things in IT there are probably multiple ways of doing this so
I am curious as to what others are doing. All thoughts & comments are
welcome.

Thanks!

Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System
1721 South Stephenson Avenue
Iron Mountain, Michigan 49801

"Life begins at the end of your comfort zone!"




Confidentiality Notice:

This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. As required by federal and state laws, you need to hold this information as privileged and confidential.

This message may contain Protected Health Information (PHI). PHI is personal and sensitive information related to a person's health care. It is being emailed to you after appropriate authorization from the patient or under circumstances that do not require patient authorization. You, the recipient, are obligated to maintain it in a safe, secure and confidential manner. Re-disclosure without additional patient consent or as permitted by law is prohibited. Unauthorized re-disclosure or failure to maintain confidentiality could subject you to penalties described in federal and state law.

If you are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying or distribution of this information is Strictly Prohibited. If you have received this communication in error, please notify the sender and destroy all copies of this communication and any attachments.

Dickinson County Healthcare System, 1721 S. Stephenson Ave. Iron Mountain, MI 49801, www.dchs.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140718/97503038/attachment.html
Tracy Greggs
2014-07-18 20:14:49 UTC
Permalink
How about hosts.deny



Tracy





From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Bryan
Laurila
Sent: Friday, July 18, 2014 12:47 PM
To: mailscanner at lists.mailscanner.info
Subject: Blocking top-level domains



I had an interesting situation creep up on me this week where I thought that
something was happening (or being processed) in MailScanner/SpamAssassin but
apparently it was not.

I have two mail relay scanners running MailScanner & SpamAssassin on Suse
Linux. These boxes scan incoming mail for spam & viruses and then relay to
my MS Exchange server. I had an influx of spam this week coming in from
several top-level domains that we wouldn't normally receive any valid emails
from anyway, like .eu, .in, .asia, .club, etc.

Upon investigating the situation I found that the Trend Micro Scan Mail
service on my Exchange server crashed which lead me to the discovery that
MailScanner & SpamAssassin weren't filtering mail from these unwanted top
level domains as I thought and all that work was being done by my exchange
server.

So, the question of the day is. Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains at the
MailScanner/SpamAssassin servers?

Like all things in IT there are probably multiple ways of doing this so I am
curious as to what others are doing. All thoughts & comments are welcome.

Thanks!

Bryan S. Laurila

Senior Network Support Analyst

Dickinson County Healthcare System

1721 South Stephenson Avenue

Iron Mountain, Michigan 49801

"Life begins at the end of your comfort zone!"
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.



Confidentiality Notice:

This e-mail communication and any attachments may contain confidential and
privileged information for the use of the designated recipients named above.
If you are not the intended recipient, you are hereby notified that you have
received this communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is prohibited.
As required by federal and state laws, you need to hold this information as
privileged and confidential.

This message may contain Protected Health Information (PHI). PHI is
personal and sensitive information related to a person's health care. It is
being emailed to you after appropriate authorization from the patient or
under circumstances that do not require patient authorization. You, the
recipient, are obligated to maintain it in a safe, secure and confidential
manner. Re-disclosure without additional patient consent or as permitted by
law is prohibited. Unauthorized re-disclosure or failure to maintain
confidentiality could subject you to penalties described in federal and
state law.

If you are not the intended recipient, or the employee or agent responsible
to deliver it to the intended recipient, you are hereby notified that any
disclosure, copying or distribution of this information is Strictly
Prohibited. If you have received this communication in error, please notify
the sender and destroy all copies of this communication and any attachments.


Dickinson County Healthcare System, 1721 S. Stephenson Ave. Iron Mountain,
MI 49801, www.dchs.org
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140718/f44997fb/attachment.html
Kevin Miller
2014-07-18 21:26:59 UTC
Permalink
I'd put them in the sendmail access file.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Bryan Laurila
Sent: Friday, July 18, 2014 9:47 AM
To: mailscanner at lists.mailscanner.info
Subject: Blocking top-level domains


I had an interesting situation creep up on me this week where I thought that something was happening (or being processed) in MailScanner/SpamAssassin but apparently it was not.

I have two mail relay scanners running MailScanner & SpamAssassin on Suse Linux. These boxes scan incoming mail for spam & viruses and then relay to my MS Exchange server. I had an influx of spam this week coming in from several top-level domains that we wouldn't normally receive any valid emails from anyway, like .eu, .in, .asia, .club, etc.

Upon investigating the situation I found that the Trend Micro Scan Mail service on my Exchange server crashed which lead me to the discovery that MailScanner & SpamAssassin weren't filtering mail from these unwanted top level domains as I thought and all that work was being done by my exchange server.

So, the question of the day is... Where is the best place to turn on filtering or set a rule somehow to filter unwanted top-level domains at the MailScanner/SpamAssassin servers?

Like all things in IT there are probably multiple ways of doing this so I am curious as to what others are doing. All thoughts & comments are welcome.

Thanks!

Bryan S. Laurila

Senior Network Support Analyst

Dickinson County Healthcare System

1721 South Stephenson Avenue

Iron Mountain, Michigan 49801

"Life begins at the end of your comfort zone!"

Confidentiality Notice:

This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. As required by federal and state laws, you need to hold this information as privileged and confidential.

This message may contain Protected Health Information (PHI). PHI is personal and sensitive information related to a person's health care. It is being emailed to you after appropriate authorization from the patient or under circumstances that do not require patient authorization. You, the recipient, are obligated to maintain it in a safe, secure and confidential manner. Re-disclosure without additional patient consent or as permitted by law is prohibited. Unauthorized re-disclosure or failure to maintain confidentiality could subject you to penalties described in federal and state law.

If you are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying or distribution of this information is Strictly Prohibited. If you have received this communication in error, please notify the sender and destroy all copies of this communication and any attachments.

Dickinson County Healthcare System, 1721 S. Stephenson Ave. Iron Mountain, MI 49801, www.dchs.org<http://www.dchs.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140718/1bebf54b/attachment.html
Rick Cooper
2014-07-18 22:01:18 UTC
Permalink
I agree with Tracy and Kevin. I block those tlds that I don't ever need to
connect at exim level, what is the point of recieving the mail, sending it
to MailScanner and then discarding it after all that work?

_____

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Bryan
Laurila
Sent: Friday, July 18, 2014 1:47 PM
To: mailscanner at lists.mailscanner.info
Subject: Blocking top-level domains



I had an interesting situation creep up on me this week where I thought that
something was happening (or being processed) in MailScanner/SpamAssassin but
apparently it was not.

I have two mail relay scanners running MailScanner & SpamAssassin on Suse
Linux. These boxes scan incoming mail for spam & viruses and then relay to
my MS Exchange server. I had an influx of spam this week coming in from
several top-level domains that we wouldn't normally receive any valid emails
from anyway, like .eu, .in, .asia, .club, etc.

Upon investigating the situation I found that the Trend Micro Scan Mail
service on my Exchange server crashed which lead me to the discovery that
MailScanner & SpamAssassin weren't filtering mail from these unwanted top
level domains as I thought and all that work was being done by my exchange
server.

So, the question of the day is. Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains at the
MailScanner/SpamAssassin servers?

Like all things in IT there are probably multiple ways of doing this so I am
curious as to what others are doing. All thoughts & comments are welcome.

Thanks!

Bryan S. Laurila

Senior Network Support Analyst

Dickinson County Healthcare System

1721 South Stephenson Avenue

Iron Mountain, Michigan 49801

"Life begins at the end of your comfort zone!"


Confidentiality Notice:

This e-mail communication and any attachments may contain confidential and
privileged information for the use of the designated recipients named above.
If you are not the intended recipient, you are hereby notified that you have
received this communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is prohibited.
As required by federal and state laws, you need to hold this information as
privileged and confidential.

This message may contain Protected Health Information (PHI). PHI is
personal and sensitive information related to a person's health care. It is
being emailed to you after appropriate authorization from the patient or
under circumstances that do not require patient authorization. You, the
recipient, are obligated to maintain it in a safe, secure and confidential
manner. Re-disclosure without additional patient consent or as permitted by
law is prohibited. Unauthorized re-disclosure or failure to maintain
confidentiality could subject you to penalties described in federal and
state law.

If you are not the intended recipient, or the employee or agent responsible
to deliver it to the intended recipient, you are hereby notified that any
disclosure, copying or distribution of this information is Strictly
Prohibited. If you have received this communication in error, please notify
the sender and destroy all copies of this communication and any attachments.


Dickinson County Healthcare System, 1721 S. Stephenson Ave. Iron Mountain,
MI 49801, www.dchs.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140718/ee667e5a/attachment.html
Tracy Greggs
2014-07-18 23:03:14 UTC
Permalink
Personally, I use iptables with xtables-addons to block countries that I
have no legit email from ever as well.



I know a lot of people disagree with that but it works great for me.



I also use hosts.deny and rbldnsd



Rbldnsd comes in particularly handy to stop netblocks from hosting providers
that are super spam friendly and never respond to abuse complaints.



Between all of that I can keep things running 90% clean on avg.



Just my 2 cents J



Tracy





From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rick Cooper
Sent: Friday, July 18, 2014 5:01 PM
To: 'MailScanner discussion'
Subject: RE: Blocking top-level domains



I agree with Tracy and Kevin. I block those tlds that I don't ever need to
connect at exim level, what is the point of recieving the mail, sending it
to MailScanner and then discarding it after all that work?



_____

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Bryan
Laurila
Sent: Friday, July 18, 2014 1:47 PM
To: mailscanner at lists.mailscanner.info
Subject: Blocking top-level domains

I had an interesting situation creep up on me this week where I thought that
something was happening (or being processed) in MailScanner/SpamAssassin but
apparently it was not.

I have two mail relay scanners running MailScanner & SpamAssassin on Suse
Linux. These boxes scan incoming mail for spam & viruses and then relay to
my MS Exchange server. I had an influx of spam this week coming in from
several top-level domains that we wouldn't normally receive any valid emails
from anyway, like .eu, .in, .asia, .club, etc.

Upon investigating the situation I found that the Trend Micro Scan Mail
service on my Exchange server crashed which lead me to the discovery that
MailScanner & SpamAssassin weren't filtering mail from these unwanted top
level domains as I thought and all that work was being done by my exchange
server.

So, the question of the day is. Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains at the
MailScanner/SpamAssassin servers?

Like all things in IT there are probably multiple ways of doing this so I am
curious as to what others are doing. All thoughts & comments are welcome.

Thanks!

Bryan S. Laurila

Senior Network Support Analyst

Dickinson County Healthcare System

1721 South Stephenson Avenue

Iron Mountain, Michigan 49801

"Life begins at the end of your comfort zone!"


Confidentiality Notice:

This e-mail communication and any attachments may contain confidential and
privileged information for the use of the designated recipients named above.
If you are not the intended recipient, you are hereby notified that you have
received this communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is prohibited.
As required by federal and state laws, you need to hold this information as
privileged and confidential.

This message may contain Protected Health Information (PHI). PHI is
personal and sensitive information related to a person's health care. It is
being emailed to you after appropriate authorization from the patient or
under circumstances that do not require patient authorization. You, the
recipient, are obligated to maintain it in a safe, secure and confidential
manner. Re-disclosure without additional patient consent or as permitted by
law is prohibited. Unauthorized re-disclosure or failure to maintain
confidentiality could subject you to penalties described in federal and
state law.

If you are not the intended recipient, or the employee or agent responsible
to deliver it to the intended recipient, you are hereby notified that any
disclosure, copying or distribution of this information is Strictly
Prohibited. If you have received this communication in error, please notify
the sender and destroy all copies of this communication and any attachments.


Dickinson County Healthcare System, 1721 S. Stephenson Ave. Iron Mountain,
MI 49801, www.dchs.org
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140718/c78ffdce/attachment.html
Mogens Melander
2014-07-19 05:38:16 UTC
Permalink
Hi

I'm doing stuff like that in sendmail's access (/etc/mail/access)
file, with entries like:

cn.ru ERROR:"550 Reject : cn.ru - Spam source"

Works like a charm :)
Post by Bryan Laurila
I had an interesting situation creep up on me this week where I thought
that something was happening (or being processed) in
MailScanner/SpamAssassin but apparently it was not.
I have two mail relay scanners running MailScanner & SpamAssassin on
Suse Linux. These boxes scan incoming mail for spam & viruses and then
relay to my MS Exchange server. I had an influx of spam this week
coming in from several top-level domains that we wouldn't normally
receive any valid emails from anyway, like .eu, .in, .asia, .club, etc.
Upon investigating the situation I found that the Trend Micro Scan Mail
service on my Exchange server crashed which lead me to the discovery
that MailScanner & SpamAssassin weren't filtering mail from these
unwanted top level domains as I thought and all that work was being done
by my exchange server.
So, the question of the day is... Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains at
the MailScanner/SpamAssassin servers?
Like all things in IT there are probably multiple ways of doing this so
I am curious as to what others are doing. All thoughts & comments are
welcome.
Thanks!
Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System
1721 South Stephenson Avenue
Iron Mountain, Michigan 49801
--
Mogens Melander
+66 8701 33224
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Bryan Laurila
2014-07-21 21:47:25 UTC
Permalink
I like this but I forgot to mention in my original post that I am
running postfix. How would I configure something like this using
postfix?

Thanks,
Bryan

Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mogens
Melander
Sent: Saturday, July 19, 2014 12:38 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: Blocking top-level domains

Hi

I'm doing stuff like that in sendmail's access (/etc/mail/access) file,
with entries like:

cn.ru ERROR:"550 Reject : cn.ru - Spam source"

Works like a charm :)
Post by Bryan Laurila
I had an interesting situation creep up on me this week where I
thought that something was happening (or being processed) in
MailScanner/SpamAssassin but apparently it was not.
I have two mail relay scanners running MailScanner & SpamAssassin on
Suse Linux. These boxes scan incoming mail for spam & viruses and
then relay to my MS Exchange server. I had an influx of spam this
week coming in from several top-level domains that we wouldn't
normally receive any valid emails from anyway, like .eu, .in, .asia,
.club, etc.
Post by Bryan Laurila
Upon investigating the situation I found that the Trend Micro Scan
Mail service on my Exchange server crashed which lead me to the
discovery that MailScanner & SpamAssassin weren't filtering mail from
these unwanted top level domains as I thought and all that work was
being done by my exchange server.
So, the question of the day is... Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains
at the MailScanner/SpamAssassin servers?
Like all things in IT there are probably multiple ways of doing this
so I am curious as to what others are doing. All thoughts & comments
are welcome.
Thanks!
Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System
1721 South Stephenson Avenue
Iron Mountain, Michigan 49801
--
Mogens Melander
+66 8701 33224
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!


Confidentiality Notice:

This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. As required by federal and state laws, you need to hold this information as privileged and confidential.

This message may contain Protected Health Information (PHI). PHI is personal and sensitive information related to a person's health care. It is being emailed to you after appropriate authorization from the patient or under circumstances that do not require patient authorization. You, the recipient, are obligated to maintain it in a safe, secure and confidential manner. Re-disclosure without additional patient consent or as permitted by law is prohibited. Unauthorized re-disclosure or failure to maintain confidentiality could subject you to penalties described in federal and state law.

If you are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying or distribution of this information is Strictly Prohibited. If you have received this communication in error, please notify the sender and destroy all copies of this communication and any attachments.

Dickinson County Healthcare System, 1721 S. Stephenson Ave. Iron Mountain, MI 49801, www.dchs.org
Chris Barber
2014-07-22 02:11:39 UTC
Permalink
Ahh, brilliant! We are using postfix instead of sendmail, do you know what the correspoding file in Postfix is for this?

Thanks!
Chris


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mogens Melander
Sent: Saturday, July 19, 2014 1:38 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: Blocking top-level domains

Hi

I'm doing stuff like that in sendmail's access (/etc/mail/access) file, with entries like:

cn.ru ERROR:"550 Reject : cn.ru - Spam source"

Works like a charm :)
Post by Bryan Laurila
I had an interesting situation creep up on me this week where I
thought that something was happening (or being processed) in
MailScanner/SpamAssassin but apparently it was not.
I have two mail relay scanners running MailScanner & SpamAssassin on
Suse Linux. These boxes scan incoming mail for spam & viruses and
then relay to my MS Exchange server. I had an influx of spam this
week coming in from several top-level domains that we wouldn't
normally receive any valid emails from anyway, like .eu, .in, .asia, .club, etc.
Upon investigating the situation I found that the Trend Micro Scan
Mail service on my Exchange server crashed which lead me to the
discovery that MailScanner & SpamAssassin weren't filtering mail from
these unwanted top level domains as I thought and all that work was
being done by my exchange server.
So, the question of the day is... Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains
at the MailScanner/SpamAssassin servers?
Like all things in IT there are probably multiple ways of doing this
so I am curious as to what others are doing. All thoughts & comments
are welcome.
Thanks!
Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System
1721 South Stephenson Avenue
Iron Mountain, Michigan 49801
--
Mogens Melander
+66 8701 33224
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Johan Hendriks
2014-07-22 05:24:53 UTC
Permalink
Ik you use Google and Google for the following you get enough results that
you can use.

postfix block toplevel domain

Regards
Post by Chris Barber
Ahh, brilliant! We are using postfix instead of sendmail, do you know what
the correspoding file in Postfix is for this?
Thanks!
Chris
-----Original Message-----
mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mogens Melander
Sent: Saturday, July 19, 2014 1:38 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: Blocking top-level domains
Hi
cn.ru ERROR:"550 Reject : cn.ru - Spam source"
Works like a charm :)
Post by Bryan Laurila
I had an interesting situation creep up on me this week where I
thought that something was happening (or being processed) in
MailScanner/SpamAssassin but apparently it was not.
I have two mail relay scanners running MailScanner & SpamAssassin on
Suse Linux. These boxes scan incoming mail for spam & viruses and
then relay to my MS Exchange server. I had an influx of spam this
week coming in from several top-level domains that we wouldn't
normally receive any valid emails from anyway, like .eu, .in, .asia,
.club, etc.
Post by Bryan Laurila
Upon investigating the situation I found that the Trend Micro Scan
Mail service on my Exchange server crashed which lead me to the
discovery that MailScanner & SpamAssassin weren't filtering mail from
these unwanted top level domains as I thought and all that work was
being done by my exchange server.
So, the question of the day is... Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains
at the MailScanner/SpamAssassin servers?
Like all things in IT there are probably multiple ways of doing this
so I am curious as to what others are doing. All thoughts & comments
are welcome.
Thanks!
Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System
1721 South Stephenson Avenue
Iron Mountain, Michigan 49801
--
Mogens Melander
+66 8701 33224
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140722/e5a3d304/attachment.html
Mogens Melander
2014-07-22 07:25:15 UTC
Permalink
Sorry, I don't. But google gave me this:

http://www.postfix.org/access.5.html
Post by Chris Barber
Ahh, brilliant! We are using postfix instead of sendmail, do you know what
the correspoding file in Postfix is for this?
Thanks!
Chris
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mogens
Melander
Sent: Saturday, July 19, 2014 1:38 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: Blocking top-level domains
Hi
cn.ru ERROR:"550 Reject : cn.ru - Spam source"
Works like a charm :)
Post by Bryan Laurila
I had an interesting situation creep up on me this week where I
thought that something was happening (or being processed) in
MailScanner/SpamAssassin but apparently it was not.
I have two mail relay scanners running MailScanner & SpamAssassin on
Suse Linux. These boxes scan incoming mail for spam & viruses and
then relay to my MS Exchange server. I had an influx of spam this
week coming in from several top-level domains that we wouldn't
normally receive any valid emails from anyway, like .eu, .in, .asia, .club, etc.
Upon investigating the situation I found that the Trend Micro Scan
Mail service on my Exchange server crashed which lead me to the
discovery that MailScanner & SpamAssassin weren't filtering mail from
these unwanted top level domains as I thought and all that work was
being done by my exchange server.
So, the question of the day is... Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains
at the MailScanner/SpamAssassin servers?
Like all things in IT there are probably multiple ways of doing this
so I am curious as to what others are doing. All thoughts & comments
are welcome.
Thanks!
Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System
1721 South Stephenson Avenue
Iron Mountain, Michigan 49801
--
Mogens Melander
+66 8701 33224
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Peter Lemieux
2014-07-22 20:35:20 UTC
Permalink
In Postfix you need to add these directives to main.cf:


smtpd_client_restrictions = reject_unknown_client_hostname,
check_sender_access pcre:/etc/postfix/sender_access
smtpd_sender_restrictions = reject_unknown_sender_domain,
check_sender_access pcre:/etc/postfix/sender_access

# block sending servers from non-US/CA locations
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access
pcre:/etc/postfix/helo_access


I use Perl-compatible regular expressions to match things I want to
block. Thus I have pcre: prefixes in each entry. Postfix supports
other methods as well including simple string matching.

My /etc/postfix/sender_access file looks like this:


# no mail from outsiders claiming to be us
/\.example\.com$/ REJECT

# no two-letter country-code domains except us/ca
/\.us$/ OK
/\.ca$/ OK
/\.[a-z][a-z]$/ REJECT US senders only

# various blacklists
/\.hostnoc\.net$/ REJECT
/\.pawlitenews\.com/ REJECT


This particular client is a small healthcare provider that does not need
to receive mail from locales outside the US/CA. Blocking foreign
country-code domains cuts down a lot of spam.


Peter
Post by Mogens Melander
http://www.postfix.org/access.5.html
Post by Chris Barber
Ahh, brilliant! We are using postfix instead of sendmail, do you know what
the correspoding file in Postfix is for this?
Thanks!
Chris
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mogens
Melander
Sent: Saturday, July 19, 2014 1:38 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: Blocking top-level domains
Hi
I'm doing stuff like that in sendmail's access (/etc/mail/access) file,
cn.ru ERROR:"550 Reject : cn.ru - Spam source"
Works like a charm :)
Post by Bryan Laurila
I had an interesting situation creep up on me this week where I
thought that something was happening (or being processed) in
MailScanner/SpamAssassin but apparently it was not.
I have two mail relay scanners running MailScanner & SpamAssassin on
Suse Linux. These boxes scan incoming mail for spam & viruses and
then relay to my MS Exchange server. I had an influx of spam this
week coming in from several top-level domains that we wouldn't
normally receive any valid emails from anyway, like .eu, .in, .asia, .club, etc.
Upon investigating the situation I found that the Trend Micro Scan
Mail service on my Exchange server crashed which lead me to the
discovery that MailScanner & SpamAssassin weren't filtering mail from
these unwanted top level domains as I thought and all that work was
being done by my exchange server.
So, the question of the day is... Where is the best place to turn on
filtering or set a rule somehow to filter unwanted top-level domains
at the MailScanner/SpamAssassin servers?
Like all things in IT there are probably multiple ways of doing this
so I am curious as to what others are doing. All thoughts & comments
are welcome.
Thanks!
Bryan S. Laurila
Senior Network Support Analyst
Dickinson County Healthcare System
1721 South Stephenson Avenue
Iron Mountain, Michigan 49801
Loading...