[linux] smtpd restrictions v postfixe
Lubomir Host
rajo na platon.sk
Úterý Květen 10 11:50:31 CEST 2005
On Tue, May 10, 2005 at 11:06:56AM +0200, Peter Gašparovič wrote:
> Ahojte,
>
> chcem odburat cast spamu pomocou smtpd_client/sender_restrictions v
> main.cf postfixu. Ked ale analyzujem spamy, nieje mi jasne, co vlastne
> odmietat. Niektore spamy maju inu adresu v poli From, inu v Reply-To a
> okrem toho mam server, odkial mi to prislo. Na co sa zamerat, ak chcem
> byt objektivny ? Viem, ze adresa From moze byt vymyslena alebo zneuzita
> napr. adresa mojho zakaznika, takze ja by som asi uprednostnil
> obmedzenie toho servera, odkial to prislo, cize
> smtpd_client_restrictions. Rozmyslam dobre ?
Ja mam v /etc/postfix/main.cf napisane toto:
-----------------------------------------------------------%<-----------------------------------------------------------
# rajo: 2004-03-29: blokovanie spamerov
# vid blokovanie spamerov: reject_maps_rbl -- http://www.linuxsecurity.com/feature_stories/feature_story-91-print.html
smtpd_recipient_restrictions =
reject_invalid_hostname,
# Temporary disabled by Nepto [2005-01-12] due to fetchmail problems
# (SMTP error: 504 <localhost>: Helo command rejected: need fully-qualified hostname)
# reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_sender_login_mismatch,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/rules/postmaster,
check_sender_access hash:/etc/postfix/rules/sender_access,
check_client_access hash:/etc/postfix/rules/client_access,
reject_non_fqdn_recipient,
reject_rbl_client relays.ordb.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dnsbl.sorbs.net
permit
# reject_rbl_client sbl.spamhaus.org,
# reject_rbl_client dnsbl.njabl.org,
# reject_rbl_client dynablock.njabl.org,
# reject_maps_rbl
-----------------------------------------------------------%<-----------------------------------------------------------
Cize v priblizne takejto konfiguracii mi to funguje nieco vyse roka.
Nevsimol som si, ze by s tym boli nejake velke problemy. Komentare,
ktore tam mozes vidiet sa vyvinuli nejako casom. Spam, ktory chodi
vacsinou na webmaster na platon.sk sa vacsinou zastavi uz na tych
reject_non_fqdn_*, reject_rbl_client, a pod.
Ty pravdepodobne nebudes potrebovat tieto volby:
reject_sender_login_mismatch
permit_sasl_authenticated
V mojich vlastnych blacklistoch mam niekolko spamerov, ktori este
neboli/nie su v blacklistoch ale masivne mi atackovali mailserver.
Obsah tychto suborov je nasledovny:
----------------------------------------------------------%<----------------------------------------------------------
11:38 root na Idea [/etc/postfix/rules] ##: for i in client_access postmaster sender_access; do echo ---$i; cat $i; done
---client_access
# check_client_access type:table Search the specified access database for the
# client hostname, parent domains, client IP address, or networks obtained by
# stripping least significant octets. See the access(5) manual page for details.
# tuto si daj potrebne povolene IP
#192.168.0.1 OK
# toto bol dost masivny utok na mailserver, preto je to tu
# 167.202.193.2[3456] - Postmaster na abnamro.com DELIVERY FAILURE
167.202.193.23 504 You are spammer or virus, your address is blacklisted !!
167.202.193.24 504 You are spammer or virus, your address is blacklisted !!
167.202.193.25 504 You are spammer or virus, your address is blacklisted !!
167.202.193.26 504 You are spammer or virus, your address is blacklisted !!
# to iste ...
# 66.235.211.96 - From: sales na gatormade.com, http://gatormade.com
66.235.211.96 504 You are spammer or virus, your address is blacklisted !!
# 195.130.132.56 - NOQUEUE: reject: RCPT from adicia.telenet-ops.be[195.130.132.56]:
# 550 <service na platon.sk>: Recipient address rejected: User unknown
# in local recipient table; from=<> to=<service na platon.sk>
# proto=ESMTP helo=<adicia.telenet-ops.be>
# dost velky spam 2005-05-06
195.130.132.56 504 You are spammer or virus, your address is blacklisted !!
---postmaster
# zatial prazdny
---sender_access
# check_sender_access type:table Search the specified access(5) database for the
# MAIL FROM address, domain, parent domains, or localpart@, and execute the
# corresponding action.
# adresy, z ktorych chodi spam a spamassassin to akosi nevie odchytit. Resp. vie, ale naco plytvat
# strojovym vykonom, odstavme to radsej priamo v queue:
ackahn na netapp.com 504 You are spammer or virus, your address is blacklisted !!
mikmach na wp.pl 504 You are spammer or virus, your address is blacklisted !!
george na reilly.org 504 You are spammer or virus, your address is blacklisted !!
eljay na adobe.com 504 You are spammer or virus, your address is blacklisted !!
vinschen na redhat.com 504 You are spammer or virus, your address is blacklisted !!
dany.stamant na sympatico.ca 504 You are spammer or virus, your address is blacklisted !!
ron na ronware.org 504 You are spammer or virus, your address is blacklisted !!
pinard na iro.umontreal.ca 504 You are spammer or virus, your address is blacklisted !!
----------------------------------------------------------%<----------------------------------------------------------
Na serveri mam este nasadeny spamassassin a antivirak clamav, ale zatial
ti mozno postacia tieto volby, kedze ich nastavenie je zlozitejsie.
Po vytvoreni suborov /etc/postfix/rules/* nezabudni spustit 'postmap
/etc/postfix/rules/<subor>'.
Vela zdaru, malo spamu! ;-)
rajo
--
Lubomir Host 'rajo' <rajo AT platon.sk> ICQ #: 257322664
Platon Software Development Group http://platon.sk/
GnuPG key: http://rajo.platon.sk/en/show,gpgkey
Encrypt your plaintext emails with GnuPG/PGP/OpenPGP:
http://platon.sk/cvs/cvs.php/scripts/perl/mail-gnupg/mail-gnupg-encrypt.pl
http://www.gnu.org/philosophy/no-word-attachments.html
Další informace o konferenci linux